Detect misusage of C-style strings and related standard functions. More...
#include <checkstring.h>
Public Member Functions | |
| CheckString () | |
| This constructor is used when registering the CheckClass. More... | |
 Public Member Functions inherited from Check | |
| Check (const std::string &aname) | |
| This constructor is used when registering the CheckClass. More... | |
| virtual | ~Check () |
| Check (const Check &)=delete | |
| Check & | operator= (const Check &)=delete |
| const std::string & | name () const |
| class name, used to generate documentation More... | |
| virtual FileInfo * | getFileInfo (const Tokenizer &, const Settings &) const |
| virtual FileInfo * | loadFileInfoFromXml (const tinyxml2::XMLElement *xmlElement) const |
| virtual bool | analyseWholeProgram (const CTU::FileInfo *ctu, const std::list< FileInfo * > &fileInfo, const Settings &, ErrorLogger &) |
Private Member Functions | |
| CheckString (const Tokenizer *tokenizer, const Settings *settings, ErrorLogger *errorLogger) | |
| This constructor is used when running checks. More... | |
| void | runChecks (const Tokenizer &tokenizer, ErrorLogger *errorLogger) override |
| Run checks against the normal token list. More... | |
| void | stringLiteralWrite () |
| undefined behaviour, writing string literal More... | |
| void | strPlusChar () |
| str plus char (unusual pointer arithmetic) More... | |
| void | checkIncorrectStringCompare () |
| Check for using bad usage of strncmp and substr More... | |
| void | checkSuspiciousStringCompare () |
| Check for comparison of a string literal with a char* variable More... | |
| void | checkAlwaysTrueOrFalseStringCompare () |
| Check for suspicious code that compares string literals for equality More... | |
| void | overlappingStrcmp () |
| Check for overlapping strcmp() More... | |
| void | sprintfOverlappingData () |
| Check for overlapping source and destination passed to sprintf() More... | |
| void | stringLiteralWriteError (const Token *tok, const Token *strValue) |
| void | sprintfOverlappingDataError (const Token *funcTok, const Token *tok, const std::string &varname) |
| void | strPlusCharError (const Token *tok) |
| void | incorrectStringCompareError (const Token *tok, const std::string &func, const std::string &string) |
| void | incorrectStringBooleanError (const Token *tok, const std::string &string) |
| void | alwaysTrueFalseStringCompareError (const Token *tok, const std::string &str1, const std::string &str2) |
| void | alwaysTrueStringVariableCompareError (const Token *tok, const std::string &str1, const std::string &str2) |
| void | suspiciousStringCompareError (const Token *tok, const std::string &var, bool isLong) |
| void | suspiciousStringCompareError_char (const Token *tok, const std::string &var) |
| void | overlappingStrcmpError (const Token *eq0, const Token *ne0) |
| void | getErrorMessages (ErrorLogger *errorLogger, const Settings *settings) const override |
| get error messages More... | |
| std::string | classInfo () const override |
| get information about this class, used to generate documentation More... | |
Static Private Member Functions | |
| static std::string | myName () |
Additional Inherited Members | |
| Static Public Member Functions inherited from Check | |
| static std::list< Check * > & | instances () |
| List of registered check classes. More... | |
| static void | writeToErrorList (const ErrorMessage &errmsg) |
| Write given error to stdout in xml format. More... | |
| Protected Member Functions inherited from Check | |
| Check (std::string aname, const Tokenizer *tokenizer, const Settings *settings, ErrorLogger *errorLogger) | |
| This constructor is used when running checks. More... | |
| void | reportError (const Token *tok, const Severity severity, const std::string &id, const std::string &msg) |
| report an error More... | |
| void | reportError (const Token *tok, const Severity severity, const std::string &id, const std::string &msg, const CWE &cwe, Certainty certainty) |
| report an error More... | |
| void | reportError (const std::list< const Token * > &callstack, Severity severity, const std::string &id, const std::string &msg) |
| report an error More... | |
| void | reportError (const std::list< const Token * > &callstack, Severity severity, const std::string &id, const std::string &msg, const CWE &cwe, Certainty certainty) |
| report an error More... | |
| void | reportError (const ErrorPath &errorPath, Severity severity, const char id[], const std::string &msg, const CWE &cwe, Certainty certainty) |
| void | logChecker (const char id[]) |
| log checker More... | |
| ErrorPath | getErrorPath (const Token *errtok, const ValueFlow::Value *value, std::string bug) const |
| bool | wrongData (const Token *tok, const char *str) |
| Use WRONG_DATA in checkers when you check for wrong data. More... | |
| Static Protected Member Functions inherited from Check | |
| static std::string | getMessageId (const ValueFlow::Value &value, const char id[]) |
| Protected Attributes inherited from Check | |
| const Tokenizer *const | mTokenizer {} |
| const Settings *const | mSettings {} |
| ErrorLogger *const | mErrorLogger {} |
Detailed Description
Detect misusage of C-style strings and related standard functions.
