From 608f4dc82bc83054d97a6819a380f66d1720637d Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Thu, 15 Jul 2021 11:50:26 -0400 Subject: [PATCH 01/62] add test --- cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql b/cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql index 97481bc8b038..629157b0e061 100644 --- a/cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql +++ b/cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql @@ -30,6 +30,6 @@ where n > 3 and complexStmt = b.getAStmt() select b, - "Block with too many statements (" + n.toString() + + "Test works. Block with too many statements (" + n.toString() + " complex statements in the block). Complex statements at: $@", complexStmt, - complexStmt.toString() + complexStmt.getEnclosingFunction().toString() From a3a76fe635c240677c240369c905e6927e7a8c8c Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Thu, 15 Jul 2021 13:23:22 -0400 Subject: [PATCH 02/62] test --- cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql b/cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql index 629157b0e061..569ac1f4b1fc 100644 --- a/cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql +++ b/cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql @@ -29,7 +29,7 @@ where n = strictcount(ComplexStmt s | s = b.getAStmt()) and n > 3 and complexStmt = b.getAStmt() -select b, +select b.getLocation(), b.getEnclosingFunction(), "Test works. Block with too many statements (" + n.toString() + " complex statements in the block). Complex statements at: $@", complexStmt, - complexStmt.getEnclosingFunction().toString() + complexStmt.getEnclosingFunction() From ee247f3cdeb020e05941b592e530cba5d2f15d05 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Thu, 15 Jul 2021 14:24:42 -0400 Subject: [PATCH 03/62] test --- cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql b/cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql index 569ac1f4b1fc..038474b3182a 100644 --- a/cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql +++ b/cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql @@ -29,7 +29,7 @@ where n = strictcount(ComplexStmt s | s = b.getAStmt()) and n > 3 and complexStmt = b.getAStmt() -select b.getLocation(), b.getEnclosingFunction(), +select b.getEnclosingFunction(), "Test works. Block with too many statements (" + n.toString() + " complex statements in the block). Complex statements at: $@", complexStmt, complexStmt.getEnclosingFunction() From 58954cdd722ff32ac23f85925df2ea2773657956 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Thu, 15 Jul 2021 14:40:40 -0400 Subject: [PATCH 04/62] fix ql --- cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql b/cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql index 038474b3182a..629157b0e061 100644 --- a/cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql +++ b/cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql @@ -29,7 +29,7 @@ where n = strictcount(ComplexStmt s | s = b.getAStmt()) and n > 3 and complexStmt = b.getAStmt() -select b.getEnclosingFunction(), +select b, "Test works. Block with too many statements (" + n.toString() + " complex statements in the block). Complex statements at: $@", complexStmt, - complexStmt.getEnclosingFunction() + complexStmt.getEnclosingFunction().toString() From a029ad0d819ace8160264bb01358897be9819861 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 16 Jul 2021 14:13:06 -0400 Subject: [PATCH 05/62] add one ql --- cpp/ql/devx-test/discoverInput.ql | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cpp/ql/devx-test/discoverInput.ql diff --git a/cpp/ql/devx-test/discoverInput.ql b/cpp/ql/devx-test/discoverInput.ql new file mode 100644 index 000000000000..68fc963d5318 --- /dev/null +++ b/cpp/ql/devx-test/discoverInput.ql @@ -0,0 +1,27 @@ +/** + * @name Discovering program input + * @description Blocks with too many consecutive statements are candidates for refactoring. Only complex statements are counted here (eg. for, while, switch ...). The top-level logic will be clearer if each complex statement is extracted to a function. + * @kind problem + * @problem.severity recommendation + * @precision high + * @id cpp/complex-block + * @tags testability + * readability + * maintainability + */ + +import cpp + +class ReadFunctionCall extends FunctionCall { + ReadFunctionCall() { + this.getTarget().getName() = "pread" or + this.getTarget().getName() = "read" or + this.getTarget().getName() = "readv" or + this.getTarget().getName() = "recvfrom" or + this.getTarget().getName() = "recvmsg" or + this.getTarget().getName() = "recv" + } +} + +from ReadFunctionCall call +select call.getFile(), call.getEnclosingFunction(), call \ No newline at end of file From 3b139cc418178f9bf3cbe6cedfe3ba80fa7a9093 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 16 Jul 2021 15:01:39 -0400 Subject: [PATCH 06/62] fix path --- cpp/ql/{devx-test => src}/discoverInput.ql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename cpp/ql/{devx-test => src}/discoverInput.ql (68%) diff --git a/cpp/ql/devx-test/discoverInput.ql b/cpp/ql/src/discoverInput.ql similarity index 68% rename from cpp/ql/devx-test/discoverInput.ql rename to cpp/ql/src/discoverInput.ql index 68fc963d5318..51a820d1ffc4 100644 --- a/cpp/ql/devx-test/discoverInput.ql +++ b/cpp/ql/src/discoverInput.ql @@ -1,10 +1,10 @@ /** * @name Discovering program input - * @description Blocks with too many consecutive statements are candidates for refactoring. Only complex statements are counted here (eg. for, while, switch ...). The top-level logic will be clearer if each complex statement is extracted to a function. + * @description https://securitylab.github.com/research/bug-hunting-codeql-rsyslog/ * @kind problem * @problem.severity recommendation * @precision high - * @id cpp/complex-block + * @id cpp/discover-input * @tags testability * readability * maintainability From b67d27104d90009e1796af056c0f3672283f5999 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 16 Jul 2021 15:10:00 -0400 Subject: [PATCH 07/62] add one column --- cpp/ql/src/discoverInput.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/discoverInput.ql b/cpp/ql/src/discoverInput.ql index 51a820d1ffc4..65f78a8445d1 100644 --- a/cpp/ql/src/discoverInput.ql +++ b/cpp/ql/src/discoverInput.ql @@ -24,4 +24,4 @@ class ReadFunctionCall extends FunctionCall { } from ReadFunctionCall call -select call.getFile(), call.getEnclosingFunction(), call \ No newline at end of file +select call.getFile(), "message", call.getEnclosingFunction(), call \ No newline at end of file From 29539c47663d455bea06ead0581c0679ba06f4b4 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 16 Jul 2021 15:33:48 -0400 Subject: [PATCH 08/62] update select syntax --- cpp/ql/src/discoverInput.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/discoverInput.ql b/cpp/ql/src/discoverInput.ql index 65f78a8445d1..55c005f7f574 100644 --- a/cpp/ql/src/discoverInput.ql +++ b/cpp/ql/src/discoverInput.ql @@ -24,4 +24,4 @@ class ReadFunctionCall extends FunctionCall { } from ReadFunctionCall call -select call.getFile(), "message", call.getEnclosingFunction(), call \ No newline at end of file +select call.getFile(), "placeholder, $@", call.getEnclosingFunction(), call \ No newline at end of file From cc9702f4d203b2b4b2f880561f68b1d05661096a Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 16 Jul 2021 15:52:19 -0400 Subject: [PATCH 09/62] 4th column - string --- cpp/ql/src/discoverInput.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/discoverInput.ql b/cpp/ql/src/discoverInput.ql index 55c005f7f574..51df3f75a365 100644 --- a/cpp/ql/src/discoverInput.ql +++ b/cpp/ql/src/discoverInput.ql @@ -24,4 +24,4 @@ class ReadFunctionCall extends FunctionCall { } from ReadFunctionCall call -select call.getFile(), "placeholder, $@", call.getEnclosingFunction(), call \ No newline at end of file +select call.getFile(), call.getEnclosingFunction(), call, "placeholder" \ No newline at end of file From a910bb3d48343f9498eb5b8fdebcdf5620b78092 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 16 Jul 2021 15:57:51 -0400 Subject: [PATCH 10/62] 2nd column to string --- cpp/ql/src/discoverInput.