Implement rule SIG34-C

mbaluda · mbaluda · commit e7dec512ec9a · 2023-03-21T12:57:05.000+01:00
diff --git a/c/cert/src/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql b/c/cert/src/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql
@@ -100,7 +100,8 @@ class ApplicationAsyncSafeFunction extends AsyncSafeFunction {
 class AsyncUnsafeRaiseCall extends FunctionCall {
   AsyncUnsafeRaiseCall() {
     this.getTarget().hasGlobalName("raise") and
-    exists(SignalHandler handler | handler = this.getEnclosingFunction() |
+    exists(SignalHandler handler |
+      handler = this.getEnclosingFunction() and
       not handler.getRegistration().getArgument(0).getValue() = this.getArgument(0).getValue() and
       not DataFlow::localFlow(DataFlow::parameterNode(handler.getParameter(0)),
         DataFlow::exprNode(this.getArgument(0)))
diff --git a/c/cert/src/rules/SIG34-C/DoNotCallSignalFromInterruptibleSignalHandlers.ql b/c/cert/src/rules/SIG34-C/DoNotCallSignalFromInterruptibleSignalHandlers.ql
@@ -11,8 +11,11 @@
 
 import cpp
 import codingstandards.c.cert
+import codingstandards.c.Signal
 
-from
+from FunctionCall x
 where
   not isExcluded(x, SignalHandlersPackage::doNotCallSignalFromInterruptibleSignalHandlersQuery()) and
-select
+  x = any(SignalHandler handler).getReassertingCall()
+select x,
+  "Reasserting handler bindings introduces a race condition on nonpersistent platforms and is redundant otherwise."
diff --git a/c/cert/test/rules/SIG34-C/DoNotCallSignalFromInterruptibleSignalHandlers.expected b/c/cert/test/rules/SIG34-C/DoNotCallSignalFromInterruptibleSignalHandlers.expected
@@ -1 +1,2 @@
-No expected results have yet been specified
+| test.c:4:7:4:12 | call to signal | Reasserting handler bindings introduces a race condition on nonpersistent platforms and is redundant otherwise. |
+| test.c:17:7:17:12 | call to signal | Reasserting handler bindings introduces a race condition on nonpersistent platforms and is redundant otherwise. |
diff --git a/c/cert/test/rules/SIG34-C/test.c b/c/cert/test/rules/SIG34-C/test.c
@@ -0,0 +1,27 @@
+#include <signal.h>
+
+void handler1(int signum) {
+  if (signal(signum, handler1) == SIG_ERR) // NON_COMPLIANT
+  {
+    //...
+  }
+}
+
+void f1(void) {
+  if (signal(SIGUSR1, handler1) == SIG_ERR) {
+    // ...
+  }
+}
+
+void handler2(int signum) {
+  if (signal(SIGUSR1, handler2) == SIG_ERR) // NON_COMPLIANT
+  {
+    //...
+  }
+}
+
+void f2(void) {
+  if (signal(SIGUSR1, handler2) == SIG_ERR) {
+    // ...
+  }
+}
diff --git a/c/common/src/codingstandards/c/Signal.qll b/c/common/src/codingstandards/c/Signal.qll
@@ -1,4 +1,5 @@
 import cpp
+import semmle.code.cpp.dataflow.DataFlow
 
 /**
  * A call to function `signal`
@@ -19,6 +20,17 @@ class SignalHandler extends Function {
   }
 
   SignalCall getRegistration() { result = registration }
+
+  FunctionCall getReassertingCall() {
+    result.getTarget().hasGlobalName("signal") and
+    this = result.getEnclosingFunction() and
+    (
+      this.getRegistration().getArgument(0).getValue() = result.getArgument(0).getValue()
+      or
+      DataFlow::localFlow(DataFlow::parameterNode(this.getParameter(0)),
+        DataFlow::exprNode(result.getArgument(0)))
+    )
+  }
 }
 
 /**

Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`		`-No expected results have yet been specified`
	`1`	`+\| test.c:4:7:4:12 \| call to signal \| Reasserting handler bindings introduces a race condition on nonpersistent platforms and is redundant otherwise. \|`
	`2`	`+\| test.c:17:7:17:12 \| call to signal \| Reasserting handler bindings introduces a race condition on nonpersistent platforms and is redundant otherwise. \|`