跳到主要内容

sqlite3_open_v2

API 概述

sqlite3_open_v2libsqlite3 中的一个API。该规属于mem leakage 类型。该规则是使用 Advance 生成的。

规则描述

提示

Whether or not an error occurs when it is opened, resources associated with the database connection handle should be released by passing it to sqlite3_close() when it is no longer required. https://www.sqlite.org/c3ref/open.html

信息

标签:mem leakage

参数下标:N/A

CWE类别:CWE-772

规则代码

import cpp
import semmle.code.cpp.dataflow.TaintTracking
import semmle.code.cpp.dataflow.DataFlow
import semmle.code.cpp.security.Security
import DataFlow::PathGraph
class TestConfiguration extends TaintTracking::Configuration {
  TestConfiguration() { this = "TestConfiguration" }

  override predicate isSource(DataFlow::Node source) {
    exists(FunctionCall fc |
      fc.getTarget().hasName("sqlite3_open_v2")
      and ( (fc.getArgument(1) = source.asDefiningArgument() and 1 >= 0) or
            (fc = source.asExpr() and 1 = -1)
          )
    )
  }

  override predicate isSink(DataFlow::Node sink) {
    exists(FunctionCall fc |
      fc.getTarget().hasName("sqlite3_close")
      and fc.getAnArgument() = sink.asExpr()
    )
  }
}
from TestConfiguration cfg, FunctionCall fc
where fc.getTarget().hasName("sqlite3_open_v2")
      and not exists(DataFlow::PathNode source, DataFlow::PathNode sink|cfg.hasFlowPath(source, sink) and (
           (fc.getArgument(1) = source.getNode().asDefiningArgument() and 1 >= 0) or
           (fc = source.getNode().asExpr() and 1 = -1)
        )
      )
select fc.getLocation()