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/discoverInput.ql b/cpp/ql/src/discoverInput.ql index 51df3f75a365..036903ab66e1 100644 --- a/cpp/ql/src/discoverInput.ql +++ b/cpp/ql/src/discoverInput.ql @@ -24,4 +24,4 @@ class ReadFunctionCall extends FunctionCall { } from ReadFunctionCall call -select call.getFile(), call.getEnclosingFunction(), call, "placeholder" \ No newline at end of file +select call.getFile(), call.getEnclosingFunction().toString(), call, "placeholder" \ No newline at end of file From 2ba9fc4d30ca636a72178e37b342fe9ee2fcad1c Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Wed, 21 Jul 2021 12:24:42 -0400 Subject: [PATCH 11/62] add one syslog ql --- cpp/ql/src/devx/analyzeSyslog.ql | 21 +++++++++++++++++++++ cpp/ql/src/{ => devx}/discoverInput.ql | 24 +++++++++++++++++++++++- 2 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 cpp/ql/src/devx/analyzeSyslog.ql rename cpp/ql/src/{ => devx}/discoverInput.ql (50%) diff --git a/cpp/ql/src/devx/analyzeSyslog.ql b/cpp/ql/src/devx/analyzeSyslog.ql new file mode 100644 index 000000000000..9db615625599 --- /dev/null +++ b/cpp/ql/src/devx/analyzeSyslog.ql @@ -0,0 +1,21 @@ +/** + * @name Name: Analyze syslog + * @description Description: test + * @kind problem + * @problem.severity recommendation + * @precision high + * @id cpp/analyze-syslog + * @tags testability + * readability + * maintainability + */ + + + +import cpp +import semmle.code.cpp.models.interfaces.FormattingFunction + +from string format, FormattingFunctionCall fc +where format = fc.getFormat().getValue() and format.regexpMatch(".*") +and fc.getTarget().hasName("syslog") +select fc, "This log message format does not meet the requirements." \ No newline at end of file diff --git a/cpp/ql/src/discoverInput.ql b/cpp/ql/src/devx/discoverInput.ql similarity index 50% rename from cpp/ql/src/discoverInput.ql rename to cpp/ql/src/devx/discoverInput.ql index 036903ab66e1..af9120b27ca2 100644 --- a/cpp/ql/src/discoverInput.ql +++ b/cpp/ql/src/devx/discoverInput.ql @@ -12,6 +12,16 @@ import cpp + +// FunctionCall predicates: +// getTarget() : Gets the function called by this call. + +// inheritated predicate: +// getFile() : Gets the primary file where this element occurs. + +// getName() : Gets the name of this declaration. + + class ReadFunctionCall extends FunctionCall { ReadFunctionCall() { this.getTarget().getName() = "pread" or @@ -24,4 +34,16 @@ class ReadFunctionCall extends FunctionCall { } from ReadFunctionCall call -select call.getFile(), call.getEnclosingFunction().toString(), call, "placeholder" \ No newline at end of file +select call.getFile(), call.getEnclosingFunction().toString(), call, "placeholder" + +// Notes +// run this query on rsyslog/rsyslog in LGTM +// result: https://lgtm.com/query/6984839753043321725/ +// one result example: +// col: /opt/src/action.c <--- call.getFile(), https://github.com/rsyslog/rsyslog/blob/master/action.c +// col1: checkExternalStateFile <--- call.getEnclosingFunction() +// call: call to read <--- call +// checkExternalStateFile(...): +// ... +// r = read(fd, filebuf, sizeof(filebuf) - 1); +// ... \ No newline at end of file From 3521131920d735ef20e3181ca42d6278b856420c Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Wed, 21 Jul 2021 17:20:57 -0400 Subject: [PATCH 12/62] pass getArgument(0) and see output --- cpp/ql/src/devx/checkMacros.ql | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 cpp/ql/src/devx/checkMacros.ql diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql new file mode 100644 index 000000000000..9ac0dc1d9d2a --- /dev/null +++ b/cpp/ql/src/devx/checkMacros.ql @@ -0,0 +1,24 @@ +/** + * @name Name: Check macros + * @description Description: Ensure that macros like __FUNCTION__, __FILE__ and __LINE__ are part of only debug logs, and not others. + * @kind problem + * @problem.severity recommendation + * @precision high + * @id cpp/check-macros + * @tags testability + * readability + * maintainability + */ + +import cpp +import semmle.code.cpp.models.interfaces.FormattingFunction + +// Find the syslog calls that meet two conditions +// 1. First parameter is not "LOG_DEBUG". Such as LOG_ERR. +// 2. Macros show in log messages. +// Example: syslog(LOG_ERR, "%s: Failed init_producer", __FUNCTION__); + +from string format, FormattingFunctionCall fc +where format = fc.getFormat().getValue() and format.regexpMatch(".*") +and fc.getTarget().hasName("syslog") +select fc.getArgument(0), "This log message format does not meet the requirements." \ No newline at end of file From 5c0375446aa1c37d3d03c8d22ace01581218be1c Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Wed, 21 Jul 2021 17:43:30 -0400 Subject: [PATCH 13/62] find calls have LOG_DEBUG --- cpp/ql/src/devx/checkMacros.ql | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index 9ac0dc1d9d2a..9a788631dae0 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -21,4 +21,5 @@ import semmle.code.cpp.models.interfaces.FormattingFunction from string format, FormattingFunctionCall fc where format = fc.getFormat().getValue() and format.regexpMatch(".*") and fc.getTarget().hasName("syslog") -select fc.getArgument(0), "This log message format does not meet the requirements." \ No newline at end of file +and fc.getArgument(1).getValue()="LOG_DEBUG" +select fc, "This log message format does not meet the requirements." \ No newline at end of file From 09d56a7b01293e1b04093205372e10cf4bff568e Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Wed, 21 Jul 2021 17:51:57 -0400 Subject: [PATCH 14/62] test --- cpp/ql/src/devx/checkMacros.ql | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index 9a788631dae0..d1e6470d6e4c 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -19,7 +19,6 @@ import semmle.code.cpp.models.interfaces.FormattingFunction // Example: syslog(LOG_ERR, "%s: Failed init_producer", __FUNCTION__); from string format, FormattingFunctionCall fc -where format = fc.getFormat().getValue() and format.regexpMatch(".*") +where format = fc.getFormat().getValue() and format.regexpMatch(".*LOG_DEBUG.*") and fc.getTarget().hasName("syslog") -and fc.getArgument(1).getValue()="LOG_DEBUG" select fc, "This log message format does not meet the requirements." \ No newline at end of file From f0e86294051bf90a0ce28b454360d360563c888c Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Thu, 22 Jul 2021 09:57:58 -0400 Subject: [PATCH 15/62] test --- cpp/ql/src/devx/checkMacros.ql | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index d1e6470d6e4c..49984d6ee34b 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -19,6 +19,7 @@ import semmle.code.cpp.models.interfaces.FormattingFunction // Example: syslog(LOG_ERR, "%s: Failed init_producer", __FUNCTION__); from string format, FormattingFunctionCall fc -where format = fc.getFormat().getValue() and format.regexpMatch(".*LOG_DEBUG.*") +where format = fc.getFormat().getValue() +and format.regexpMatch(".*") and fc.getTarget().hasName("syslog") -select fc, "This log message format does not meet the requirements." \ No newline at end of file +select fc.getArgument(0).toString(), format \ No newline at end of file From 1a0478c82e7c0ff2300e5328380e8d26a3306064 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Thu, 22 Jul 2021 10:19:10 -0400 Subject: [PATCH 16/62] test --- cpp/ql/src/devx/checkMacros.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index 49984d6ee34b..fbdfa6bf2da3 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -22,4 +22,4 @@ from string format, FormattingFunctionCall fc where format = fc.getFormat().getValue() and format.regexpMatch(".