STR32-C STR38-C:

- removed links to library internals
- documented false positives due to extractor errors

Author: mbaluda

c/cert/src/rules/STR38-C/DoNotConfuseNarrowAndWideFunctions.ql

@@ -63,6 +63,5 @@ where
     c instanceof WideToNarrowCast and actual = "wide" and expected = "narrow"
   )
 select call,
-  "Call to function $@ with a " + actual + " character string $@ where a " + expected +
-    " character string $@ is expected.", call.getTarget(), call.getTarget().getName(), arg,
-  "argument", p, "parameter"
+  "Call to function `" + call.getTarget().getName() + "` with a " + actual +
+    " character string $@ where a " + expected + " character string is expected.", arg, "argument"

c/cert/test/rules/STR32-C/NonNullTerminatedToFunctionThatExpectsAString.expected.qcc

@@ -0,0 +1,15 @@
+| test.c:19:3:19:8 | call to printf | String modified by $@ is passed to function expecting a null-terminated string. | test.c:7:20:7:24 | Co | this expression |
+| test.c:20:3:20:8 | call to printf | String modified by $@ is passed to function expecting a null-terminated string. | test.c:7:20:7:24 | Co | this expression |
+| test.c:22:3:22:8 | call to printf | String modified by $@ is passed to function expecting a null-terminated string. | test.c:13:3:13:9 | call to strncpy | this expression |
+| test.c:23:3:23:8 | call to printf | String modified by $@ is passed to function expecting a null-terminated string. | test.c:13:3:13:9 | call to strncpy | this expression |
+| test.c:24:3:24:8 | call to strlen | String modified by $@ is passed to function expecting a null-terminated string. | test.c:13:3:13:9 | call to strncpy | this expression |
+| test.c:46:3:46:8 | call to printf | String modified by $@ is passed to function expecting a null-terminated string. | test.c:41:3:41:10 | call to snprintf | this expression |
+| test.c:47:3:47:8 | call to printf | String modified by $@ is passed to function expecting a null-terminated string. | test.c:41:3:41:10 | call to snprintf | this expression |
+| test.c:55:3:55:8 | call to printf | String modified by $@ is passed to function expecting a null-terminated string. | test.c:53:3:53:9 | call to strncat | this expression |
+| test.c:56:3:56:8 | call to printf | String modified by $@ is passed to function expecting a null-terminated string. | test.c:53:3:53:9 | call to strncat | this expression |
+| test.c:62:3:62:8 | call to printf | String modified by $@ is passed to function expecting a null-terminated string. | test.c:60:20:60:24 | Co | this expression |
+| test.c:63:3:63:8 | call to printf | String modified by $@ is passed to function expecting a null-terminated string. | test.c:60:20:60:24 | Co | this expression |
+| test.c:75:3:75:8 | call to printf | String modified by $@ is passed to function expecting a null-terminated string. | test.c:72:20:72:24 | Co | this expression |
+| test.c:76:3:76:8 | call to printf | String modified by $@ is passed to function expecting a null-terminated string. | test.c:72:20:72:24 | Co | this expression |
+| test.c:85:3:85:8 | call to printf | String modified by $@ is passed to function expecting a null-terminated string. | test.c:83:3:83:9 | call to strncpy | this expression |
+| test.c:86:3:86:8 | call to printf | String modified by $@ is passed to function expecting a null-terminated string. | test.c:83:3:83:9 | call to strncpy | this expression |

