diff options
| author | microsvuln <55649192+Microsvuln@users.noreply.github.com> | 2021-04-02 20:09:16 +0400 |
|---|---|---|
| committer | microsvuln <55649192+Microsvuln@users.noreply.github.com> | 2021-04-02 20:09:16 +0400 |
| commit | 565f61a6abc30dfb4df0269384466589690fbae5 (patch) | |
| tree | 589d59f795cd8f2ed8af7432eb1918c99555b6b3 /utils | |
| parent | 3ff4ca348c344bded53f53b0d0c4b020a188f26e (diff) | |
| download | afl++-565f61a6abc30dfb4df0269384466589690fbae5.tar.gz | |
Initialalize the autodict-ql
Initialalize the autodict-ql
add codeql scripts
Diffstat (limited to 'utils')
| -rw-r--r-- | utils/autodict_ql/litool.ql | 10 | ||||
| -rw-r--r-- | utils/autodict_ql/memcmp-str.ql | 8 | ||||
| -rw-r--r-- | utils/autodict_ql/strcmp-str.ql | 8 | ||||
| -rw-r--r-- | utils/autodict_ql/strncmp-str.ql | 8 | ||||
| -rw-r--r-- | utils/autodict_ql/strtool.ql | 24 |
5 files changed, 58 insertions, 0 deletions
diff --git a/utils/autodict_ql/litool.ql b/utils/autodict_ql/litool.ql new file mode 100644 index 00000000..b7f4bf33 --- /dev/null +++ b/utils/autodict_ql/litool.ql @@ -0,0 +1,10 @@ +import cpp + +class HexOrOctLiteral extends Literal{ + HexOrOctLiteral(){ + (this instanceof HexLiteral) or (this instanceof OctalLiteral) + } +} + +from HexOrOctLiteral lit +select lit.getValueText()
\ No newline at end of file diff --git a/utils/autodict_ql/memcmp-str.ql b/utils/autodict_ql/memcmp-str.ql new file mode 100644 index 00000000..830c9cac --- /dev/null +++ b/utils/autodict_ql/memcmp-str.ql @@ -0,0 +1,8 @@ +import cpp + +/// function : memcmp trace + +from FunctionCall fucall, Expr size +where + fucall.getTarget().hasName("memcmp") +select fucall.getArgument(_).getValueText()
\ No newline at end of file diff --git a/utils/autodict_ql/strcmp-str.ql b/utils/autodict_ql/strcmp-str.ql new file mode 100644 index 00000000..83ffadaf --- /dev/null +++ b/utils/autodict_ql/strcmp-str.ql @@ -0,0 +1,8 @@ +import cpp + +/// function : strcmp + +from FunctionCall fucall, Expr size +where + fucall.getTarget().hasName("strcmp") +select fucall.getArgument(_).getValueText()
\ No newline at end of file diff --git a/utils/autodict_ql/strncmp-str.ql b/utils/autodict_ql/strncmp-str.ql new file mode 100644 index 00000000..dbb952e5 --- /dev/null +++ b/utils/autodict_ql/strncmp-str.ql @@ -0,0 +1,8 @@ +import cpp + +/// function : strncmp + +from FunctionCall fucall, Expr size +where + fucall.getTarget().hasName("strncmp") +select fucall.getArgument(_).getValueText()
\ No newline at end of file diff --git a/utils/autodict_ql/strtool.ql b/utils/autodict_ql/strtool.ql new file mode 100644 index 00000000..f78aabbb --- /dev/null +++ b/utils/autodict_ql/strtool.ql @@ -0,0 +1,24 @@ +import cpp +import semmle.code.cpp.dataflow.DataFlow +class StringLiteralNode extends DataFlow::Node { + StringLiteralNode() { this.asExpr() instanceof StringLiteral } +} +class MemcmpArgNode extends DataFlow::Node { + MemcmpArgNode() { + exists(FunctionCall fc | + fc.getTarget().getName().regexpMatch(".*(str|mem|strn|b)*(cmp|str)*") and + fc.getArgument(0) = this.asExpr() + ) + or + exists(FunctionCall fc | + fc.getTarget().getName().regexpMatch(".*(str|mem|strn|b)*(cmp|str)*") and + fc.getArgument(1) = this.asExpr() + ) + } +} + +from StringLiteralNode src, MemcmpArgNode arg +where + DataFlow::localFlow(src, arg) + +select src.asExpr().(StringLiteral).toString()
\ No newline at end of file |