*") and fc.getTarget().hasName("syslog") -select fc.getArgument(0).toString(), format \ No newline at end of file +select fc, format \ No newline at end of file From 80a9efdb3e23de332547e7474b6ac3d42fb5a4a9 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Thu, 22 Jul 2021 10:56:45 -0400 Subject: [PATCH 17/62] update --- cpp/ql/src/devx/checkMacros.ql | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index fbdfa6bf2da3..57f731dd43ac 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -14,12 +14,16 @@ import cpp import semmle.code.cpp.models.interfaces.FormattingFunction // Find the syslog calls that meet two conditions + // 1. First parameter is not "LOG_DEBUG". Such as LOG_ERR. -// 2. Macros show in log messages. + +// 2. Macros in log messages. + // Example: syslog(LOG_ERR, "%s: Failed init_producer", __FUNCTION__); -from string format, FormattingFunctionCall fc -where format = fc.getFormat().getValue() +from string format, FormattingFunctionCall fc, FormatLiteral fl +where format = fc.getFormat().getValue() // format: "%s: Failed init_producer" and format.regexpMatch(".*") and fc.getTarget().hasName("syslog") +and fc.getArgument(0).getValue() ="LOG_DEBUG" select fc, format \ No newline at end of file From 0574409d7c71c7591ec33a2d4f88dae46fba0351 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Thu, 22 Jul 2021 11:04:54 -0400 Subject: [PATCH 18/62] test --- cpp/ql/src/devx/checkMacros.ql | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index 57f731dd43ac..783bfe65da75 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -24,6 +24,5 @@ import semmle.code.cpp.models.interfaces.FormattingFunction from string format, FormattingFunctionCall fc, FormatLiteral fl where format = fc.getFormat().getValue() // format: "%s: Failed init_producer" and format.regexpMatch(".*") -and fc.getTarget().hasName("syslog") -and fc.getArgument(0).getValue() ="LOG_DEBUG" -select fc, format \ No newline at end of file +and fc.getTarget().hasName("syslog") +select fc, fc.getArgument(0).getValue().toString() \ No newline at end of file From a1a36a9efabdd215c3e531e6d5de7f3e4d69b175 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Thu, 22 Jul 2021 12:24:46 -0400 Subject: [PATCH 19/62] test --- cpp/ql/src/devx/checkMacros.ql | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index 783bfe65da75..cc528bde861a 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -21,8 +21,20 @@ import semmle.code.cpp.models.interfaces.FormattingFunction // Example: syslog(LOG_ERR, "%s: Failed init_producer", __FUNCTION__); -from string format, FormattingFunctionCall fc, FormatLiteral fl + +predicate isLogDebug(Expr mie) { + exists(MacroInvocation mi | + mi.getExpr() = mie and + ( + mi.getMacroName() = "LOG_DEBUG" or + ) + ) +} + + +from string format, FormattingFunctionCall fc where format = fc.getFormat().getValue() // format: "%s: Failed init_producer" and format.regexpMatch(".*") and fc.getTarget().hasName("syslog") -select fc, fc.getArgument(0).getValue().toString() \ No newline at end of file +and isLogDebug(fc.getArgument(0)) +select fc, "test" \ No newline at end of file From 56f3be72b55f1209eb67223ffebbbefaa0519d10 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Thu, 22 Jul 2021 12:27:15 -0400 Subject: [PATCH 20/62] fix typo --- cpp/ql/src/devx/checkMacros.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index cc528bde861a..506443611800 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -26,7 +26,7 @@ predicate isLogDebug(Expr mie) { exists(MacroInvocation mi | mi.getExpr() = mie and ( - mi.getMacroName() = "LOG_DEBUG" or + mi.getMacroName() = "LOG_DEBUG" ) ) } From 70b04a69c9e1ce25ec907de91a86b6b43cb01e39 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 23 Jul 2021 12:31:56 -0400 Subject: [PATCH 21/62] test --- cpp/ql/src/devx/checkMacros.ql | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index 506443611800..f113ce119793 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -21,7 +21,9 @@ import semmle.code.cpp.models.interfaces.FormattingFunction // Example: syslog(LOG_ERR, "%s: Failed init_producer", __FUNCTION__); - +/* +Holds if the log macro is debug. +*/ predicate isLogDebug(Expr mie) { exists(MacroInvocation mi | mi.getExpr() = mie and @@ -31,10 +33,24 @@ predicate isLogDebug(Expr mie) { ) } +/* +Holds if there is macro in parameters. +For example: syslog (LOG_ERR, + "***** %s: return throttled errcode vrf %s afi %u loc 1*****", + __FUNCTION__, <------ should be reported + table_ctx->vrf_name, + table_ctx->official_afi); +*/ +// predicate hasMacro(FormattingFunctionCall fc) { +// exists(MacroInvocation mi | +// mi.getExpr() = v) +// } from string format, FormattingFunctionCall fc where format = fc.getFormat().getValue() // format: "%s: Failed init_producer" and format.regexpMatch(".*") and fc.getTarget().hasName("syslog") -and isLogDebug(fc.getArgument(0)) -select fc, "test" \ No newline at end of file +and not isLogDebug(fc.getArgument(0)) // exclude debug logs +// need to loop over the rest parameters in syslog(0, rest) and check if any of them is macro. +// and hasMacro(fc) +select fc, "this is conversion argument $@",fc.getConversionArgument(1).getValue() \ No newline at end of file From eb3f83afa1bfe32e5ec30da918cf6076f56a0799 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 23 Jul 2021 13:09:49 -0400 Subject: [PATCH 22/62] test --- cpp/ql/src/devx/checkMacros.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index f113ce119793..05901dc35735 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -53,4 +53,4 @@ and fc.getTarget().hasName("syslog") and not isLogDebug(fc.getArgument(0)) // exclude debug logs // need to loop over the rest parameters in syslog(0, rest) and check if any of them is macro. // and hasMacro(fc) -select fc, "this is conversion argument $@",fc.getConversionArgument(1).getValue() \ No newline at end of file +select fc,fc.getConversionArgument(1).getValue().toString() \ No newline at end of file From ffb1212d149055896baaf69b1692b4c8a7708650 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Tue, 27 Jul 2021 11:23:48 -0400 Subject: [PATCH 23/62] update ql --- cpp/ql/src/devx/checkMacros.ql | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index 05901dc35735..53b277377d3f 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -46,11 +46,10 @@ For example: syslog (LOG_ERR, // mi.getExpr() = v) // } -from string format, FormattingFunctionCall fc +from string format, FormattingFunctionCall fc, MacroInvocation mi, int arg where format = fc.getFormat().getValue() // format: "%s: Failed init_producer" -and format.regexpMatch(".*") -and fc.getTarget().hasName("syslog") -and not isLogDebug(fc.getArgument(0)) // exclude debug logs -// need to loop over the rest parameters in syslog(0, rest) and check if any of them is macro. -// and hasMacro(fc) -select fc,fc.getConversionArgument(1).getValue().toString() \ No newline at end of file + and format.regexpMatch(".*") + and fc.getTarget().hasName("syslog") + and not isLogDebug(fc.getArgument(0)) // exclude debug logs + and fc.getFormatArgument(arg) = mi.getExpr() // The arg'th formatting argument is a use of the macro `mi.getMacro()`. +select fc, "Argument " + arg + " of " + fc.toString() + " is " + mi.getMacroName() From 57ae8d2bb5f27d50137fc6997470874a35227860 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Tue, 27 Jul 2021 11:59:36 -0400 Subject: [PATCH 24/62] update --- cpp/ql/src/devx/checkMacros.ql | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index 53b277377d3f..ea343d8225ec 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -46,10 +46,10 @@ For example: syslog (LOG_ERR, // mi.getExpr() = v) // } -from string format, FormattingFunctionCall fc, MacroInvocation mi, int arg +from string format, FormattingFunctionCall fc, MacroInvocation mi, int arg, StringLiteral lit where format = fc.getFormat().getValue() // format: "%s: Failed init_producer" - and format.regexpMatch(".