Modified file-access-before-action-c and cpp

Author: ESS-ENN

rules/cpp/security/file-access-before-action-cpp.yml

@@ -8,6 +8,8 @@ note: >-
   [REFERENCES]
       - https://wiki.sei.cmu.edu/confluence/display/c/FIO45-C.+Avoid+TOCTOU+race+conditions+while+accessing+files
 
+ast-grep-essentials: true
+
 utils:
   PATTERN_1(identifier):
     kind: identifier

tests/__snapshots__/file-access-before-action-c-snapshot.yml

@@ -1,5 +1,100 @@
 id: file-access-before-action-c
 snapshots:
+  ? |
+    {
+      const char *original_key = "path/to/file/filename";
+      const char *mirror_key = "path/to/another/file/filename";
+
+      if ((access(original_key, F_OK) == 0) && (access(mirror_key, F_OK) == 0)){
+          copy_file("/bin/cp %s %s", original_key, mirror_key);
+          unlink(original_key);
+      }
+
+      void test_002(){
+        const char *original_key = "path/to/file/filename";
+
+        if (access(original_key, W_OK) == 0){
+            File *fp = fopen(original_key, "wb");
+        }
+      }
+    }
+  : labels:
+    - source: unlink
+      style: primary
+      start: 260
+      end: 266
+    - source: original_key
+      style: secondary
+      start: 267
+      end: 279
+    - source: (original_key)
+      style: secondary
+      start: 266
+      end: 280
+    - source: original_key
+      style: secondary
+      start: 131
+      end: 143
+    - source: F_OK
+      style: secondary
+      start: 145
+      end: 149
+    - source: (original_key, F_OK)
+      style: secondary
+      start: 130
+      end: 150
+    - source: access
+      style: secondary
+      start: 124
+      end: 130
+    - source: access(original_key, F_OK)
+      style: secondary
+      start: 124
+      end: 150
+    - source: ==
+      style: secondary
+      start: 151
+      end: 153
+    - source: '0'
+      style: secondary
+      start: 154
+      end: 155
+    - source: access(original_key, F_OK) == 0
+      style: secondary
+      start: 124
+      end: 155
+    - source: (access(original_key, F_OK) == 0)
+      style: secondary
+      start: 123
+      end: 156
+    - source: (access(original_key, F_OK) == 0) && (access(mirror_key, F_OK) == 0)
+      style: secondary
+      start: 123
+      end: 191
+    - source: ((access(original_key, F_OK) == 0) && (access(mirror_key, F_OK) == 0))
+      style: secondary
+      start: 122
+      end: 192
+    - source: |-
+        if ((access(original_key, F_OK) == 0) && (access(mirror_key, F_OK) == 0)){
+              copy_file("/bin/cp %s %s", original_key, mirror_key);
+              unlink(original_key);
+          }
+      style: secondary
+      start: 119
+      end: 285
+    - source: |-
+        {
+              copy_file("/bin/cp %s %s", original_key, mirror_key);
+              unlink(original_key);
+          }
+      style: secondary
+      start: 192
+      end: 285
+    - source: unlink(original_key)
+      style: secondary
+      start: 260
+      end: 280
   ? |
     {
     const char *original_key = "path/to/file/filename";