Definition at line 41 of file checkstring.h.
Constructor & Destructor Documentation
◆ CheckString() [1/2]
|
inline |
This constructor is used when registering the CheckClass.
Definition at line 44 of file checkstring.h.
◆ CheckString() [2/2]
|
inlineprivate |
This constructor is used when running checks.
Definition at line 48 of file checkstring.h.
Member Function Documentation
◆ alwaysTrueFalseStringCompareError()
|
private |
Definition at line 141 of file checkstring.cpp.
References CWE570, CWE571, normal, Check::reportError(), and warning.
Referenced by checkAlwaysTrueOrFalseStringCompare(), and getErrorMessages().
◆ alwaysTrueStringVariableCompareError()
|
private |
Definition at line 153 of file checkstring.cpp.
References CWE571, normal, Check::reportError(), and warning.
Referenced by checkAlwaysTrueOrFalseStringCompare(), and getErrorMessages().
◆ checkAlwaysTrueOrFalseStringCompare()
|
private |
Check for suspicious code that compares string literals for equality
Definition at line 97 of file checkstring.cpp.
References alwaysTrueFalseStringCompareError(), alwaysTrueStringVariableCompareError(), SimpleEnableGroup< T >::isEnabled(), Check::logChecker(), Token::Match(), Check::mSettings, Check::mTokenizer, Token::next(), Settings::severity, Tokenizer::tokens(), and warning.
Referenced by runChecks().
◆ checkIncorrectStringCompare()
|
private |
Check for using bad usage of strncmp and substr
Definition at line 277 of file checkstring.cpp.
References Scope::bodyEnd, Scope::bodyStart, endsWith(), SymbolDatabase::functionScopes, Token::getStrLength(), Tokenizer::getSymbolDatabase(), incorrectStringBooleanError(), incorrectStringCompareError(), SimpleEnableGroup< T >::isEnabled(), isMacroUsage(), isUsedAsBool(), Token::link(), Token::linkAt(), Check::logChecker(), Token::Match(), Check::mSettings, Check::mTokenizer, Token::next(), Token::previous(), Settings::severity, Token::simpleMatch(), Token::strAt(), MathLib::toBigUNumber(), Token::tokAt(), and warning.
Referenced by runChecks().
◆ checkSuspiciousStringCompare()
|
private |
Check for comparison of a string literal with a char* variable
Definition at line 166 of file checkstring.cpp.
References Token::astOperand1(), Token::astOperand2(), Scope::bodyEnd, Scope::bodyStart, Token::eChar, Token::eString, Token::expressionString(), SymbolDatabase::functionScopes, Tokenizer::getSymbolDatabase(), Token::isC(), Token::isCpp(), SimpleEnableGroup< T >::isEnabled(), ValueType::isIntegral(), Token::isLiteral(), Token::isLong(), Check::logChecker(), Token::Match(), Check::mSettings, Check::mTokenizer, Token::next(), ValueType::pointer, Settings::severity, suspiciousStringCompareError(), suspiciousStringCompareError_char(), Token::tokType(), Token::valueType(), and warning.
Referenced by runChecks().
◆ classInfo()
|
inlineoverrideprivatevirtual |
get information about this class, used to generate documentation
Implements Check.
Definition at line 116 of file checkstring.h.
◆ getErrorMessages()
|
inlineoverrideprivatevirtual |
get error messages
Implements Check.
Definition at line 97 of file checkstring.h.
References alwaysTrueFalseStringCompareError(), alwaysTrueStringVariableCompareError(), incorrectStringBooleanError(), incorrectStringCompareError(), overlappingStrcmpError(), sprintfOverlappingDataError(), stringLiteralWriteError(), strPlusCharError(), suspiciousStringCompareError(), and suspiciousStringCompareError_char().
◆ incorrectStringBooleanError()
|
private |
Definition at line 330 of file checkstring.cpp.
References bool_to_string(), CWE571, getCharLiteral(), isCharLiteral(), normal, Check::reportError(), and warning.