c/cert/test/rules/STR32-C/test.c.qcc

@@ -0,0 +1,87 @@
+#include <stdio.h>
+#include <string.h>
+#include <wchar.h>
+
+void f1() {
+  char a1_nt[7] = "CodeQL"; // is null terminated
+  char a1_nnt[3] = "Cod";   // is NOT null termianted
+
+  char a1[9];
+  char a2[10];
+  char a9[10];
+
+  strncpy(a2, a1, 5);  // not null terminated because n < length(src)
+  strncpy(a9, a1, 10); // is null terminated; n > length(src)
+
+  printf("%s", a1_nt); // COMPLIANT
+  printf(a1_nt);       // COMPLIANT
+
+  printf("%s", a1_nnt); // NON_COMPLIANT
+  printf(a1_nnt);       // NON_COMPLIANT
+
+  printf("%s", a2); // NON_COMPLIANT
+  printf(a2);       // NON_COMPLIANT
+  strlen(a2);       // NON_COMPLIANT
+
+  printf(a9); // COMPLIANT
+  printf(a9); // COMPLIANT
+
+  wchar_t wa1_nt[7] = L"CodeQL"; // is null terminated
+  wchar_t wa1_nnt[3] = L"Cod";   // is NOT null termianted
+  wprintf(wa1_nt);  // COMPLIANT
+  // FALSE_NEGATIVES due to https://github.com/github/codeql/issues/12914
+  wprintf(wa1_nnt); // NON_COMPLIANT[FALSE_NEGATIVE]
+}
+
+void f2() {
+  char a1[10];
+  char a2[10];
+
+  snprintf(a1, 10, "CodeQL %d", 3); // will be null terminated
+  snprintf(a2, 11, "CodeQL %d", 3); // will not be null terminated
+
+  printf("%s", a1); // COMPLIANT
+  printf(a1);       // COMPLIANT
+
+  printf("%s", a2); // NON_COMPLIANT
+  printf(a2);       // NON_COMPLIANT
+}
+
+void f3() {
+  char a1[2];
+
+  strncat(a1, "CodeQL", 5); // will not be null terminated
+
+  printf(a1);       // NON_COMPLIANT
+  printf("%s", a1); // NON_COMPLIANT
+}
+
+void f4() {
+  char a1_nnt[3] = "Cod"; // is NOT null termianted
+
+  printf("%s", a1_nnt); // NON_COMPLIANT
+  printf(a1_nnt);       // NON_COMPLIANT
+
+  a1_nnt[2] = '\0';
+
+  printf("%s", a1_nnt); // COMPLIANT
+  printf(a1_nnt);       // COMPLIANT
+}
+
+f5() {
+  char a1_nnt[3] = "Cod"; // is NOT null termianted
+  char a2[10] = "CodeQL";
+
+  printf("%s", a1_nnt); // NON_COMPLIANT
+  printf(a1_nnt);       // NON_COMPLIANT
+
+  a1_nnt[2] = '\0';
+
+  printf("%s", a1_nnt); // COMPLIANT
+  printf(a1_nnt);       // COMPLIANT
+
+  strncpy(a1_nnt, a2, 1); // not null terminated because n < length(src)
+
+  printf("%s", a1_nnt); // NON_COMPLIANT
+  printf(a1_nnt);       // NON_COMPLIANT
+}

