Merge pull request #654 from rak3-sh/rp/pre32-c-650

PRE32-C : Does not detect presence of preprocessor directives in function calls correctly
github · Jul 30, 2024 · e03211b · e03211b
2 parents 95f7a1a + cc72321
commit e03211b
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 10 deletions.
diff --git a/c/cert/src/rules/PRE32-C/MacroOrFunctionArgsContainHashToken.ql b/c/cert/src/rules/PRE32-C/MacroOrFunctionArgsContainHashToken.ql
@@ -32,11 +32,38 @@ predicate isFunctionSuccessorLocation(ControlFlowNode node, File f, int endline)
 PreprocessorDirective isLocatedInAFunctionInvocation(FunctionCall c) {
   exists(PreprocessorDirective p, File f, int startCall, int endCall |
     isFunctionInvocationLocation(c, f, startCall, endCall) and
-    exists(int startLine, int endLine | isPreprocDirectiveLine(p, f, startLine, endLine) |
-      startCall < startLine and
-      startCall < endLine and
-      endLine <= endCall and
-      endLine <= endCall
+    exists(Expr arg, int preprocStartLine, int preprocEndLine |
+      c.getAnArgument() = arg and
+      isPreprocDirectiveLine(p, f, preprocStartLine, preprocEndLine) and
+      // function call begins before preprocessor directive
+      startCall < preprocStartLine and
+      (
+        // argument's location is after the preprocessor directive
+        arg.getLocation().getStartLine() > preprocStartLine
+        or
+        // arg's location is before an endif token that is part of a
+        // preprocessor directive defined before the argument.
+        // E.g.
+        // memcpy(dest, src,
+        // #ifdef SOMEMACRO
+        // 12
+        // #else
+        // 24 // 'arg' exists here
+        // #endif // endif after 'arg', but part of a preproc. branch before 'arg'
+        // );
+        p instanceof PreprocessorEndif and
+        // exists a preprocessor branch of which this is the endif
+        // and that preprocessor directive exists before
+        // the argument and after the function call begins.
+        exists(PreprocessorBranchDirective another |
+          another.getEndIf() = p and
+          another.getLocation().getFile() = f and
+          startCall < another.getLocation().getStartLine() and
+          arg.getLocation().getStartLine() > another.getLocation().getStartLine()
+        )
+      ) and
+      // function call ends after preprocessor directive
+      endCall > preprocEndLine
     ) and
     result = p
   )

diff --git a/c/cert/test/rules/PRE32-C/MacroOrFunctionArgsContainHashToken.expected b/c/cert/test/rules/PRE32-C/MacroOrFunctionArgsContainHashToken.expected
@@ -4,5 +4,3 @@
 | test.c:20:1:20:16 | #ifdef SOMEMACRO | Invocation of function memcpy includes a token "#ifdef SOMEMACRO" that could be confused for an argument preprocessor directive. |
 | test.c:22:1:22:5 | #else | Invocation of function memcpy includes a token "#else" that could be confused for an argument preprocessor directive. |
 | test.c:24:1:24:6 | #endif | Invocation of function memcpy includes a token "#endif" that could be confused for an argument preprocessor directive. |
-| test.c:27:1:27:8 | #if TEST | Invocation of function memcpy includes a token "#if TEST" that could be confused for an argument preprocessor directive. |
-| test.c:28:1:28:6 | #endif | Invocation of function memcpy includes a token "#endif" that could be confused for an argument preprocessor directive. |
diff --git a/c/cert/test/rules/PRE32-C/test.c b/c/cert/test/rules/PRE32-C/test.c
@@ -24,6 +24,6 @@ void func(const char *src) {
 #endif // NON_COMPLIANT
   );
 
-#if TEST // COMPLIANT[FALSE_POSITIVE]
-#endif   // COMPLIANT[FALSE_POSITIVE]
-}
+#if TEST // COMPLIANT
+#endif   // COMPLIANT
+}
diff --git a/change_notes/2024-07-30-fix-fp-650-PRE32-C.md b/change_notes/2024-07-30-fix-fp-650-PRE32-C.md
@@ -0,0 +1,2 @@
+- `PRE32-C` - `MacroOrFunctionArgsContainHashToken.ql`:
+  - Fixes #650. Correctly identifies presence of preprocessor directives in function calls.