*") and fc.getTarget().hasName("syslog") and not isLogDebug(fc.getArgument(0)) // exclude debug logs - and fc.getFormatArgument(arg) = mi.getExpr() // The arg'th formatting argument is a use of the macro `mi.getMacro()`. -select fc, "Argument " + arg + " of " + fc.toString() + " is " + mi.getMacroName() + and lit.getValue() = "bgp_nbr_range_print" + and fc.getFormatArgument(arg) = lit // The arg'th formatting argument is a use of the macro `mi.getMacro()`. +select fc, "Argument " + arg + " of " + fc.toString() + " is " + lit.getValue() From 559b9ecb08fe8ad0612b495ee46c3c8b6c04f27c Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Tue, 27 Jul 2021 13:24:10 -0400 Subject: [PATCH 25/62] test --- cpp/ql/src/devx/checkMacros.ql | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index ea343d8225ec..1eac669bbf3d 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -50,6 +50,6 @@ from string format, FormattingFunctionCall fc, MacroInvocation mi, int arg, Stri where format = fc.getFormat().getValue() // format: "%s: Failed init_producer" and fc.getTarget().hasName("syslog") and not isLogDebug(fc.getArgument(0)) // exclude debug logs - and lit.getValue() = "bgp_nbr_range_print" - and fc.getFormatArgument(arg) = lit // The arg'th formatting argument is a use of the macro `mi.getMacro()`. -select fc, "Argument " + arg + " of " + fc.toString() + " is " + lit.getValue() + // and lit.getValue() = "bgp_nbr_range_print" + and fc.getFormatArgument(arg).toString() = fc.getEnclosingFunction().toString() +select fc, "Argument " + arg + " of " + fc.toString() + " is " + fc.getFormatArgument(arg) From 65620b6c2655c224ace08d3b8fef0a36474b99af Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Tue, 27 Jul 2021 14:45:51 -0400 Subject: [PATCH 26/62] test --- cpp/ql/src/devx/checkMacros.ql | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index 1eac669bbf3d..750ea2ca8a50 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -11,6 +11,8 @@ */ import cpp +import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.commons.Printf import semmle.code.cpp.models.interfaces.FormattingFunction // Find the syslog calls that meet two conditions @@ -51,5 +53,9 @@ where format = fc.getFormat().getValue() // format: "%s: Failed init_producer" and fc.getTarget().hasName("syslog") and not isLogDebug(fc.getArgument(0)) // exclude debug logs // and lit.getValue() = "bgp_nbr_range_print" - and fc.getFormatArgument(arg).toString() = fc.getEnclosingFunction().toString() + and exists(DataFlow::Node source, DataFlow::Node sink | + DataFlow::localFlow(source, sink) and + source.asExpr() instanceof StringLiteral and + sink.asExpr() = fc.getFormatArgument(arg) + ) select fc, "Argument " + arg + " of " + fc.toString() + " is " + fc.getFormatArgument(arg) From aa78d6ea0e63b1422cc658b9a808397f69bfc54a Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Tue, 27 Jul 2021 16:49:18 -0400 Subject: [PATCH 27/62] test --- cpp/ql/src/devx/checkMacros.ql | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index 750ea2ca8a50..4ee8a261087a 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -48,14 +48,17 @@ For example: syslog (LOG_ERR, // mi.getExpr() = v) // } -from string format, FormattingFunctionCall fc, MacroInvocation mi, int arg, StringLiteral lit +class SourceNode extends DataFlow::Node { + SourceNode() { + not DataFlow::localFlowStep(_, this) + } + } + +from string format, FormattingFunctionCall fc, SourceNode src, DataFlow::Node arg where format = fc.getFormat().getValue() // format: "%s: Failed init_producer" and fc.getTarget().hasName("syslog") and not isLogDebug(fc.getArgument(0)) // exclude debug logs // and lit.getValue() = "bgp_nbr_range_print" - and exists(DataFlow::Node source, DataFlow::Node sink | - DataFlow::localFlow(source, sink) and - source.asExpr() instanceof StringLiteral and - sink.asExpr() = fc.getFormatArgument(arg) - ) -select fc, "Argument " + arg + " of " + fc.toString() + " is " + fc.getFormatArgument(arg) + and DataFlow::localFlow(src, arg) + and src.asExpr() instanceof StringLiteral +select fc, "Argument " + arg + " of " + fc.toString() + " is " + arg From a4f96360bfe044cbedc4dc8b9f78676006baf87e Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Wed, 28 Jul 2021 12:12:05 -0400 Subject: [PATCH 28/62] test --- cpp/ql/src/devx/checkMacros.ql | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index 4ee8a261087a..f8dd000a866c 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -48,17 +48,13 @@ For example: syslog (LOG_ERR, // mi.getExpr() = v) // } -class SourceNode extends DataFlow::Node { - SourceNode() { - not DataFlow::localFlowStep(_, this) - } - } -from string format, FormattingFunctionCall fc, SourceNode src, DataFlow::Node arg -where format = fc.getFormat().getValue() // format: "%s: Failed init_producer" - and fc.getTarget().hasName("syslog") - and not isLogDebug(fc.getArgument(0)) // exclude debug logs - // and lit.getValue() = "bgp_nbr_range_print" - and DataFlow::localFlow(src, arg) - and src.asExpr() instanceof StringLiteral -select fc, "Argument " + arg + " of " + fc.toString() + " is " + arg +from string format, FormattingFunctionCall fc, DataFlow::Node src, DataFlow::Node sink, int n +where + format = fc.getFormat().getValue() and // format: "%s: Failed init_producer" + fc.getTarget().hasName("syslog") and + not isLogDebug(fc.getArgument(0)) and + DataFlow::localFlow(src, sink) and + fc.getFormatArgument(n) = sink.asExpr() and + src.toString() = fc.getEnclosingFunction().toString() +select fc, "Argument " + sink + " of " + fc.toString() + " is " + src.toString() From 34586cafc2f2ba74d75e06c5527603373cc5856f Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Wed, 28 Jul 2021 17:28:26 -0400 Subject: [PATCH 29/62] test --- cpp/ql/src/devx/checkMacros.ql | 45 +++++++++++++++++++--------------- 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index f8dd000a866c..6460bee9d016 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -35,26 +35,31 @@ predicate isLogDebug(Expr mie) { ) } -/* -Holds if there is macro in parameters. -For example: syslog (LOG_ERR, - "***** %s: return throttled errcode vrf %s afi %u loc 1*****", - __FUNCTION__, <------ should be reported - table_ctx->vrf_name, - table_ctx->official_afi); -*/ -// predicate hasMacro(FormattingFunctionCall fc) { -// exists(MacroInvocation mi | -// mi.getExpr() = v) -// } +class Likely__FUNCTION__ extends StringLiteral { + Likely__FUNCTION__() { this.getValue() = this.getEnclosingFunction().getName() } + } + +/** + * Holds if `e` is either: + * 1. a macro invocation with the name `s`, or + * 2. a string literal with the same value as the name of `e`'s enclosing function. This likely means + * that `e` is a use of the `__FUNCTION__` macro. + */ +predicate isMacroInvocationLike(Expr e, string s) { +exists(MacroInvocation mi | + e = mi.getExpr() and + s = mi.getMacroName() +) +or +e instanceof Likely__FUNCTION__ and +s = "__FUNCTION__" +} -from string format, FormattingFunctionCall fc, DataFlow::Node src, DataFlow::Node sink, int n +from string format, FormattingFunctionCall fc, int n, string name where - format = fc.getFormat().getValue() and // format: "%s: Failed init_producer" - fc.getTarget().hasName("syslog") and - not isLogDebug(fc.getArgument(0)) and - DataFlow::localFlow(src, sink) and - fc.getFormatArgument(n) = sink.asExpr() and - src.toString() = fc.getEnclosingFunction().toString() -select fc, "Argument " + sink + " of " + fc.toString() + " is " + src.toString() +format = fc.getFormat().getValue() and // format: "%s: Failed init_producer" +fc.getTarget().hasName("syslog") and +not isLogDebug(fc.getArgument(0)) and +isMacroInvocationLike(fc.getFormatArgument(n), name) +select fc, "Argument " + n + " of " + fc.toString() + " is " + name From c615528bdc6ca914dfd10bff36522f43992f7a81 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 30 Jul 2021 10:01:26 -0400 Subject: [PATCH 30/62] test --- cpp/ql/src/devx/checkMacros.ql | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index 6460bee9d016..3616f2a699c0 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -11,7 +11,6 @@ */ import cpp -import semmle.code.cpp.dataflow.DataFlow import semmle.code.cpp.commons.Printf import semmle.code.cpp.models.interfaces.FormattingFunction @@ -36,7 +35,9 @@ predicate isLogDebug(Expr mie) { } class Likely__FUNCTION__ extends StringLiteral { - Likely__FUNCTION__() { this.getValue() = this.getEnclosingFunction().getName() } + Likely__FUNCTION__() { + this.getValue() = this.getEnclosingFunction().getName() + } } /** @@ -46,13 +47,12 @@ class Likely__FUNCTION__ extends StringLiteral { * that `e` is a use of the `__FUNCTION__` macro. */ predicate isMacroInvocationLike(Expr e, string s) { -exists(MacroInvocation mi | - e = mi.getExpr() and - s = mi.getMacroName() -) -or -e instanceof Likely__FUNCTION__ and -s = "__FUNCTION__" + exists(MacroInvocation mi | + e = mi.getExpr() and + s = mi.getMacroName() + ) + or + e instanceof Likely__FUNCTION__ } From 8809fbe8ef1f2247b615cf8a88bb1df1b7433606 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 30 Jul 2021 10:03:55 -0400 Subject: [PATCH 31/62] test --- cpp/ql/src/devx/checkMacros.ql | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index 3616f2a699c0..5a83b167e4ef 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -46,20 +46,19 @@ class Likely__FUNCTION__ extends StringLiteral { * 2. a string literal with the same value as the name of `e`'s enclosing function. This likely means * that `e` is a use of the `__FUNCTION__` macro. */ -predicate isMacroInvocationLike(Expr e, string s) { +predicate isMacroInvocationLike(Expr e) { exists(MacroInvocation mi | e = mi.getExpr() and - s = mi.getMacroName() ) or e instanceof Likely__FUNCTION__ } -from string format, FormattingFunctionCall fc, int n, string name +from string format, FormattingFunctionCall fc, int n where format = fc.getFormat().getValue() and // format: "%s: Failed init_producer" fc.getTarget().hasName("syslog") and not isLogDebug(fc.getArgument(0)) and -isMacroInvocationLike(fc.getFormatArgument(n), name) -select fc, "Argument " + n + " of " + fc.toString() + " is " + name +isMacroInvocationLike(fc.getFormatArgument(n)) +select fc, "Argument " + n + " of " + fc.toString() + " is " + fc.getFormatArgument(n).getValue() From c06a19d8b9d26d610bcfd20d979890a630bd6366 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 30 Jul 2021 10:04:43 -0400 Subject: [PATCH 32/62] test --- cpp/ql/src/devx/checkMacros.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index 5a83b167e4ef..679c284a2519 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -48,7 +48,7 @@ class Likely__FUNCTION__ extends StringLiteral { */ predicate isMacroInvocationLike(Expr e) { exists(MacroInvocation mi | - e = mi.getExpr() and + e = mi.getExpr() ) or e instanceof Likely__FUNCTION__ From 1d12805174225fddf9b54410620ec7eeed41443f Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 30 Jul 2021 10:27:54 -0400 Subject: [PATCH 33/62] test --- cpp/ql/src/devx/checkMacros.ql | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index 679c284a2519..6b0efe7896d6 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -59,6 +59,7 @@ from string format, FormattingFunctionCall fc, int n where format = fc.getFormat().getValue() and // format: "%s: Failed init_producer" fc.getTarget().hasName("syslog") and -not isLogDebug(fc.getArgument(0)) and -isMacroInvocationLike(fc.getFormatArgument(n)) +not isLogDebug(fc.getArgument(0)) +// isMacroInvocationLike(fc.getFormatArgument(n)) +// fc.getFormatArgument(n).getValue() = fc.getEnclosingFunction().getName() select fc, "Argument " + n + " of " + fc.toString() + " is " + fc.getFormatArgument(n).getValue() From 8b6340eced723b3247198753f4d84a88bd89b46b Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 30 Jul 2021 11:15:04 -0400 Subject: [PATCH 34/62] test --- cpp/ql/src/devx/checkMacros.ql | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index 6b0efe7896d6..df52c6ae4ea5 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -46,20 +46,20 @@ class Likely__FUNCTION__ extends StringLiteral { * 2. a string literal with the same value as the name of `e`'s enclosing function. This likely means * that `e` is a use of the `__FUNCTION__` macro. */ -predicate isMacroInvocationLike(Expr e) { +predicate isMacroInvocationLike(Expr e, string s) { exists(MacroInvocation mi | - e = mi.getExpr() + e = mi.getExpr() and + s = mi.getMacroName() ) or - e instanceof Likely__FUNCTION__ -} - + e instanceof Likely__FUNCTION__ or + s = "__FUNCTION__" + } -from string format, FormattingFunctionCall fc, int n +from string format, FormattingFunctionCall fc, int n, string name where format = fc.getFormat().getValue() and // format: "%s: Failed init_producer" fc.getTarget().hasName("syslog") and -not isLogDebug(fc.getArgument(0)) -// isMacroInvocationLike(fc.getFormatArgument(n)) -// fc.getFormatArgument(n).getValue() = fc.getEnclosingFunction().getName() -select fc, "Argument " + n + " of " + fc.toString() + " is " + fc.getFormatArgument(n).getValue() +not isLogDebug(fc.getArgument(0)) and +isMacroInvocationLike(fc.getFormatArgument(n), name) +select fc, "Argument " + n + " of " + fc.toString() + " is " + name From ea04eccb2b9fd153e5d2fc4d73d0275305de0854 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 30 Jul 2021 11:17:28 -0400 Subject: [PATCH 35/62] test --- cpp/ql/src/devx/checkMacros.ql | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index df52c6ae4ea5..425cc638e687 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -52,8 +52,7 @@ predicate isMacroInvocationLike(Expr e, string s) { s = mi.getMacroName() ) or - e instanceof Likely__FUNCTION__ or - s = "__FUNCTION__" + e instanceof Likely__FUNCTION__ } from string format, FormattingFunctionCall fc, int n, string name From d8aa084c7ba7eea822296aa3349e592b39175eb4 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Wed, 4 Aug 2021 15:53:14 -0400 Subject: [PATCH 36/62] test --- cpp/ql/src/devx/checkMacros.ql | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index 425cc638e687..a1bd7f4daafd 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -46,19 +46,21 @@ class Likely__FUNCTION__ extends StringLiteral { * 2. a string literal with the same value as the name of `e`'s enclosing function. This likely means * that `e` is a use of the `__FUNCTION__` macro. */ -predicate isMacroInvocationLike(Expr e, string s) { - exists(MacroInvocation mi | - e = mi.getExpr() and - s = mi.getMacroName() - ) - or - e instanceof Likely__FUNCTION__ - } +// predicate isMacroInvocationLike(Expr e, string s) { +// exists(MacroInvocation mi | +// e = mi.getExpr() and +// s = mi.getMacroName() +// ) +// or +// e instanceof Likely__FUNCTION__ and +// s in ["__FUNCTION__", "__FILE__", "__LINE__"] +// } from string format, FormattingFunctionCall fc, int n, string name where -format = fc.getFormat().getValue() and // format: "%s: Failed init_producer" -fc.getTarget().hasName("syslog") and -not isLogDebug(fc.getArgument(0)) and -isMacroInvocationLike(fc.getFormatArgument(n), name) + format = fc.getFormat().getValue() and // format: "%s: Failed init_producer" + fc.getTarget().hasName("syslog") and + not isLogDebug(fc.getArgument(0)) and + name = fc.getConversionArgument(n).toString() and + name in ["__FUNCTION__", "__FILE__", "__LINE__"] select fc, "Argument " + n + " of " + fc.toString() + " is " + name From 8cf9d8bd2b319276854dffe4a6fcefd0da4c479a Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Wed, 4 Aug 2021 17:09:12 -0400 Subject: [PATCH 37/62] remove comment --- cpp/ql/src/devx/checkMacros.ql | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/cpp/ql/src/devx/checkMacros.ql b/cpp/ql/src/devx/checkMacros.ql index a1bd7f4daafd..49e99bf4b80c 100644 --- a/cpp/ql/src/devx/checkMacros.ql +++ b/cpp/ql/src/devx/checkMacros.ql @@ -34,28 +34,6 @@ predicate isLogDebug(Expr mie) { ) } -class Likely__FUNCTION__ extends StringLiteral { - Likely__FUNCTION__() { - this.getValue() = this.getEnclosingFunction().getName() - } - } - -/** - * Holds if `e` is either: - * 1. a macro invocation with the name `s`, or - * 2. a string literal with the same value as the name of `e`'s enclosing function. This likely means - * that `e` is a use of the `__FUNCTION__` macro. - */ -// predicate isMacroInvocationLike(Expr e, string s) { -// exists(MacroInvocation mi | -// e = mi.getExpr() and -// s = mi.getMacroName() -// ) -// or -// e instanceof Likely__FUNCTION__ and -// s in ["__FUNCTION__", "__FILE__", "__LINE__"] -// } - from string format, FormattingFunctionCall fc, int n, string name where format = fc.getFormat().getValue() and // format: "%s: Failed init_producer" From ccd49b14b089673475f10c2d41115c90b09d00f9 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 6 Aug 2021 11:42:06 -0400 Subject: [PATCH 38/62] add two ios_msg ql --- cpp/ql/src/devx/iosMsgLogs2.ql | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 cpp/ql/src/devx/iosMsgLogs2.ql diff --git a/cpp/ql/src/devx/iosMsgLogs2.ql b/cpp/ql/src/devx/iosMsgLogs2.ql new file mode 100644 index 000000000000..9c3184870aae --- /dev/null +++ b/cpp/ql/src/devx/iosMsgLogs2.ql @@ -0,0 +1,20 @@ +/** + * @name Name: Find ios_*msg + * @description Description: Finding all functions with name "ios_*msg" + * @kind problem + * @problem.severity recommendation + * @precision high + * @id cpp/check-macros + * @tags testability + * readability + * maintainability + */ + +import cpp +import semmle.code.cpp.commons.Printf + + +from Function f +where + f.getName().regexpMatch("ios_*msg*") +select f.getACallToThisFunction(), "Function name is: "+f.getName().toString() \ No newline at end of file From 31405336d6cc6acec489442aa7fd99b7cca585b3 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 6 Aug 2021 11:43:51 -0400 Subject: [PATCH 39/62] a fix --- cpp/ql/src/devx/iosMsgLogs.ql | 20 ++++++++++++++++++++ cpp/ql/src/devx/iosMsgLogs2.ql | 2 +- 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 cpp/ql/src/devx/iosMsgLogs.ql diff --git a/cpp/ql/src/devx/iosMsgLogs.ql b/cpp/ql/src/devx/iosMsgLogs.ql new file mode 100644 index 000000000000..75b264383d85 --- /dev/null +++ b/cpp/ql/src/devx/iosMsgLogs.ql @@ -0,0 +1,20 @@ +/** + * @name Name: Find ios_msg_* + * @description Description: Finding all functions with name "ios_msg_*" + * @kind problem + * @problem.severity recommendation + * @precision high + * @id cpp/check-macros + * @tags testability + * readability + * maintainability + */ + +import cpp +import semmle.code.cpp.commons.Printf + + +from Function f +where + f.getName().regexpMatch("ios_msg_*") +select f.getACallToThisFunction(), "Function name is: "+f.getName().toString() \ No newline at end of file diff --git a/cpp/ql/src/devx/iosMsgLogs2.ql b/cpp/ql/src/devx/iosMsgLogs2.ql index 9c3184870aae..391b89cd0de8 100644 --- a/cpp/ql/src/devx/iosMsgLogs2.ql +++ b/cpp/ql/src/devx/iosMsgLogs2.ql @@ -16,5 +16,5 @@ import semmle.code.cpp.commons.Printf from Function f where - f.getName().regexpMatch("ios_*msg*") + f.getName().regexpMatch("ios_*msg") select f.getACallToThisFunction(), "Function name is: "+f.getName().toString() \ No newline at end of file From 6c8e23646c237a64871588ddaf007c0010e11cb5 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 6 Aug 2021 12:43:41 -0400 Subject: [PATCH 40/62] fix --- cpp/ql/src/devx/iosMsgLogs.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/devx/iosMsgLogs.ql b/cpp/ql/src/devx/iosMsgLogs.ql index 75b264383d85..bb6bb80ea077 100644 --- a/cpp/ql/src/devx/iosMsgLogs.ql +++ b/cpp/ql/src/devx/iosMsgLogs.ql @@ -17,4 +17,4 @@ import semmle.code.cpp.commons.Printf from Function f where f.getName().regexpMatch("ios_msg_*") -select f.getACallToThisFunction(), "Function name is: "+f.getName().toString() \ No newline at end of file +select f, "Function name is: "+f.getName().toString() \ No newline at end of file From 4115dd00c78c04928c0e8f880edcd20aa5a450cd Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 6 Aug 2021 12:48:37 -0400 Subject: [PATCH 41/62] test --- cpp/ql/src/devx/iosMsgLogs.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/devx/iosMsgLogs.ql b/cpp/ql/src/devx/iosMsgLogs.ql index bb6bb80ea077..75b264383d85 100644 --- a/cpp/ql/src/devx/iosMsgLogs.ql +++ b/cpp/ql/src/devx/iosMsgLogs.ql @@ -17,4 +17,4 @@ import semmle.code.cpp.commons.Printf from Function f where f.getName().regexpMatch("ios_msg_*") -select f, "Function name is: "+f.getName().toString() \ No newline at end of file +select f.getACallToThisFunction(), "Function name is: "+f.getName().toString() \ No newline at end of file From 209a2bbed50980784589182dfe4e2b943d959466 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 6 Aug 2021 13:04:48 -0400 Subject: [PATCH 42/62] test --- cpp/ql/src/devx/iosMsgLogs.ql | 4 +--- cpp/ql/src/devx/iosMsgLogs2.ql | 2 -- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/cpp/ql/src/devx/iosMsgLogs.ql b/cpp/ql/src/devx/iosMsgLogs.ql index 75b264383d85..3beb8101420f 100644 --- a/cpp/ql/src/devx/iosMsgLogs.ql +++ b/cpp/ql/src/devx/iosMsgLogs.ql @@ -4,15 +4,13 @@ * @kind problem * @problem.severity recommendation * @precision high - * @id cpp/check-macros + * @id cpp/ios-msg * @tags testability * readability * maintainability */ import cpp -import semmle.code.cpp.commons.Printf - from Function f where diff --git a/cpp/ql/src/devx/iosMsgLogs2.ql b/cpp/ql/src/devx/iosMsgLogs2.ql index 391b89cd0de8..841d1f556711 100644 --- a/cpp/ql/src/devx/iosMsgLogs2.ql +++ b/cpp/ql/src/devx/iosMsgLogs2.ql @@ -11,8 +11,6 @@ */ import cpp -import semmle.code.cpp.commons.Printf - from Function f where From b1853189aebbc9c57c474e46760efe73b407ecd8 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 6 Aug 2021 13:06:27 -0400 Subject: [PATCH 43/62] test --- cpp/ql/src/devx/iosMsgLogs.ql | 2 +- cpp/ql/src/devx/iosMsgLogs2.ql | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/src/devx/iosMsgLogs.ql b/cpp/ql/src/devx/iosMsgLogs.ql index 3beb8101420f..31a75a88f233 100644 --- a/cpp/ql/src/devx/iosMsgLogs.ql +++ b/cpp/ql/src/devx/iosMsgLogs.ql @@ -15,4 +15,4 @@ import cpp from Function f where f.getName().regexpMatch("ios_msg_*") -select f.getACallToThisFunction(), "Function name is: "+f.getName().toString() \ No newline at end of file +select f.getACallToThisFunction(), "Function name is: "+f.getName() \ No newline at end of file diff --git a/cpp/ql/src/devx/iosMsgLogs2.ql b/cpp/ql/src/devx/iosMsgLogs2.ql index 841d1f556711..687ae94b721e 100644 --- a/cpp/ql/src/devx/iosMsgLogs2.ql +++ b/cpp/ql/src/devx/iosMsgLogs2.ql @@ -15,4 +15,4 @@ import cpp from Function f where f.getName().regexpMatch("ios_*msg") -select f.getACallToThisFunction(), "Function name is: "+f.getName().toString() \ No newline at end of file +select f.getACallToThisFunction(), "Function name is: "+f.getName() \ No newline at end of file From 285796e4acbf87f69ebc595a5c7f4b4ed62dda8c Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 6 Aug 2021 13:13:28 -0400 Subject: [PATCH 44/62] test --- cpp/ql/src/devx/iosMsgLogs.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/devx/iosMsgLogs.ql b/cpp/ql/src/devx/iosMsgLogs.ql index 31a75a88f233..69e7a6d89f96 100644 --- a/cpp/ql/src/devx/iosMsgLogs.ql +++ b/cpp/ql/src/devx/iosMsgLogs.ql @@ -14,5 +14,5 @@ import cpp from Function f where - f.getName().regexpMatch("ios_msg_*") + f.getName().regexpMatch("ios_errmsg") select f.getACallToThisFunction(), "Function name is: "+f.getName() \ No newline at end of file From 00cf0e33016c6aa3720fe5a32c5cc6ad96217916 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Mon, 9 Aug 2021 10:19:11 -0400 Subject: [PATCH 45/62] add ios_debugmsg --- cpp/ql/src/devx/ios_debugmsg.ql | 18 ++++++++++++++++++ cpp/ql/src/devx/ios_errmsg.ql | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 cpp/ql/src/devx/ios_debugmsg.ql create mode 100644 cpp/ql/src/devx/ios_errmsg.ql diff --git a/cpp/ql/src/devx/ios_debugmsg.ql b/cpp/ql/src/devx/ios_debugmsg.ql new file mode 100644 index 000000000000..808539e48329 --- /dev/null +++ b/cpp/ql/src/devx/ios_debugmsg.ql @@ -0,0 +1,18 @@ +/** + * @name Name: Find ios_debugmsg + * @description Description: Finding all functions with name "ios_debugmsg" + * @kind problem + * @problem.severity recommendation + * @precision high + * @id cpp/ios-msg + * @tags testability + * readability + * maintainability + */ + +import cpp + +from Function f +where + f.getName().regexpMatch("ios_debugmsg") +select f.getACallToThisFunction(), "Function name is: "+f.getName() \ No newline at end of file diff --git a/cpp/ql/src/devx/ios_errmsg.ql b/cpp/ql/src/devx/ios_errmsg.ql new file mode 100644 index 000000000000..eae410cd97df --- /dev/null +++ b/cpp/ql/src/devx/ios_errmsg.ql @@ -0,0 +1,18 @@ +/** + * @name Name: Find ios_errmsg + * @description Description: Finding all functions with name "ios_errmsg" + * @kind problem + * @problem.severity recommendation + * @precision high + * @id cpp/ios-msg + * @tags testability + * readability + * maintainability + */ + +import cpp + +from Function f +where + f.getName().regexpMatch("ios_errmsg") +select f.getACallToThisFunction(), "Function name is: "+f.getName() \ No newline at end of file From f6ea6a3545aed1673aade89501cb9b8dd5eae70e Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Mon, 9 Aug 2021 11:38:31 -0400 Subject: [PATCH 46/62] rename ql --- cpp/ql/src/devx/{iosMsgLogs2.ql => ios_ALLmsg.ql} | 2 +- cpp/ql/src/devx/{iosMsgLogs.ql => ios_msg_ALL.ql} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename cpp/ql/src/devx/{iosMsgLogs2.ql => ios_ALLmsg.ql} (90%) rename cpp/ql/src/devx/{iosMsgLogs.ql => ios_msg_ALL.ql} (89%) diff --git a/cpp/ql/src/devx/iosMsgLogs2.ql b/cpp/ql/src/devx/ios_ALLmsg.ql similarity index 90% rename from cpp/ql/src/devx/iosMsgLogs2.ql rename to cpp/ql/src/devx/ios_ALLmsg.ql index 687ae94b721e..44935795ece3 100644 --- a/cpp/ql/src/devx/iosMsgLogs2.ql +++ b/cpp/ql/src/devx/ios_ALLmsg.ql @@ -14,5 +14,5 @@ import cpp from Function f where - f.getName().regexpMatch("ios_*msg") + f.getName().regexpMatch("ios_.*msg") select f.getACallToThisFunction(), "Function name is: "+f.getName() \ No newline at end of file diff --git a/cpp/ql/src/devx/iosMsgLogs.ql b/cpp/ql/src/devx/ios_msg_ALL.ql similarity index 89% rename from cpp/ql/src/devx/iosMsgLogs.ql rename to cpp/ql/src/devx/ios_msg_ALL.ql index 69e7a6d89f96..ba83a218d5ac 100644 --- a/cpp/ql/src/devx/iosMsgLogs.ql +++ b/cpp/ql/src/devx/ios_msg_ALL.ql @@ -14,5 +14,5 @@ import cpp from Function f where - f.getName().regexpMatch("ios_errmsg") + f.getName().regexpMatch("ios_msg_.*") select f.getACallToThisFunction(), "Function name is: "+f.getName() \ No newline at end of file From 46eeab41bbba49bf61e3d32670cf6d967919b5ce Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Tue, 10 Aug 2021 09:46:22 -0400 Subject: [PATCH 47/62] test --- cpp/ql/src/devx/ios_debugmsg.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/devx/ios_debugmsg.ql b/cpp/ql/src/devx/ios_debugmsg.ql index 808539e48329..7642bd38d725 100644 --- a/cpp/ql/src/devx/ios_debugmsg.ql +++ b/cpp/ql/src/devx/ios_debugmsg.ql @@ -14,5 +14,5 @@ import cpp from Function f where - f.getName().regexpMatch("ios_debugmsg") + f.getName().regexpMatch("ios_debugmsg.*") select f.getACallToThisFunction(), "Function name is: "+f.getName() \ No newline at end of file From 898c3132b3ec76c3e620797b438c878b8c212070 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Wed, 11 Aug 2021 16:31:06 -0400 Subject: [PATCH 48/62] add is_down check --- cpp/ql/src/devx/is_DOWN.ql | 39 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 cpp/ql/src/devx/is_DOWN.ql diff --git a/cpp/ql/src/devx/is_DOWN.ql b/cpp/ql/src/devx/is_DOWN.ql new file mode 100644 index 000000000000..67e28701a3df --- /dev/null +++ b/cpp/ql/src/devx/is_DOWN.ql @@ -0,0 +1,39 @@ +/** + * @name Name: Contextual language check. + * @description Description: Find out the logs that not properly use contextual language. + * @kind problem + * @problem.severity recommendation + * @precision high + * @id cpp/contextual-lang + * @tags testability + * readability + * maintainability + */ + +import cpp +import semmle.code.cpp.commons.Printf +import semmle.code.cpp.models.interfaces.FormattingFunction + +// Example: +// There are "Interface Ethernet1/1 is DOWN"-like logs. +// The expected format is "Interface=Ethernet1/1 State=DOWN" + +// Examples in xr: +// 1. +// https://gh-xr.scm.engit.cisco.com/xr/iosxr/blob/main/infra/autonomic-networking/common/src/an_event_mgr.c#L270 +// DEBUG_AN_LOG(AN_LOG_CD_EVENT, AN_DEBUG_INFO, NULL, +// "\n%sInterface %s is UP", an_cd_event, an_if_info->if_name); <------------------- + +// 2. +// https://gh-xr.scm.engit.cisco.com/xr/iosxr/blob/main/ip/bfd/src/bfd_api_server.c#L11078 +// BFD_DEBUG_TRACE("Filtering scn for session %s" +// " Session state is Unknown, SCN state is DOWN" <------------------- +// " and session is not bundle member", +// bfd_session_key_str(&session->session_key)); + +from string format, FormattingFunctionCall fc +where + format = fc.getFormat().getValue() and // format: "%s: Failed init_producer" + fc.getTarget().hasName("DEBUG_AN_LOG") and + format.regexpMatch(".*Interface [a-zA-Z0-9/%]+ is (DOWN|UP)") +select fc, "Format string is: "+format.toString() From bd541c03a903a4caac3d1071db217a7e740a1ec7 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Wed, 11 Aug 2021 16:50:24 -0400 Subject: [PATCH 49/62] test --- cpp/ql/src/devx/is_DOWN.ql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/src/devx/is_DOWN.ql b/cpp/ql/src/devx/is_DOWN.ql index 67e28701a3df..4ea7e18dc073 100644 --- a/cpp/ql/src/devx/is_DOWN.ql +++ b/cpp/ql/src/devx/is_DOWN.ql @@ -34,6 +34,6 @@ import semmle.code.cpp.models.interfaces.FormattingFunction from string format, FormattingFunctionCall fc where format = fc.getFormat().getValue() and // format: "%s: Failed init_producer" - fc.getTarget().hasName("DEBUG_AN_LOG") and - format.regexpMatch(".*Interface [a-zA-Z0-9/%]+ is (DOWN|UP)") + fc.getTarget().hasName("DEBUG_AN_LOG") + // format.regexpMatch(".*Interface [a-zA-Z0-9/%]+ is (DOWN|UP)") select fc, "Format string is: "+format.toString() From 66255288d1d8052c50208ce09f3f0a702ce479fd Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Wed, 11 Aug 2021 17:05:36 -0400 Subject: [PATCH 50/62] test --- cpp/ql/src/devx/is_DOWN.ql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/src/devx/is_DOWN.ql b/cpp/ql/src/devx/is_DOWN.ql index 4ea7e18dc073..0c35925d063c 100644 --- a/cpp/ql/src/devx/is_DOWN.ql +++ b/cpp/ql/src/devx/is_DOWN.ql @@ -33,7 +33,7 @@ import semmle.code.cpp.models.interfaces.FormattingFunction from string format, FormattingFunctionCall fc where - format = fc.getFormat().getValue() and // format: "%s: Failed init_producer" - fc.getTarget().hasName("DEBUG_AN_LOG") + format = fc.getFormat().getValue() // format: "%s: Failed init_producer" + // fc.getTarget().hasName("DEBUG_AN_LOG") // format.regexpMatch(".*Interface [a-zA-Z0-9/%]+ is (DOWN|UP)") select fc, "Format string is: "+format.toString() From f324c970dd6e8839c9aa3a87d128c4ed351fe0db Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Wed, 11 Aug 2021 17:21:56 -0400 Subject: [PATCH 51/62] test --- cpp/ql/src/devx/is_DOWN.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/devx/is_DOWN.ql b/cpp/ql/src/devx/is_DOWN.ql index 0c35925d063c..8487074ebf0b 100644 --- a/cpp/ql/src/devx/is_DOWN.ql +++ b/cpp/ql/src/devx/is_DOWN.ql @@ -36,4 +36,4 @@ where format = fc.getFormat().getValue() // format: "%s: Failed init_producer" // fc.getTarget().hasName("DEBUG_AN_LOG") // format.regexpMatch(".*Interface [a-zA-Z0-9/%]+ is (DOWN|UP)") -select fc, "Format string is: "+format.toString() +select fc, "Format string is: "+format From 66d23e33495ae8176bfb490bdd70e554c8b9a91e Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Wed, 11 Aug 2021 17:52:42 -0400 Subject: [PATCH 52/62] test --- cpp/ql/src/devx/is_DOWN.ql | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cpp/ql/src/devx/is_DOWN.ql b/cpp/ql/src/devx/is_DOWN.ql index 8487074ebf0b..b65011fdedd9 100644 --- a/cpp/ql/src/devx/is_DOWN.ql +++ b/cpp/ql/src/devx/is_DOWN.ql @@ -33,7 +33,7 @@ import semmle.code.cpp.models.interfaces.FormattingFunction from string format, FormattingFunctionCall fc where - format = fc.getFormat().getValue() // format: "%s: Failed init_producer" - // fc.getTarget().hasName("DEBUG_AN_LOG") + format = fc.getFormat().getValue() and // format: "%s: Failed init_producer" + fc.getTarget().hasName("DEBUG_AN_LOG") // format.regexpMatch(".*Interface [a-zA-Z0-9/%]+ is (DOWN|UP)") -select fc, "Format string is: "+format +select fc, "test " From 927ff024dc1f9165978af6e1abe3cb54b4f281ca Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Thu, 12 Aug 2021 13:23:35 -0400 Subject: [PATCH 53/62] test --- cpp/ql/src/devx/is_DOWN.