devinfo/doxyoutput/checkstring_8h_source.html

 /*

  * Cppcheck - A tool for static C/C++ code analysis

  * Copyright (C) 2007-2024 Cppcheck team.

  *

  * This program is free software: you can redistribute it and/or modify

  * it under the terms of the GNU General Public License as published by

  * the Free Software Foundation, either version 3 of the License, or

  * (at your option) any later version.

  *

  * This program is distributed in the hope that it will be useful,

  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  * GNU General Public License for more details.

  *

  * You should have received a copy of the GNU General Public License

  * along with this program.  If not, see <http://www.gnu.org/licenses/>.

  */


 //---------------------------------------------------------------------------

 #ifndef checkstringH

 #define checkstringH

 //---------------------------------------------------------------------------


 #include "check.h"

 #include "config.h"

 #include "tokenize.h"


 #include <string>


 class ErrorLogger;

 class Settings;

 class Token;


 /// @addtogroup Checks

 /// @{


 /** @brief Detect misusage of C-style strings and related standard functions */


 class CPPCHECKLIB CheckString : public Check {

 public:

     /** @brief This constructor is used when registering the CheckClass */

     CheckString() : Check(myName()) {}


 private:

     /** @brief This constructor is used when running checks. */

     CheckString(const Tokenizer *tokenizer, const Settings *settings, ErrorLogger *errorLogger)

         : Check(myName(), tokenizer, settings, errorLogger) {}


     /** @brief Run checks against the normal token list */

     void runChecks(const Tokenizer &tokenizer, ErrorLogger *errorLogger) override {

         CheckString checkString(&tokenizer, &tokenizer.getSettings(), errorLogger);


         // Checks

         checkString.strPlusChar();

         checkString.checkSuspiciousStringCompare();

         checkString.stringLiteralWrite();

         checkString.overlappingStrcmp();

         checkString.checkIncorrectStringCompare();

         checkString.sprintfOverlappingData();

         checkString.checkAlwaysTrueOrFalseStringCompare();

     }


     /** @brief undefined behaviour, writing string literal */

     void stringLiteralWrite();


     /** @brief str plus char (unusual pointer arithmetic) */

     void strPlusChar();


     /** @brief %Check for using bad usage of strncmp and substr */

     void checkIncorrectStringCompare();


     /** @brief %Check for comparison of a string literal with a char* variable */

     void checkSuspiciousStringCompare();


     /** @brief %Check for suspicious code that compares string literals for equality */

     void checkAlwaysTrueOrFalseStringCompare();


     /** @brief %Check for overlapping strcmp() */

     void overlappingStrcmp();


     /** @brief %Check for overlapping source and destination passed to sprintf() */

     void sprintfOverlappingData();


     void stringLiteralWriteError(const Token *tok, const Token *strValue);

     void sprintfOverlappingDataError(const Token *funcTok, const Token *tok, const std::string &varname);

     void strPlusCharError(const Token *tok);

     void incorrectStringCompareError(const Token *tok, const std::string& func, const std::string &string);

     void incorrectStringBooleanError(const Token *tok, const std::string& string);

     void alwaysTrueFalseStringCompareError(const Token *tok, const std::string& str1, const std::string& str2);

     void alwaysTrueStringVariableCompareError(const Token *tok, const std::string& str1, const std::string& str2);

     void suspiciousStringCompareError(const Token* tok, const std::string& var, bool isLong);

     void suspiciousStringCompareError_char(const Token* tok, const std::string& var);

     void overlappingStrcmpError(const Token* eq0, const Token *ne0);


     void getErrorMessages(ErrorLogger *errorLogger, const Settings *settings) const override {

         CheckString c(nullptr, settings, errorLogger);

         c.stringLiteralWriteError(nullptr, nullptr);

         c.sprintfOverlappingDataError(nullptr, nullptr, "varname");

         c.strPlusCharError(nullptr);

         c.incorrectStringCompareError(nullptr, "substr", "\"Hello World\"");

         c.suspiciousStringCompareError(nullptr, "foo", false);

         c.suspiciousStringCompareError_char(nullptr, "foo");

         c.incorrectStringBooleanError(nullptr, "\"Hello World\"");

         c.incorrectStringBooleanError(nullptr, "\'x\'");

         c.alwaysTrueFalseStringCompareError(nullptr, "str1", "str2");

         c.alwaysTrueStringVariableCompareError(nullptr, "varname1", "varname2");

         c.overlappingStrcmpError(nullptr, nullptr);

     }


     static std::string myName() {

         return "String";

     }


     std::string classInfo() const override {

         return "Detect misusage of C-style strings:\n"

                "- overlapping buffers passed to sprintf as source and destination\n"

                "- incorrect length arguments for 'substr' and 'strncmp'\n"