c/cert/test/rules/STR38-C/DoNotConfuseNarrowAndWideFunctions.expected

@@ -1,12 +1,12 @@
-| test.c:15:3:15:9 | call to strncpy | Call to function $@ with a wide character string $@ where a narrow character string $@ is expected. | test.c:6:7:6:13 | strncpy | strncpy | test.c:15:11:15:12 | w2 | argument | test.c:6:15:6:18 | (unnamed parameter 0) | parameter |
-| test.c:15:3:15:9 | call to strncpy | Call to function $@ with a wide character string $@ where a narrow character string $@ is expected. | test.c:6:7:6:13 | strncpy | strncpy | test.c:15:15:15:16 | w1 | argument | test.c:6:33:6:42 | (unnamed parameter 1) | parameter |
-| test.c:16:3:16:9 | call to strncpy | Call to function $@ with a wide character string $@ where a narrow character string $@ is expected. | test.c:6:7:6:13 | strncpy | strncpy | test.c:16:11:16:12 | w2 | argument | test.c:6:15:6:18 | (unnamed parameter 0) | parameter |
-| test.c:26:3:26:9 | call to wcsncpy | Call to function $@ with a narrow character string $@ where a wide character string $@ is expected. | test.c:7:10:7:16 | wcsncpy | wcsncpy | test.c:26:11:26:12 | n2 | argument | test.c:7:18:7:24 | (unnamed parameter 0) | parameter |
-| test.c:26:3:26:9 | call to wcsncpy | Call to function $@ with a narrow character string $@ where a wide character string $@ is expected. | test.c:7:10:7:16 | wcsncpy | wcsncpy | test.c:26:15:26:16 | n1 | argument | test.c:7:45:7:51 | (unnamed parameter 1) | parameter |
-| test.c:27:3:27:9 | call to wcsncpy | Call to function $@ with a narrow character string $@ where a wide character string $@ is expected. | test.c:7:10:7:16 | wcsncpy | wcsncpy | test.c:27:15:27:16 | n1 | argument | test.c:7:45:7:51 | (unnamed parameter 1) | parameter |
-| test.c:32:3:32:9 | call to strncpy | Call to function $@ with a wide character string $@ where a narrow character string $@ is expected. | test.c:6:7:6:13 | strncpy | strncpy | test.c:32:11:32:12 | w2 | argument | test.c:6:15:6:18 | (unnamed parameter 0) | parameter |
-| test.c:32:3:32:9 | call to strncpy | Call to function $@ with a wide character string $@ where a narrow character string $@ is expected. | test.c:6:7:6:13 | strncpy | strncpy | test.c:32:15:32:16 | w1 | argument | test.c:6:33:6:42 | (unnamed parameter 1) | parameter |
-| test.c:33:3:33:9 | call to strncpy | Call to function $@ with a wide character string $@ where a narrow character string $@ is expected. | test.c:6:7:6:13 | strncpy | strncpy | test.c:33:11:33:12 | w2 | argument | test.c:6:15:6:18 | (unnamed parameter 0) | parameter |
-| test.c:36:3:36:9 | call to wcsncpy | Call to function $@ with a narrow character string $@ where a wide character string $@ is expected. | test.c:7:10:7:16 | wcsncpy | wcsncpy | test.c:36:11:36:12 | n2 | argument | test.c:7:18:7:24 | (unnamed parameter 0) | parameter |
-| test.c:36:3:36:9 | call to wcsncpy | Call to function $@ with a narrow character string $@ where a wide character string $@ is expected. | test.c:7:10:7:16 | wcsncpy | wcsncpy | test.c:36:15:36:16 | n1 | argument | test.c:7:45:7:51 | (unnamed parameter 1) | parameter |
-| test.c:37:3:37:9 | call to wcsncpy | Call to function $@ with a narrow character string $@ where a wide character string $@ is expected. | test.c:7:10:7:16 | wcsncpy | wcsncpy | test.c:37:15:37:16 | n1 | argument | test.c:7:45:7:51 | (unnamed parameter 1) | parameter |
+| test.c:11:3:11:9 | call to strncpy | Call to function $@ with a wide character string $@ where a narrow character string parameter is expected. | test.c:11:3:11:9 | call to strncpy | strncpy | test.c:11:11:11:12 | w2 | argument |
+| test.c:11:3:11:9 | call to strncpy | Call to function $@ with a wide character string $@ where a narrow character string parameter is expected. | test.c:11:3:11:9 | call to strncpy | strncpy | test.c:11:15:11:16 | w1 | argument |
+| test.c:12:3:12:9 | call to strncpy | Call to function $@ with a wide character string $@ where a narrow character string parameter is expected. | test.c:12:3:12:9 | call to strncpy | strncpy | test.c:12:11:12:12 | w2 | argument |
+| test.c:22:3:22:9 | call to wcsncpy | Call to function $@ with a narrow character string $@ where a wide character string parameter is expected. | test.c:22:3:22:9 | call to wcsncpy | wcsncpy | test.c:22:11:22:12 | n2 | argument |
+| test.c:22:3:22:9 | call to wcsncpy | Call to function $@ with a narrow character string $@ where a wide character string parameter is expected. | test.c:22:3:22:9 | call to wcsncpy | wcsncpy | test.c:22:15:22:16 | n1 | argument |
+| test.c:23:3:23:9 | call to wcsncpy | Call to function $@ with a narrow character string $@ where a wide character string parameter is expected. | test.c:23:3:23:9 | call to wcsncpy | wcsncpy | test.c:23:15:23:16 | n1 | argument |
+| test.c:28:3:28:9 | call to strncpy | Call to function $@ with a wide character string $@ where a narrow character string parameter is expected. | test.c:28:3:28:9 | call to strncpy | strncpy | test.c:28:11:28:12 | w2 | argument |
+| test.c:28:3:28:9 | call to strncpy | Call to function $@ with a wide character string $@ where a narrow character string parameter is expected. | test.c:28:3:28:9 | call to strncpy | strncpy | test.c:28:15:28:16 | w1 | argument |
+| test.c:29:3:29:9 | call to strncpy | Call to function $@ with a wide character string $@ where a narrow character string parameter is expected. | test.c:29:3:29:9 | call to strncpy | strncpy | test.c:29:11:29:12 | w2 | argument |
+| test.c:32:3:32:9 | call to wcsncpy | Call to function $@ with a narrow character string $@ where a wide character string parameter is expected. | test.c:32:3:32:9 | call to wcsncpy | wcsncpy | test.c:32:11:32:12 | n2 | argument |
+| test.c:32:3:32:9 | call to wcsncpy | Call to function $@ with a narrow character string $@ where a wide character string parameter is expected. | test.c:32:3:32:9 | call to wcsncpy | wcsncpy | test.c:32:15:32:16 | n1 | argument |
+| test.c:33:3:33:9 | call to wcsncpy | Call to function $@ with a narrow character string $@ where a wide character string parameter is expected. | test.c:33:3:33:9 | call to wcsncpy | wcsncpy | test.c:33:15:33:16 | n1 | argument |