Referenced by checkIncorrectStringCompare(), and getErrorMessages().
◆ incorrectStringCompareError()
|
private |
Definition at line 325 of file checkstring.cpp.
References CWE570, normal, Check::reportError(), and warning.
Referenced by checkIncorrectStringCompare(), and getErrorMessages().
◆ myName()
|
inlinestaticprivate |
Definition at line 112 of file checkstring.h.
◆ overlappingStrcmp()
|
private |
Check for overlapping strcmp()
Definition at line 345 of file checkstring.cpp.
References Token::astOperand1(), Scope::bodyEnd, Scope::bodyStart, SymbolDatabase::functionScopes, getArguments(), Tokenizer::getSymbolDatabase(), SimpleEnableGroup< T >::isEnabled(), isSameExpression(), Check::logChecker(), Token::Match(), Check::mSettings, Check::mTokenizer, Token::next(), none, overlappingStrcmpError(), Settings::severity, Token::simpleMatch(), Token::str(), visitAstNodes(), and warning.
Referenced by runChecks().
◆ overlappingStrcmpError()
Definition at line 407 of file checkstring.cpp.
References Token::astParent(), Token::expressionString(), Check::reportError(), and warning.
Referenced by getErrorMessages(), and overlappingStrcmp().
◆ runChecks()
|
inlineoverrideprivatevirtual |
Run checks against the normal token list.
Implements Check.
Definition at line 52 of file checkstring.h.
References checkAlwaysTrueOrFalseStringCompare(), checkIncorrectStringCompare(), checkSuspiciousStringCompare(), Tokenizer::getSettings(), overlappingStrcmp(), sprintfOverlappingData(), stringLiteralWrite(), and strPlusChar().
◆ sprintfOverlappingData()
|
private |
Check for overlapping source and destination passed to sprintf()
Definition at line 424 of file checkstring.cpp.
References Token::astOperand1(), Token::astOperand2(), Scope::bodyEnd, Scope::bodyStart, Token::expressionString(), SymbolDatabase::functionScopes, getArguments(), Tokenizer::getSymbolDatabase(), Token::isCast(), isSameExpression(), Check::logChecker(), Token::Match(), Check::mSettings, Check::mTokenizer, Token::next(), ValueType::pointer, Token::simpleMatch(), sprintfOverlappingDataError(), and Token::valueType().
Referenced by runChecks().
◆ sprintfOverlappingDataError()
|
private |
Definition at line 461 of file checkstring.cpp.
References CWE628, error, normal, Check::reportError(), and Token::str().
Referenced by getErrorMessages(), and sprintfOverlappingData().
◆ stringLiteralWrite()
|
private |
undefined behaviour, writing string literal
Definition at line 55 of file checkstring.cpp.
References Scope::bodyEnd, Scope::bodyStart, SymbolDatabase::functionScopes, Tokenizer::getSymbolDatabase(), Token::getValueTokenMinStrSize(), Check::logChecker(), Token::Match(), Check::mSettings, Check::mTokenizer, Token::next(), Token::simpleMatch(), and stringLiteralWriteError().
Referenced by runChecks().
◆ stringLiteralWriteError()
Definition at line 74 of file checkstring.cpp.
References CWE758, error, normal, Check::reportError(), and Token::str().
Referenced by getErrorMessages(), and stringLiteralWrite().
◆ strPlusChar()
|
private |
str plus char (unusual pointer arithmetic)
Definition at line 228 of file checkstring.cpp.
References Scope::bodyEnd, Scope::bodyStart, Token::eChar, Token::eString, SymbolDatabase::functionScopes, Tokenizer::getSymbolDatabase(), isChar(), Check::logChecker(), Check::mTokenizer, Token::next(), and strPlusCharError().
Referenced by runChecks().
◆ strPlusCharError()
|
private |
Definition at line 244 of file checkstring.cpp.
References Token::astOperand2(), CWE665, Token::eChar, error, normal, and Check::reportError().
Referenced by getErrorMessages(), and strPlusChar().
◆ suspiciousStringCompareError()
|
private |
Definition at line 205 of file checkstring.cpp.
References CWE595, normal, Check::reportError(), and warning.
Referenced by checkSuspiciousStringCompare(), and getErrorMessages().
◆ suspiciousStringCompareError_char()
|
private |
Definition at line 212 of file checkstring.cpp.
References CWE595, normal, Check::reportError(), and warning.
Referenced by checkSuspiciousStringCompare(), and getErrorMessages().
The documentation for this class was generated from the following files:
