C++: Fixes from Geoffrey's review round 4

2019-09-09 11:21:55 +02:00 · 2019-09-09 11:21:55 +02:00 · 1784122929
--- a/cpp/ql/src/semmle/code/cpp/security/BufferAccess.qll
+++ b/cpp/ql/src/semmle/code/cpp/security/BufferAccess.qll
@ -16,13 +16,16 @@ int getPointedSize(Type t)
 */
 abstract class BufferAccess extends Expr {
  abstract string getName();
+  /**
+   * Gets the expression that denotes the buffer, along with a textual label
+   * for it and an access type.
+   *
+   * accessType:
+   * - 1 = buffer range [0, getSize) is accessed entirely.
+   * - 2 = buffer range [0, getSize) may be accessed partially or entirely.
+   * - 3 = buffer is accessed at offset getSize - 1.
+   */
  abstract Expr getBuffer(string bufferDesc, int accessType);
-    /*
-     * accessType:
-     *  1 = buffer range [0, getSize) is accessed entirely 
-     *  2 = buffer range [0, getSize) may be accessed partially or entirely
-     *  3 = buffer is accessed at offset getSize - 1
-     */
  abstract int getSize();
 }

--- a/cpp/ql/src/semmle/code/cpp/security/BufferWrite.qll
+++ b/cpp/ql/src/semmle/code/cpp/security/BufferWrite.qll
@ -10,7 +10,9 @@ import semmle.code.cpp.commons.Buffer
 import semmle.code.cpp.commons.Scanf
 import semmle.code.cpp.models.implementations.Strcat

-// --- BufferWrite framework ---
+/*
+ * --- BufferWrite framework ---
+ */

 /**
 * An operation that writes a variable amount of data to a buffer
@ -27,7 +29,9 @@ import semmle.code.cpp.models.implementations.Strcat
 */
 abstract class BufferWrite extends Expr
 {
-  // --- derived classes override these ---
+  /*
+   * --- derived classes override these ---
+   */

  /**
   * Gets the (unspecified) type of the buffer this operation works
@ -100,7 +104,9 @@ abstract class BufferWriteCall extends BufferWrite, FunctionCall
 {
 }

-// --- BufferWrite classes ---
+/*
+ * --- BufferWrite classes ---
+ */

 /**
 * A call to a variant of `strcpy`. 
@ -267,7 +273,7 @@ class SprintfBW extends BufferWriteCall
  {
    exists(TopLevelFunction fn, string name | fn = getTarget() and name = fn.getName() |
      /*
-       * C sprintf variants
+       * C sprintf variants:
       */

      // sprintf(dst, format, args...)
@ -283,7 +289,7 @@ class SprintfBW extends BufferWriteCall
      name = "vwsprintf"
      or
      /*
-       * Microsoft sprintf variants
+       * Microsoft sprintf variants:
       */

      //  _sprintf_l(dst, format, locale, args...)
@ -346,7 +352,7 @@ class SnprintfBW extends BufferWriteCall
  {
    exists(TopLevelFunction fn, string name | fn = getTarget() and name = fn.getName() |
      /*
-       * C snprintf variants
+       * C snprintf variants:
       */

      // snprintf(dst, max_amount, format, args...)
@ -362,7 +368,7 @@ class SnprintfBW extends BufferWriteCall
      name = "vswprintf"
      or
      /*
-       * Microsoft snprintf variants
+       * Microsoft snprintf variants:
       */

      // sprintf_s(dst, max_amount, format, locale, args...)