c/cert/test/rules/STR38-C/DoNotConfuseNarrowAndWideFunctions.expected.qcc

@@ -0,0 +1,9 @@
+| test.c:22:3:22:9 | call to wcsncpy | Call to function $@ with a narrow character string $@ where a wide character string parameter is expected. | test.c:22:3:22:9 | call to wcsncpy | wcsncpy | test.c:22:11:22:12 | n2 | argument |
+| test.c:22:3:22:9 | call to wcsncpy | Call to function $@ with a narrow character string $@ where a wide character string parameter is expected. | test.c:22:3:22:9 | call to wcsncpy | wcsncpy | test.c:22:15:22:16 | n1 | argument |
+| test.c:23:3:23:9 | call to wcsncpy | Call to function $@ with a narrow character string $@ where a wide character string parameter is expected. | test.c:23:3:23:9 | call to wcsncpy | wcsncpy | test.c:23:15:23:16 | n1 | argument |
+| test.c:28:3:28:9 | call to strncpy | Call to function $@ with a wide character string $@ where a narrow character string parameter is expected. | test.c:28:3:28:9 | call to strncpy | strncpy | test.c:28:11:28:12 | w2 | argument |
+| test.c:28:3:28:9 | call to strncpy | Call to function $@ with a wide character string $@ where a narrow character string parameter is expected. | test.c:28:3:28:9 | call to strncpy | strncpy | test.c:28:15:28:16 | w1 | argument |
+| test.c:29:3:29:9 | call to strncpy | Call to function $@ with a wide character string $@ where a narrow character string parameter is expected. | test.c:29:3:29:9 | call to strncpy | strncpy | test.c:29:11:29:12 | w2 | argument |
+| test.c:32:3:32:9 | call to wcsncpy | Call to function $@ with a narrow character string $@ where a wide character string parameter is expected. | test.c:32:3:32:9 | call to wcsncpy | wcsncpy | test.c:32:11:32:12 | n2 | argument |
+| test.c:32:3:32:9 | call to wcsncpy | Call to function $@ with a narrow character string $@ where a wide character string parameter is expected. | test.c:32:3:32:9 | call to wcsncpy | wcsncpy | test.c:32:15:32:16 | n1 | argument |
+| test.c:33:3:33:9 | call to wcsncpy | Call to function $@ with a narrow character string $@ where a wide character string parameter is expected. | test.c:33:3:33:9 | call to wcsncpy | wcsncpy | test.c:33:15:33:16 | n1 | argument |