tests/__snapshots__/file-access-before-action-cpp-snapshot.yml

@@ -1,5 +1,99 @@
 id: file-access-before-action-cpp
 snapshots:
+  ? |
+    {
+      const char *original_key = "path/to/file/filename";
+      const char *mirror_key = "path/to/another/file/filename";
+
+      if ((access(original_key, F_OK) == 0) && (access(mirror_key, F_OK) == 0)){
+          copy_file("/bin/cp %s %s", original_key, mirror_key);
+          unlink(original_key);
+      }
+
+      void test_002(){
+        const char *original_key = "path/to/file/filename";
+        if (access(original_key, W_OK) == 0){
+            FILe *fp = fopen(original_key, "wb");
+        }
+      }
+    }
+  : labels:
+    - source: unlink
+      style: primary
+      start: 260
+      end: 266
+    - source: original_key
+      style: secondary
+      start: 267
+      end: 279
+    - source: (original_key)
+      style: secondary
+      start: 266
+      end: 280
+    - source: original_key
+      style: secondary
+      start: 131
+      end: 143
+    - source: F_OK
+      style: secondary
+      start: 145
+      end: 149
+    - source: (original_key, F_OK)
+      style: secondary
+      start: 130
+      end: 150
+    - source: access
+      style: secondary
+      start: 124
+      end: 130
+    - source: access(original_key, F_OK)
+      style: secondary
+      start: 124
+      end: 150
+    - source: ==
+      style: secondary
+      start: 151
+      end: 153
+    - source: '0'
+      style: secondary
+      start: 154
+      end: 155
+    - source: access(original_key, F_OK) == 0
+      style: secondary
+      start: 124
+      end: 155
+    - source: (access(original_key, F_OK) == 0)
+      style: secondary
+      start: 123
+      end: 156
+    - source: (access(original_key, F_OK) == 0) && (access(mirror_key, F_OK) == 0)
+      style: secondary
+      start: 123
+      end: 191
+    - source: ((access(original_key, F_OK) == 0) && (access(mirror_key, F_OK) == 0))
+      style: secondary
+      start: 122
+      end: 192
+    - source: |-
+        if ((access(original_key, F_OK) == 0) && (access(mirror_key, F_OK) == 0)){
+              copy_file("/bin/cp %s %s", original_key, mirror_key);
+              unlink(original_key);
+          }
+      style: secondary
+      start: 119
+      end: 285
+    - source: |-
+        {
+              copy_file("/bin/cp %s %s", original_key, mirror_key);
+              unlink(original_key);
+          }
+      style: secondary
+      start: 192
+      end: 285
+    - source: unlink(original_key)
+      style: secondary
+      start: 260
+      end: 280
   ? |
     {
     const char *original_key = "path/to/file/filename";

tests/c/file-access-before-action-c-test.yml

@@ -5,18 +5,19 @@ valid:
 invalid:
   - |
     {
-    const char *original_key = "path/to/file/filename";
-    const char *mirror_key = "path/to/another/file/filename";
+      const char *original_key = "path/to/file/filename";
+      const char *mirror_key = "path/to/another/file/filename";
 
-    if ((access(original_key, F_OK) == 0) && (access(mirror_key, F_OK) == 0)){
-        copy_file("/bin/cp %s %s", original_key, mirror_key);
-        unlink(original_key);
-    }
+      if ((access(original_key, F_OK) == 0) && (access(mirror_key, F_OK) == 0)){
+          copy_file("/bin/cp %s %s", original_key, mirror_key);
+          unlink(original_key);
+      }
 
-    void test_002(){
-      const char *original_key = "path/to/file/filename";
+      void test_002(){
+        const char *original_key = "path/to/file/filename";
 
-      if (access(original_key, W_OK) == 0){
-          File *fp = fopen(original_key, "wb");
+        if (access(original_key, W_OK) == 0){
+            File *fp = fopen(original_key, "wb");
+        }
       }
     }

tests/cpp/file-access-before-action-cpp-test.yml

@@ -5,17 +5,18 @@ valid:
 invalid:
   - |
     {
-    const char *original_key = "path/to/file/filename";
-    const char *mirror_key = "path/to/another/file/filename";
+      const char *original_key = "path/to/file/filename";
+      const char *mirror_key = "path/to/another/file/filename";
 
-    if ((access(original_key, F_OK) == 0) && (access(mirror_key, F_OK) == 0)){
-        copy_file("/bin/cp %s %s", original_key, mirror_key);
-        unlink(original_key);
-    }
+      if ((access(original_key, F_OK) == 0) && (access(mirror_key, F_OK) == 0)){
+          copy_file("/bin/cp %s %s", original_key, mirror_key);
+          unlink(original_key);
+      }
 
-    void test_002(){
-      const char *original_key = "path/to/file/filename";
-      if (access(original_key, W_OK) == 0){
-          FILe *fp = fopen(original_key, "wb");
+      void test_002(){
+        const char *original_key = "path/to/file/filename";
+        if (access(original_key, W_OK) == 0){
+            FILe *fp = fopen(original_key, "wb");
+        }
       }
     }