xmlgetprop

API 概述

xmlgetprop 是 libxml2 中的一个API。该规属于mem leakage 类型。该规则是使用 Advance 生成的。

规则描述

提示

It's up to the caller to free the memory with xmlFree().

信息

标签：mem leakage

参数下标：N/A

CWE类别：CWE-772

规则代码

import cpp
import semmle.code.cpp.dataflow.TaintTracking
import semmle.code.cpp.dataflow.DataFlow
import semmle.code.cpp.security.Security
import DataFlow::PathGraph
class TestConfiguration extends TaintTracking::Configuration {
  TestConfiguration() { this = "TestConfiguration" }

  override predicate isSource(DataFlow::Node source) {
    exists(FunctionCall fc |
      fc.getTarget().hasName("xmlGetProp")
      and ( (fc.getArgument(-1) = source.asDefiningArgument() and -1 >= 0) or
            (fc = source.asExpr() and -1 = -1)
          )
    )
  }

  override predicate isSink(DataFlow::Node sink) {
    exists(FunctionCall fc |
      fc.getTarget().hasName("xmlFree")
      and fc.getAnArgument() = sink.asExpr()
    )
  }
}
from TestConfiguration cfg, FunctionCall fc
where fc.getTarget().hasName("xmlGetProp")
      and not exists(DataFlow::PathNode source, DataFlow::PathNode sink|cfg.hasFlowPath(source, sink) and (
           (fc.getArgument(-1) = source.getNode().asDefiningArgument() and -1 >= 0) or
           (fc = source.getNode().asExpr() and -1 = -1)
        )
      )
select fc.getLocation()