c/cert/test/rules/STR38-C/copy.c.qcc

@@ -0,0 +1,35 @@
+#include <stddef.h>
+#include <string.h>
+#include <wchar.h>
+
+void f1() {
+  wchar_t w1[] = L"codeql";
+  wchar_t w2[] = L"codeql";
+  char n1[] = "codeql";
+  char n2[] = "codeql";
+  // FALSE_NEGATIVES due to https://github.com/github/codeql/issues/12914
+  strncpy(w2, w1, 1); // NON_COMPLIANT[FALSE_NEGATIVE] (2x)
+  strncpy(w2, n1, 1); // NON_COMPLIANT[FALSE_NEGATIVE] (1x)
+  strncpy(n2, n1, 1); // COMPLIANT
+}
+
+void f2() {
+  wchar_t w1[] = L"codeql";
+  wchar_t w2[] = L"codeql";
+  char n1[] = "codeql";
+  char n2[] = "codeql";
+
+  wcsncpy(n2, n1, 1); // NON_COMPLIANT (2x)
+  wcsncpy(w2, n1, 1); // NON_COMPLIANT (1x)
+  wcsncpy(w2, w1, 1); // COMPLIANT
+}
+
+void f3(wchar_t *w1, wchar_t *w2, char *n1, char *n2) {
+  strncpy(w2, w1, 1); // NON_COMPLIANT (2x)
+  strncpy(w2, n1, 1); // NON_COMPLIANT (1x)
+  strncpy(n2, n1, 1); // COMPLIANT
+
+  wcsncpy(n2, n1, 1); // NON_COMPLIANT (2x)
+  wcsncpy(w2, n1, 1); // NON_COMPLIANT (1x)
+  wcsncpy(w2, w1, 1); // COMPLIANT
+}

c/cert/test/rules/STR38-C/test.c

@@ -1,10 +1,6 @@
 #include <stddef.h>
-
-// defined in <string.h> and <wchar.h> but we get absolute
-// paths using the current alert so they are defined here.
-// to prevent absolute paths from being generated.
-char *strncpy(char *__restrict, const char *__restrict, size_t);
-wchar_t *wcsncpy(wchar_t *__restrict, const wchar_t *__restrict, size_t);
+#include <string.h>
+#include <wchar.h>
 
 void f1() {
   wchar_t w1[] = L"codeql";

rule_packages/c/Strings1.json

@@ -58,7 +58,10 @@
           "tags": [
             "correctness",
             "security"
-          ]
+          ],
+          "implementation_scope": {
+            "description": "Wide character types are not handled correctly on the `aarch64le` architecture. This can lead to false negative alerts."
+          }
         }
       ],
       "title": "Do not pass a non-null-terminated character sequence to a library function that expects a string"

rule_packages/c/Strings3.json

@@ -35,7 +35,10 @@
           "tags": [
             "correctness",
             "security"
-          ]
+          ],
+          "implementation_scope": {
+            "description": "Wide character types are not handled correctly on the `aarch64le` architecture. This can lead to false negative alerts."
+          }
         }
       ],
       "title": "Do not confuse narrow and wide character strings and functions"