Add package Banned for C

Author: rvermeulen

.vscode/tasks.json

@@ -163,6 +163,7 @@
             "type": "pickString",
             "options": [
                 "Allocations",
+                "Banned",
                 "BannedFunctions",
                 "BannedSyntax",
                 "BannedTypes",

c/cert/src/rules/ENV33-C/DoNotCallSystem.md

@@ -0,0 +1,23 @@
+/**
+ * @id c/cert/do-not-call-system
+ * @name ENV33-C: Do not call system()
+ * @description Use of the 'system()' function may result in exploitable vulnerabilities.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/cert/id/env33-c
+ *       security
+ *       external/cert/obligtion/rule
+ */
+
+import cpp
+import codingstandards.c.cert
+import semmle.code.cpp.security.CommandExecution
+
+from FunctionCall call, SystemFunction target
+where
+  not isExcluded(call, BannedPackage::doNotCallSystemQuery()) and
+  call.getTarget() = target and
+  // Exclude calls to `system` with a `NULL` pointer, because it is allowed to determine the presence of a command processor.
+  (target.getName() = "system" implies not call.getAnArgument().(Literal).getValue() = "0")
+select call, "Call to banned function $@.", target, target.getName()

c/cert/src/rules/ENV33-C/DoNotCallSystem.ql

@@ -0,0 +1,5 @@
+| test.c:10:3:10:8 | call to system | Call to banned function $@. | test.c:4:5:4:10 | system | system |
+| test.c:12:8:12:12 | call to popen | Call to banned function $@. | test.c:6:7:6:11 | popen | popen |
+| test.c:20:3:20:8 | call to system | Call to banned function $@. | test.c:4:5:4:10 | system | system |
+| test.c:21:3:21:8 | call to system | Call to banned function $@. | test.c:4:5:4:10 | system | system |
+| test.c:22:3:22:7 | call to popen | Call to banned function $@. | test.c:6:7:6:11 | popen | popen |

c/cert/test/rules/ENV33-C/DoNotCallSystem.expected

@@ -0,0 +1 @@
+rules/ENV33-C/DoNotCallSystem.ql

c/cert/test/rules/ENV33-C/DoNotCallSystem.qlref

@@ -0,0 +1 @@
+c/common/test/rules/systemused/SystemUsed.ql

c/cert/test/rules/ENV33-C/DoNotCallSystem.testref

@@ -0,0 +1,23 @@
+typedef struct _FILE FILE;
+#define NULL (void *)0
+
+int system(const char *);
+void abort(void);
+FILE *popen(const char *, const char *);
+
+void f1(const char *p1) {
+  FILE *l1;
+  system(p1); // NON_COMPLIANT
+  abort();
+  l1 = popen("ls *", "r"); // NON_COMPLIANT
+}
+
+void f2() {
+  const int *l1 = NULL;
+
+  system(0);         // COMPLIANT
+  system(NULL);      // COMPLIANT
+  system(l1);        // NON_COMPLIANT
+  system("ls -la");  // NON_COMPLIANT
+  popen(NULL, NULL); // NON_COMPLIANT
+}

c/cert/test/rules/ENV33-C/test.c

@@ -9,10 +9,10 @@ extern "C" {
 
 #include <bits/alltypes.h>
 
-#define va_start(v,l)   __builtin_va_start(v,l)
-#define va_end(v)       __builtin_va_end(v)
-#define va_arg(v,l)     __builtin_va_arg(v,l)
-#define va_copy(d,s)    __builtin_va_copy(d,s)
+#define va_start(v, l) __builtin_va_start(v, l)
+#define va_end(v) __builtin_va_end(v)
+#define va_arg(v, l) __builtin_va_arg(v, l)
+#define va_copy(d, s) __builtin_va_copy(d, s)
 
 #ifdef __cplusplus
 }

c/common/test/includes/standard-library/stdarg.h

@@ -0,0 +1 @@
+| test.c:6:13:6:22 | ... , ... | Use of banned ',' expression. |

c/common/test/rules/commaoperatorused/CommaOperatorUsed.expected

@@ -0,0 +1,2 @@
+// GENERATED FILE - DO NOT MODIFY
+import codingstandards.cpp.rules.commaoperatorused.CommaOperatorUsed

c/common/test/rules/commaoperatorused/CommaOperatorUsed.ql

@@ -0,0 +1,8 @@
+#include <stdlib.h>
+int f1();
+
+void f2() {
+  int l1 = 10;
+  int l2 = (l1++, ++l1); // NON_COMPLIANT
+  f1();                  // COMPLIANT
+}