                "- suspicious condition (runtime comparison of string literals)\n"

                "- suspicious condition (string/char literals as boolean)\n"

                "- suspicious comparison of a string literal with a char\\* variable\n"

                "- suspicious comparison of '\\0' with a char\\* variable\n"

                "- overlapping strcmp() expression\n";

     }

 };

 /// @}

 //---------------------------------------------------------------------------

 #endif // checkstringH

check.h

CheckString
Detect misusage of C-style strings and related standard functions.
Definition: checkstring.h:41

CheckString::checkSuspiciousStringCompare
void checkSuspiciousStringCompare()
Check for comparison of a string literal with a char* variable
Definition: checkstring.cpp:166

CheckString::checkIncorrectStringCompare
void checkIncorrectStringCompare()
Check for using bad usage of strncmp and substr
Definition: checkstring.cpp:277

CheckString::suspiciousStringCompareError
void suspiciousStringCompareError(const Token *tok, const std::string &var, bool isLong)
Definition: checkstring.cpp:205

CheckString::incorrectStringBooleanError
void incorrectStringBooleanError(const Token *tok, const std::string &string)
Definition: checkstring.cpp:330

CheckString::overlappingStrcmp
void overlappingStrcmp()
Check for overlapping strcmp()
Definition: checkstring.cpp:345

CheckString::incorrectStringCompareError
void incorrectStringCompareError(const Token *tok, const std::string &func, const std::string &string)
Definition: checkstring.cpp:325

CheckString::myName
static std::string myName()
Definition: checkstring.h:112

CheckString::strPlusCharError
void strPlusCharError(const Token *tok)
Definition: checkstring.cpp:244

CheckString::suspiciousStringCompareError_char
void suspiciousStringCompareError_char(const Token *tok, const std::string &var)
Definition: checkstring.cpp:212

CheckString::CheckString
CheckString()
This constructor is used when registering the CheckClass.
Definition: checkstring.h:44

CheckString::classInfo
std::string classInfo() const override
get information about this class, used to generate documentation
Definition: checkstring.h:116

CheckString::sprintfOverlappingData
void sprintfOverlappingData()
Check for overlapping source and destination passed to sprintf()
Definition: checkstring.cpp:424

CheckString::stringLiteralWriteError
void stringLiteralWriteError(const Token *tok, const Token *strValue)
Definition: checkstring.cpp:74

CheckString::alwaysTrueStringVariableCompareError
void alwaysTrueStringVariableCompareError(const Token *tok, const std::string &str1, const std::string &str2)
Definition: checkstring.cpp:153

CheckString::CheckString
CheckString(const Tokenizer *tokenizer, const Settings *settings, ErrorLogger *errorLogger)
This constructor is used when running checks.
Definition: checkstring.h:48

CheckString::overlappingStrcmpError
void overlappingStrcmpError(const Token *eq0, const Token *ne0)
Definition: checkstring.cpp:407

CheckString::stringLiteralWrite
void stringLiteralWrite()
undefined behaviour, writing string literal
Definition: checkstring.cpp:55

CheckString::getErrorMessages
void getErrorMessages(ErrorLogger *errorLogger, const Settings *settings) const override
get error messages
Definition: checkstring.h:97

CheckString::strPlusChar
void strPlusChar()
str plus char (unusual pointer arithmetic)
Definition: checkstring.cpp:228

CheckString::alwaysTrueFalseStringCompareError
void alwaysTrueFalseStringCompareError(const Token *tok, const std::string &str1, const std::string &str2)
Definition: checkstring.cpp:141

CheckString::sprintfOverlappingDataError
void sprintfOverlappingDataError(const Token *funcTok, const Token *tok, const std::string &varname)
Definition: checkstring.cpp:461

CheckString::runChecks
void runChecks(const Tokenizer &tokenizer, ErrorLogger *errorLogger) override
Run checks against the normal token list.
Definition: checkstring.h:52

CheckString::checkAlwaysTrueOrFalseStringCompare
void checkAlwaysTrueOrFalseStringCompare()
Check for suspicious code that compares string literals for equality
Definition: checkstring.cpp:97

Check
Interface class that cppcheck uses to communicate with the checks.
Definition: check.h:59

ErrorLogger
This is an interface, which the class responsible of error logging should implement.
Definition: errorlogger.h:214

Settings
This is just a container for general settings so that we don't need to pass individual values to func...
Definition: settings.h:95

Token
The token list that the TokenList generates is a linked-list of this class.
Definition: token.h:150

Tokenizer
The main purpose is to tokenize the source code.
Definition: tokenize.h:46

Tokenizer::getSettings
const Settings & getSettings() const
Definition: tokenize.h:615

config.h

CPPCHECKLIB
#define CPPCHECKLIB
Definition: config.h:35

tokenize.h