CPP: Use StrcpyFunction model in UsingStrcpyAsBoolean.ql.

geoffw0 · geoffw0 · commit 39be9c312512 · 2019-06-26T16:51:48.000+01:00
diff --git a/cpp/ql/src/Likely Bugs/Likely Typos/UsingStrcpyAsBoolean.ql b/cpp/ql/src/Likely Bugs/Likely Typos/UsingStrcpyAsBoolean.ql
@@ -12,20 +12,9 @@
  */
 
 import cpp
+import semmle.code.cpp.models.implementations.Strcpy
 import semmle.code.cpp.dataflow.DataFlow
 
-predicate isStringComparisonFunction(string functionName) {
-  functionName = "strcpy" or
-  functionName = "wcscpy" or
-  functionName = "_mbscpy" or
-  functionName = "strncpy" or
-  functionName = "_strncpy_l" or
-  functionName = "wcsncpy" or
-  functionName = "_wcsncpy_l" or
-  functionName = "_mbsncpy" or
-  functionName = "_mbsncpy_l"
-}
-
 predicate isBoolean(Expr e1) {
   exists(Type t1 |
     t1 = e1.getType() and
@@ -36,12 +25,12 @@ predicate isBoolean(Expr e1) {
 predicate isStringCopyCastedAsBoolean(FunctionCall func, Expr expr1, string msg) {
   DataFlow::localFlow(DataFlow::exprNode(func), DataFlow::exprNode(expr1)) and
   isBoolean(expr1.getConversion*()) and
-  isStringComparisonFunction(func.getTarget().getName()) and
+  func.getTarget() instanceof StrcpyFunction and
   msg = "Return value of " + func.getTarget().getName() + " used as a Boolean."
 }
 
 predicate isStringCopyUsedInLogicalOperationOrCondition(FunctionCall func, Expr expr1, string msg) {
-  isStringComparisonFunction(func.getTarget().getName()) and
+  func.getTarget() instanceof StrcpyFunction and
   (
     (
       // it is being used in an equality or logical operation
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Likely Typos/UsingStrcpyAsBoolean/UsingStrcpyAsBoolean.expected b/cpp/ql/test/query-tests/Likely Bugs/Likely Typos/UsingStrcpyAsBoolean/UsingStrcpyAsBoolean.expected
@@ -19,9 +19,6 @@
 | test.cpp:103:9:103:15 | call to strncpy | Return value of strncpy used directly in a conditional expression. |
 | test.cpp:107:9:107:15 | call to wcsncpy | Return value of wcsncpy used directly in a conditional expression. |
 | test.cpp:111:9:111:16 | call to _mbsncpy | Return value of _mbsncpy used directly in a conditional expression. |
-| test.cpp:115:9:115:18 | call to _strncpy_l | Return value of _strncpy_l used directly in a conditional expression. |
-| test.cpp:119:9:119:18 | call to _wcsncpy_l | Return value of _wcsncpy_l used directly in a conditional expression. |
-| test.cpp:123:9:123:18 | call to _mbsncpy_l | Return value of _mbsncpy_l used directly in a conditional expression. |
 | test.cpp:127:9:127:37 | ! ... | Return value of strncpy used in a logical operation. |
 | test.cpp:131:14:131:20 | call to strncpy | Return value of strncpy used as a Boolean. |
 | test.cpp:133:19:133:47 | ! ... | Return value of strncpy used in a logical operation. |