c/common/test/rules/commaoperatorused/test.c

@@ -0,0 +1,21 @@
+/**
+ * @id c/misra/comma-operator-should-not-be-used
+ * @name RULE-12-3: The comma operator should not be used
+ * @description Use of the comma operator may affect the readability of the code.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity recommendation
+ * @tags external/misra/id/rule-12-3
+ *       readability
+ *       external/misra/obligation/advisory
+ */
+
+import cpp
+import codingstandards.c.misra
+import codingstandards.cpp.rules.commaoperatorused.CommaOperatorUsed
+
+class CommaOperatorShouldNotBeUsedQuery extends CommaOperatorUsedSharedQuery {
+  CommaOperatorShouldNotBeUsedQuery() {
+    this = BannedPackage::commaOperatorShouldNotBeUsedQuery()
+  }
+}

c/misra/src/rules/RULE-12-3/CommaOperatorShouldNotBeUsed.ql

@@ -0,0 +1,29 @@
+/**
+ * @id c/misra/features-of-stdargh-used
+ * @name RULE-17-1: The features of <stdarg.h> shall not be used
+ * @description The use of the features of '<stdarg.h> may result in undefined behaviour.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-17-1
+ *       correctness
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.c.misra
+
+from Locatable use, string name, string kind
+where
+  not isExcluded(use, BannedPackage::featuresOfStdarghUsedQuery()) and
+  (
+    exists(VarArgsExpr va | use = va and name = va.toString() and kind = "built-in operation")
+    or
+    exists(Variable v |
+      v.getType().getName() = "va_list" and
+      name = "va_list" and
+      use = v and
+      kind = "type"
+    )
+  )
+select use, "Use of banned " + kind + " " + name + "."

c/misra/src/rules/RULE-17-1/FeaturesOfStdarghUsed.ql

@@ -0,0 +1,18 @@
+/**
+ * @id c/misra/union-keyword-should-not-be-used
+ * @name RULE-19-2: The union keyword should not be used
+ * @description The use of 'union' may result in undefined behaviour.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity warning
+ * @tags external/misra/id/rule-19-2
+ *       correctness
+ *       external/misra/obligation/advisory
+ */
+
+import cpp
+import codingstandards.c.misra
+
+from Union u
+where not isExcluded(u, BannedPackage::unionKeywordShouldNotBeUsedQuery())
+select u, "Use of banned 'union' keyword."

c/misra/src/rules/RULE-19-2/UnionKeywordShouldNotBeUsed.ql

@@ -0,0 +1,28 @@
+/**
+ * @id c/misra/standard-library-time-and-date-functions-used
+ * @name RULE-21-10: The Standard Library time and date functions shall not be used
+ * @description The use of date and time functions may result in undefined behaviour.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-21-10
+ *       correctness
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.c.misra
+
+from Function f, FunctionCall fc
+where
+  not isExcluded(fc, BannedPackage::standardLibraryTimeAndDateFunctionsUsedQuery()) and
+  (
+    fc.getTarget() = f and
+    (
+      f.getFile().getBaseName() = "time.h"
+      or
+      f.getName() = "wcsftime" and
+      f.getFile().getBaseName() = "wchar.h"
+    )
+  )
+select fc, "Call to banned function $@.", f, f.getName()

c/misra/src/rules/RULE-21-10/StandardLibraryTimeAndDateFunctionsUsed.ql

@@ -0,0 +1,21 @@
+/**
+ * @id c/misra/standard-header-file-tgmathh-used
+ * @name RULE-21-11: The standard header file <tgmath.h> shall not be used
+ * @description The use of the header file '<tgmath.h>' may result in undefined behaviour.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-21-11
+ *       correctness
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.c.misra
+
+from Macro m, MacroInvocation mi
+where
+  not isExcluded(mi, BannedPackage::standardHeaderFileTgmathhUsedQuery()) and
+  mi.getMacro() = m and
+  m.getFile().getBaseName() = "tgmath.h"
+select mi, "Call to banned macro $@.", m, m.getName()

c/misra/src/rules/RULE-21-11/StandardHeaderFileTgmathhUsed.ql

@@ -0,0 +1,53 @@
+/**
+ * @id c/misra/exception-handling-features-of-fenvh-used
+ * @name RULE-21-12: The exception handling features of <fenv.h> should not be used
+ * @description The use of the exception handling features of '<fenv.h>' may result in undefined
+ *              behaviour.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity warning
+ * @tags external/misra/id/rule-21-12
+ *       correctness
+ *       external/misra/obligation/advisory
+ */
+
+import cpp
+import codingstandards.c.misra
+
+class FPExceptionHandlingFunction extends Function {
+  FPExceptionHandlingFunction() {
+    this.hasName([
+        "feclearexcept", "fegetexceptflag", "feraiseexcept", "fesetexceptflag", "fetestexcept"
+      ]) and
+    this.getFile().getBaseName() = "fenv.h"
+  }
+}
+
+class FPExceptionHandlingMacro extends Macro {
+  FPExceptionHandlingMacro() {
+    this.hasName([
+        "FE_INEXACT", "FE_DIVBYZERO", "FE_UNDERFLOW", "FE_OVERFLOW", "FE_INVALID", "FE_ALL_EXCEPT"
+      ]) and
+    this.getFile().getBaseName() = "fenv.h"
+  }
+}
+
+from Locatable call, Locatable def, string name, string kind
+where
+  not isExcluded(call, BannedPackage::exceptionHandlingFeaturesOfFenvhUsedQuery()) and
+  (
+    exists(FPExceptionHandlingFunction f |
+      def = f and
+      call = f.getACallToThisFunction() and
+      name = f.getName() and
+      kind = "function"
+    )
+    or
+    exists(FPExceptionHandlingMacro m |
+      def = m and
+      call = m.getAnInvocation() and
+      name = m.getName() and
+      kind = "macro"
+    )
+  )
+select call, "Call to banned " + kind + " $@.", def, name