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/devx/is_DOWN.ql b/cpp/ql/src/devx/is_DOWN.ql index b65011fdedd9..12ab627ceca3 100644 --- a/cpp/ql/src/devx/is_DOWN.ql +++ b/cpp/ql/src/devx/is_DOWN.ql @@ -34,6 +34,6 @@ import semmle.code.cpp.models.interfaces.FormattingFunction from string format, FormattingFunctionCall fc where format = fc.getFormat().getValue() and // format: "%s: Failed init_producer" - fc.getTarget().hasName("DEBUG_AN_LOG") + fc.getTarget().hasName("DEBUG_AN_LOG") // format.regexpMatch(".*Interface [a-zA-Z0-9/%]+ is (DOWN|UP)") select fc, "test " From a08ff7218be818521711b436e6ab4e71e55a081f Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Thu, 12 Aug 2021 13:31:25 -0400 Subject: [PATCH 54/62] test --- cpp/ql/src/devx/is_DOWN.ql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/src/devx/is_DOWN.ql b/cpp/ql/src/devx/is_DOWN.ql index 12ab627ceca3..06fe119fce4f 100644 --- a/cpp/ql/src/devx/is_DOWN.ql +++ b/cpp/ql/src/devx/is_DOWN.ql @@ -33,7 +33,7 @@ import semmle.code.cpp.models.interfaces.FormattingFunction from string format, FormattingFunctionCall fc where - format = fc.getFormat().getValue() and // format: "%s: Failed init_producer" - fc.getTarget().hasName("DEBUG_AN_LOG") + format = fc.getFormat().getValue() // format: "%s: Failed init_producer" + // fc.getTarget().hasName("DEBUG_AN_LOG") // format.regexpMatch(".*Interface [a-zA-Z0-9/%]+ is (DOWN|UP)") select fc, "test " From e1736e8300224846d7f6bb63ef36a6e933f6da11 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Thu, 12 Aug 2021 17:04:49 -0400 Subject: [PATCH 55/62] test --- cpp/ql/src/devx/is_DOWN.ql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/src/devx/is_DOWN.ql b/cpp/ql/src/devx/is_DOWN.ql index 06fe119fce4f..079ee1411e0e 100644 --- a/cpp/ql/src/devx/is_DOWN.ql +++ b/cpp/ql/src/devx/is_DOWN.ql @@ -31,9 +31,9 @@ import semmle.code.cpp.models.interfaces.FormattingFunction // " and session is not bundle member", // bfd_session_key_str(&session->session_key)); -from string format, FormattingFunctionCall fc +from FunctionCall fc, int i where - format = fc.getFormat().getValue() // format: "%s: Failed init_producer" + fc.getArgument(i).toString().regexpMatch(".*Interface [a-zA-Z0-9/%]+ is (DOWN|UP)") // fc.getTarget().hasName("DEBUG_AN_LOG") // format.regexpMatch(".*Interface [a-zA-Z0-9/%]+ is (DOWN|UP)") select fc, "test " From 3c550ae10809917f1d9cfcbe6ac36bb197ee04d2 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Thu, 12 Aug 2021 17:23:53 -0400 Subject: [PATCH 56/62] test --- cpp/ql/src/devx/is_DOWN.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/devx/is_DOWN.ql b/cpp/ql/src/devx/is_DOWN.ql index 079ee1411e0e..d71c4b89cb71 100644 --- a/cpp/ql/src/devx/is_DOWN.ql +++ b/cpp/ql/src/devx/is_DOWN.ql @@ -33,7 +33,7 @@ import semmle.code.cpp.models.interfaces.FormattingFunction from FunctionCall fc, int i where - fc.getArgument(i).toString().regexpMatch(".*Interface [a-zA-Z0-9/%]+ is (DOWN|UP)") + fc.getArgument(i).toString().regexpMatch(".*Interface.*") // fc.getTarget().hasName("DEBUG_AN_LOG") // format.regexpMatch(".*Interface [a-zA-Z0-9/%]+ is (DOWN|UP)") select fc, "test " From be03d650172defa77fd114671d3a36857b1d0a0b Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Thu, 12 Aug 2021 17:43:40 -0400 Subject: [PATCH 57/62] test --- cpp/ql/src/devx/is_DOWN.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/devx/is_DOWN.ql b/cpp/ql/src/devx/is_DOWN.ql index d71c4b89cb71..dcf840016cfe 100644 --- a/cpp/ql/src/devx/is_DOWN.ql +++ b/cpp/ql/src/devx/is_DOWN.ql @@ -33,7 +33,7 @@ import semmle.code.cpp.models.interfaces.FormattingFunction from FunctionCall fc, int i where - fc.getArgument(i).toString().regexpMatch(".*Interface.*") + fc.getArgument(i).getValue().regexpMatch(".*Interface.*") // fc.getTarget().hasName("DEBUG_AN_LOG") // format.regexpMatch(".*Interface [a-zA-Z0-9/%]+ is (DOWN|UP)") select fc, "test " From 63535135038f5b475ec636984cd909883f715a1e Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Thu, 12 Aug 2021 18:06:30 -0400 Subject: [PATCH 58/62] test --- cpp/ql/src/devx/is_DOWN.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/devx/is_DOWN.ql b/cpp/ql/src/devx/is_DOWN.ql index dcf840016cfe..832c7ff93b66 100644 --- a/cpp/ql/src/devx/is_DOWN.ql +++ b/cpp/ql/src/devx/is_DOWN.ql @@ -33,7 +33,7 @@ import semmle.code.cpp.models.interfaces.FormattingFunction from FunctionCall fc, int i where - fc.getArgument(i).getValue().regexpMatch(".*Interface.*") + fc.getArgument(i).getValue().regexpMatch(".*Interface [a-zA-Z0-9/%]+ is (DOWN|UP)") // fc.getTarget().hasName("DEBUG_AN_LOG") // format.regexpMatch(".*Interface [a-zA-Z0-9/%]+ is (DOWN|UP)") select fc, "test " From b691af1216d2fc36110004e8406ca79827d48a68 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Thu, 12 Aug 2021 18:11:46 -0400 Subject: [PATCH 59/62] test --- cpp/ql/src/devx/is_DOWN.ql | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/cpp/ql/src/devx/is_DOWN.ql b/cpp/ql/src/devx/is_DOWN.ql index 832c7ff93b66..20d583735e2c 100644 --- a/cpp/ql/src/devx/is_DOWN.ql +++ b/cpp/ql/src/devx/is_DOWN.ql @@ -11,8 +11,6 @@ */ import cpp -import semmle.code.cpp.commons.Printf -import semmle.code.cpp.models.interfaces.FormattingFunction // Example: // There are "Interface Ethernet1/1 is DOWN"-like logs. @@ -36,4 +34,4 @@ where fc.getArgument(i).getValue().regexpMatch(".*Interface [a-zA-Z0-9/%]+ is (DOWN|UP)") // fc.getTarget().hasName("DEBUG_AN_LOG") // format.regexpMatch(".*Interface [a-zA-Z0-9/%]+ is (DOWN|UP)") -select fc, "test " +select fc, "Function: "+fc.getTarget().getName()+" Log: "+fc.getArgument(i).getValue() From cfd91a866d9486e3cb728723e24d5cf1f3f4696f Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Thu, 12 Aug 2021 18:41:14 -0400 Subject: [PATCH 60/62] test --- cpp/ql/src/devx/is_DOWN.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/devx/is_DOWN.ql b/cpp/ql/src/devx/is_DOWN.ql index 20d583735e2c..0964cc55b20f 100644 --- a/cpp/ql/src/devx/is_DOWN.ql +++ b/cpp/ql/src/devx/is_DOWN.ql @@ -31,7 +31,7 @@ import cpp from FunctionCall fc, int i where - fc.getArgument(i).getValue().regexpMatch(".*Interface [a-zA-Z0-9/%]+ is (DOWN|UP)") + fc.getArgument(i).getValue().regexpMatch("\n%sInterface %s is (DOWN|Down|UP|Up)") // fc.getTarget().hasName("DEBUG_AN_LOG") // format.regexpMatch(".*Interface [a-zA-Z0-9/%]+ is (DOWN|UP)") select fc, "Function: "+fc.getTarget().getName()+" Log: "+fc.getArgument(i).getValue() From 6fd17be832c9be09e3d782d29555c897d706e5da Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Thu, 12 Aug 2021 18:49:39 -0400 Subject: [PATCH 61/62] test --- cpp/ql/src/devx/is_DOWN.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/devx/is_DOWN.ql b/cpp/ql/src/devx/is_DOWN.ql index 0964cc55b20f..9dc2b7114163 100644 --- a/cpp/ql/src/devx/is_DOWN.ql +++ b/cpp/ql/src/devx/is_DOWN.ql @@ -31,7 +31,7 @@ import cpp from FunctionCall fc, int i where - fc.getArgument(i).getValue().regexpMatch("\n%sInterface %s is (DOWN|Down|UP|Up)") + fc.getArgument(i).getValue().regexpMatch("\\n%sInterface %s is (UP|Up|DOWN|Down)") // fc.getTarget().hasName("DEBUG_AN_LOG") // format.regexpMatch(".*Interface [a-zA-Z0-9/%]+ is (DOWN|UP)") select fc, "Function: "+fc.getTarget().getName()+" Log: "+fc.getArgument(i).getValue() From fbb03629b2c4bf7d5852fa8844aa4f7af2f5c320 Mon Sep 17 00:00:00 2001 From: "Irene Zhou -X (xiaoxinz - HIGH TECH GENESIS INC at Cisco)" Date: Fri, 13 Aug 2021 11:23:50 -0400 Subject: [PATCH 62/62] test --- cpp/ql/src/devx/is_DOWN.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/devx/is_DOWN.ql b/cpp/ql/src/devx/is_DOWN.ql index 9dc2b7114163..cdc3e062219d 100644 --- a/cpp/ql/src/devx/is_DOWN.ql +++ b/cpp/ql/src/devx/is_DOWN.ql @@ -31,7 +31,7 @@ import cpp from FunctionCall fc, int i where - fc.getArgument(i).getValue().regexpMatch("\\n%sInterface %s is (UP|Up|DOWN|Down)") + fc.getArgument(i).getValue().regexpMatch(".*Interface.*") // fc.getTarget().hasName("DEBUG_AN_LOG") // format.regexpMatch(".*Interface [a-zA-Z0-9/%]+ is (DOWN|UP)") select fc, "Function: "+fc.getTarget().getName()+" Log: "+fc.getArgument(i).getValue()