Skip to content

Commit 1991bb3

Browse files
ESS-ENNESS-ENN
committed
return-c-str-cpp
1 parent 2b3fc12 commit 1991bb3

File tree

2 files changed

+124
-27
lines changed

2 files changed

+124
-27
lines changed

rules/c/security/return-c-str-c.yml

Lines changed: 0 additions & 27 deletions
This file was deleted.

rules/cpp/security/return-c-str-cpp.yml

Lines changed: 124 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,124 @@
1+
id: return-c-str-cpp
2+
language: cpp
3+
severity: warning
4+
message: >-
5+
"`$FUNC` returns a pointer to the memory owned by `$STR`. This pointer
6+
is invalid after `$STR` goes out of scope, which can trigger a use after
7+
free."
8+
note: >-
9+
[CWE-416] Use After Free
10+
[REFERENCES]
11+
- https://wiki.sei.cmu.edu/confluence/display/c/DCL30-C.+Declare+objects+with+appropriate+storage+durations
12+
- https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP54-CPP.+Do+not+access+an+object+outside+of+its+lifetime
13+
14+
ast-grep-essentials: true
15+
16+
rule:
17+
any:
18+
- pattern: return basic_string<$TYPE>($$$).$METHOD();
19+
- pattern: return std::basic_string<$TYPE>($$$).$METHOD();
20+
- pattern: return string($$$).$METHOD();
21+
- pattern: return std::string($$$).$METHOD();
22+
- pattern: return wstring($$$).$METHOD();
23+
- pattern: return std::wstring($$$).$METHOD();
24+
- pattern: return $STR.$METHOD();
25+
any:
26+
- follows:
27+
stopBy: end
28+
all:
29+
- not:
30+
has:
31+
stopBy: end
32+
kind: storage_class_specifier
33+
- any:
34+
- kind: declaration
35+
not:
36+
pattern: $STR_VAL $STR = "$STRG";
37+
- has:
38+
pattern: $STR_VAL
39+
- has:
40+
stopBy: end
41+
pattern: $STR
42+
- inside:
43+
stopBy: end
44+
follows:
45+
stopBy: end
46+
all:
47+
- not:
48+
has:
49+
stopBy: end
50+
kind: storage_class_specifier
51+
- any:
52+
- kind: declaration
53+
not:
54+
pattern: $STR_VAL $STR = "$STRG";
55+
- has:
56+
pattern: $STR_VAL
57+
- has:
58+
pattern: $STR
59+
- inside:
60+
stopBy: end
61+
follows:
62+
stopBy: end
63+
all:
64+
- not:
65+
has:
66+
stopBy: end
67+
kind: storage_class_specifier
68+
- any:
69+
- kind: pointer_declarator
70+
not:
71+
has:
72+
stopBy: end
73+
pattern: $STR_VAL $STR = "$STRG";
74+
has:
75+
kind: function_declarator
76+
all:
77+
- has:
78+
stopBy: end
79+
any:
80+
- kind: qualified_identifier
81+
- kind: type_identifier
82+
regex: ^(basic_string<.*>|std::basic_string<.*>|string|std::string|wstring|std::wstring|string(.*)|std::string(.*)|wstring(.*)|std::wstring(.*)|basic_string<.*>(.*)|std::basic_string<.*>(.*))$
83+
- has:
84+
stopBy: end
85+
pattern: $STR
86+
- follows:
87+
stopBy: end
88+
all:
89+
- not:
90+
has:
91+
stopBy: end
92+
kind: storage_class_specifier
93+
- any:
94+
- kind: pointer_declarator
95+
has:
96+
kind: function_declarator
97+
all:
98+
- not:
99+
has:
100+
stopBy: end
101+
pattern: $STR_VAL $STR = "$STRG";
102+
- has:
103+
stopBy: end
104+
any:
105+
- kind: qualified_identifier
106+
- kind: type_identifier
107+
regex: ^(basic_string<.*>|std::basic_string<.*>|string|std::string|wstring|std::wstring|string(.*)|std::string(.*)|wstring(.*)|std::wstring(.*)|basic_string<.*>(.*)|std::basic_string<.*>(.*))$
108+
- has:
109+
stopBy: end
110+
pattern: $STR
111+
- pattern: return $STR_VAL.$METHOD();
112+
not:
113+
all:
114+
- has:
115+
stopBy: end
116+
kind: ERROR
117+
- inside:
118+
stopBy: end
119+
kind: ERROR
120+
constraints:
121+
METHOD:
122+
regex: ^(c_str|data)$
123+
STR_VAL:
124+
regex: ^(basic_string<.*>|std::basic_string<.*>|string|std::string|wstring|std::wstring|string(.*)|std::string(.*)|wstring(.*)|std::wstring(.*)|basic_string<.*>(.*)|std::basic_string<.*>(.*))$

0 commit comments

Comments
 (0)