c/misra/src/rules/RULE-21-12/ExceptionHandlingFeaturesOfFenvhUsed.ql

@@ -0,0 +1,22 @@
+/**
+ * @id c/misra/system-of-stdlibh-used
+ * @name RULE-21-21: The Standard Library function system of <stdlib.h> shall not be used
+ * @description They use of the 'system()' function from '<stdlib.h> may result in exploitable
+ *              vulnerabilities.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-21-21
+ *       security
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.c.misra
+
+from FunctionCall call, Function target
+where
+  not isExcluded(call, BannedPackage::systemOfStdlibhUsedQuery()) and
+  call.getTarget() = target and
+  target.hasGlobalOrStdName("system")
+select call, "Call to banned function $@.", target, target.getName()

c/misra/src/rules/RULE-21-21/SystemOfStdlibhUsed.ql

@@ -0,0 +1,33 @@
+/**
+ * @id c/misra/memory-alloc-dealloc-functions-of-stdlibh-used
+ * @name RULE-21-3: The memory allocation and deallocation functions of <stdlib.h> shall not be used
+ * @description The use of memory allocation and deallocation in '<stdlib.h>' may result in
+ *              undefined behaviour.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-21-3
+ *       correctness
+ *       security
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.c.misra
+import cpp
+import codingstandards.c.misra
+import semmle.code.cpp.models.interfaces.Allocation
+import semmle.code.cpp.models.interfaces.Deallocation
+
+from Expr e, string type
+where
+  not isExcluded(e, BannedPackage::memoryAllocDeallocFunctionsOfStdlibhUsedQuery()) and
+  (
+    e.(FunctionCall).getTarget().(AllocationFunction).requiresDealloc() and
+    type = "allocation"
+    or
+    e instanceof DeallocationExpr and
+    not e.(FunctionCall).getTarget() instanceof AllocationFunction and
+    type = "deallocation"
+  )
+select e, "Use of banned dynamic memory " + type + "."

c/misra/src/rules/RULE-21-3/MemoryAllocDeallocFunctionsOfStdlibhUsed.ql

@@ -0,0 +1,46 @@
+/**
+ * @id c/misra/standard-header-file-used-setjmph
+ * @name RULE-21-4: The standard header file shall not be used <setjmp.h>
+ * @description The use of features of '<setjmp.h>' may result in undefined behaviour.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-21-4
+ *       correctness
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.c.misra
+
+class SetJmp extends Macro {
+  SetJmp() {
+    this.hasName("setjmp") and
+    this.getFile().getAbsolutePath().matches("%setjmp.h")
+  }
+}
+
+class LongJmp extends Function {
+  LongJmp() {
+    this.hasName("longjmp") and
+    this.getFile().getAbsolutePath().matches("%setjmp.h")
+  }
+}
+
+from Locatable use, Locatable feature, string name
+where
+  not isExcluded(use, BannedPackage::standardHeaderFileUsedSetjmphQuery()) and
+  (
+    exists(SetJmp setjmp |
+      feature = setjmp and
+      use = setjmp.getAnInvocation() and
+      name = "setjmp"
+    )
+    or
+    exists(LongJmp longjmp |
+      feature = longjmp and
+      use = longjmp.getACallToThisFunction() and
+      name = "longjmp"
+    )
+  )
+select use, "Use of $@.", feature, name

c/misra/src/rules/RULE-21-4/StandardHeaderFileUsedSetjmph.ql

@@ -0,0 +1,21 @@
+/**
+ * @id c/misra/standard-header-file-used-signalh
+ * @name RULE-21-5: The standard header file shall not be used <signal.h>
+ * @description The use of features of '<signal.h>' may result in undefined behaviour.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-21-5
+ *       correctness
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.c.misra
+
+from Function f, FunctionCall fc
+where
+  not isExcluded(fc, BannedPackage::standardHeaderFileUsedSignalhQuery()) and
+  fc.getTarget() = f and
+  f.getFile().getBaseName() = "signal.h"
+select fc, "Call to banned function $@.", f, f.getName()