Skip to content

Commit ae5dc84

Browse files
ESS-ENNESS-ENN
committed
return-c-str-cpp
1 parent 2e86380 commit ae5dc84

File tree

4 files changed

+92
-1
lines changed

4 files changed

+92
-1
lines changed

rules/cpp/return-c-str-c.yml

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
id: return-c-str-cpp
2+
language: cpp
3+
severity: warning
4+
message: >-
5+
"`$FUNC` returns a pointer to the memory owned by `$STR`. This pointer
6+
is invalid after `$STR` goes out of scope, which can trigger a use after
7+
free."
8+
note: >-
9+
[CWE-416] Use After Free
10+
[REFERENCES]
11+
- https://wiki.sei.cmu.edu/confluence/display/c/DCL30-C.+Declare+objects+with+appropriate+storage+durations
12+
- https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP54-CPP.+Do+not+access+an+object+outside+of+its+lifetime
13+
14+
rule:
15+
kind: return_statement
16+
any:
17+
- pattern: return basic_string<$TYPE>($$$).$METHOD();
18+
- pattern: return std::basic_string<$TYPE>($$$).$METHOD();
19+
- pattern: return string($$$).$METHOD();
20+
- pattern: return std::string($$$).$METHOD();
21+
- pattern: return wstring($$$).$METHOD();
22+
- pattern: return std::wstring($$$).$METHOD();
23+
24+
constraints:
25+
METHOD:
26+
regex: ^(c_str|data)$
27+

tests/__snapshots__/return-c-str-cpp-snapshot.yml

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
id: return-c-str-cpp
2+
snapshots:
3+
? |
4+
char *return_basic_string_directly() {
5+
return std::basic_string<char>("foo").c_str();
6+
}
7+
: labels:
8+
- source: return std::basic_string<char>("foo").c_str();
9+
style: primary
10+
start: 41
11+
end: 87
12+
? |
13+
char *return_data_directly() {
14+
return std::string("foo").data();
15+
}
16+
: labels:
17+
- source: return std::string("foo").data();
18+
style: primary
19+
start: 33
20+
end: 66
21+
? |
22+
char *return_directly() {
23+
return string("foo").c_str();
24+
}
25+
: labels:
26+
- source: return string("foo").c_str();
27+
style: primary
28+
start: 28
29+
end: 57

tests/__snapshots__/sizeof-this-cpp-snapshot.yml

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,13 @@
11
id: sizeof-this-cpp
2-
snapshots: {}
2+
snapshots:
3+
? |
4+
return sizeof(this);
5+
: labels:
6+
- source: sizeof(this)
7+
style: primary
8+
start: 7
9+
end: 19
10+
- source: this
11+
style: secondary
12+
start: 14
13+
end: 18

tests/cpp/return-c-str-cpp-test.yml

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
id: return-c-str-cpp
2+
valid:
3+
- |
4+
std::string return_directly() {
5+
// ok: return-c-str
6+
return std::string("foo");
7+
}
8+
invalid:
9+
- |
10+
char *return_namespace_directly() {
11+
return std::string("foo").c_str();
12+
}
13+
- |
14+
char *return_directly() {
15+
return string("foo").c_str();
16+
}
17+
- |
18+
char *return_basic_string_directly() {
19+
return std::basic_string<char>("foo").c_str();
20+
}
21+
- |
22+
char *return_data_directly() {
23+
return std::string("foo").data();
24+
}

0 commit comments

Comments
 (0)