CPP: Add query for CWE-570 detect and handle memory allocation errors. #5010
Conversation
|
Information about the found and accepted fix in the project: |
geoffw0
left a comment
geoffw0
left a comment
There was a problem hiding this comment.
Hi, this looks like an interesting query for spotting simple errors in the use of new. As always I appreciate that you have included tests and qhelp. I think the query logic could be cleaner in a few places, but the comments make it fairly clear what is going on.
I intend to try this query out on LGTM and see what kinds of results we get. Based on what you're trying to do, I hope the results will be quite good. :)
.../src/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.cpp
Show resolved
Hide resolved
...rc/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.qhelp
Outdated
Show resolved
Hide resolved
...rc/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.qhelp
Outdated
Show resolved
Hide resolved
...rc/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.qhelp
Outdated
Show resolved
Hide resolved
...rc/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.qhelp
Outdated
Show resolved
Hide resolved
...l/src/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.ql
Outdated
Show resolved
Hide resolved
...l/src/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.ql
Show resolved
Hide resolved
...l/src/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.ql
Outdated
Show resolved
Hide resolved
...l/src/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.ql
Show resolved
Hide resolved
...l/src/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.ql
Show resolved
Hide resolved
|
thanks for your comments. |
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
|
I would like to hear your opinion. |
.../src/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.cpp
Outdated
Show resolved
Hide resolved
.../src/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.cpp
Outdated
Show resolved
Hide resolved
.../src/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.cpp
Show resolved
Hide resolved
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
geoffw0
left a comment
geoffw0
left a comment
There was a problem hiding this comment.
LGTM, the CI tests are now running...
|
The checks have raised a couple of issues:
i.e. the query file needs autoformatting.
I think the |
...l/src/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.ql
Show resolved
Hide resolved
2 participants
In this query I am trying to find situations of incorrect handling of memory allocation using the new operator.
This error is quite common in projects and can lead to a violation of the logic of the program or to an unhandled crash.
of course, we can consider any selection without processing to be incorrect, but in this request I am considering exactly the situation of confusion. when the developer confused what kind of processing to apply. this allows us to understand that he tried to handle the case when the memory will not be allocated, but did not handle it correctly.
this is my first test file in C ++, it turned out to be rather weak, in the future I will think about improving it.