Reuse and extend existing modelling

rvermeulen · rvermeulen · commit ef8c9be1bc16 · 2024-02-05T12:10:57.000-08:00
diff --git a/cpp/cert/src/rules/FIO51-CPP/CloseFilesWhenTheyAreNoLongerNeeded.ql b/cpp/cert/src/rules/FIO51-CPP/CloseFilesWhenTheyAreNoLongerNeeded.ql
@@ -38,8 +38,9 @@ predicate filebufAccess(ControlFlowNode node, FileStreamSource fss) {
   //insertion or extraction operator calls
   node.(InsertionOperatorCall).getFStream() = fss.getAUse() or
   node.(ExtractionOperatorCall).getFStream() = fss.getAUse() or
-  //methods inherited from istream or ostream
-  node.(IOStreamFunctionCall).getFStream() = fss.getAUse()
+  // Methods inherited from istream or ostream that access the file stream.
+  // Exclude is_open as it is not a filebuf access
+  any(IOStreamFunctionCall call | node = call and not call.getTarget().hasName("is_open")).getFStream() = fss.getAUse()
 }
 
 /**
diff --git a/cpp/common/src/codingstandards/cpp/Operator.qll b/cpp/common/src/codingstandards/cpp/Operator.qll
@@ -1,6 +1,7 @@
 import cpp
 import Expr
 private import semmle.code.cpp.security.FileWrite
+private import codingstandards.cpp.standardlibrary.FileStreams
 
 /**
  * any assignment operator that also reads from the access
@@ -268,22 +269,6 @@ class UserOverloadedOperator extends Function {
   }
 }
 
-/**
- * A `std::basic_istream` class, or something that can be used
- * as one. Based on the BasicOStreamClass.
- */
-private class BasicIStreamClass extends Type {
-  BasicIStreamClass() {
-    this.(Class).getName().matches("basic\\_istream%")
-    or
-    this.getUnspecifiedType() instanceof BasicIStreamClass
-    or
-    this.(Class).getABaseClass() instanceof BasicIStreamClass
-    or
-    this.(ReferenceType).getBaseType() instanceof BasicIStreamClass
-  }
-}
-
 /** An implementation of a stream insertion operator. */
 class StreamInsertionOperator extends Function {
   StreamInsertionOperator() {
@@ -309,9 +294,9 @@ class StreamExtractionOperator extends Function {
       then this.getNumberOfParameters() = 1
       else (
         this.getNumberOfParameters() = 2 and
-        this.getParameter(0).getType() instanceof BasicIStreamClass
+        this.getParameter(0).getType() instanceof IStream 
       )
     ) and
-    this.getType() instanceof BasicIStreamClass
+    this.getType() instanceof IStream 
   }
 }
diff --git a/cpp/common/src/codingstandards/cpp/standardlibrary/FileStreams.qll b/cpp/common/src/codingstandards/cpp/standardlibrary/FileStreams.qll
@@ -12,6 +12,7 @@
 import cpp
 import codingstandards.cpp.dataflow.DataFlow
 import codingstandards.cpp.dataflow.TaintTracking
+private import codingstandards.cpp.Operator
 
 /**
  * A `basic_fstream` like `std::fstream`
@@ -23,15 +24,31 @@ class FileStream extends ClassTemplateInstantiation {
 /**
  * A `basic_istream` like `std::istream`
  */
-class IStream extends ClassTemplateInstantiation {
-  IStream() { this.getTemplate().hasQualifiedName("std", "basic_istream") }
+class IStream extends Type {
+  IStream() { 
+    this.(Class).getQualifiedName().matches("std::basic\\_istream%")
+    or
+    this.getUnspecifiedType() instanceof IStream
+    or
+    this.(Class).getABaseClass() instanceof IStream
+    or
+    this.(ReferenceType).getBaseType() instanceof IStream
+  }
 }
 
 /**
  * A `basic_ostream` like `std::ostream`
  */
-class OStream extends ClassTemplateInstantiation {
-  OStream() { this.getTemplate().hasQualifiedName("std", "basic_ostream") }
+class OStream extends Type {
+  OStream() { 
+    this.(Class).getQualifiedName().matches("std::basic\\_ostream%")
+    or
+    this.getUnspecifiedType() instanceof OStream
+    or
+    this.(Class).getABaseClass() instanceof OStream
+    or
+    this.(ReferenceType).getBaseType() instanceof OStream
+  }
 }
 
 /**
@@ -53,7 +70,7 @@ predicate sameStreamSource(FileStreamFunctionCall a, FileStreamFunctionCall b) {
  * Insertion `operator<<` and Extraction `operator>>` operators.
  */
 class InsertionOperatorCall extends FileStreamFunctionCall {
-  InsertionOperatorCall() { this.getTarget().(Operator).hasQualifiedName("std", "operator<<") }
+  InsertionOperatorCall() { this.getTarget() instanceof StreamInsertionOperator }
 
   override Expr getFStream() {
     result = this.getQualifier()
@@ -63,7 +80,7 @@ class InsertionOperatorCall extends FileStreamFunctionCall {
 }
 
 class ExtractionOperatorCall extends FileStreamFunctionCall {
-  ExtractionOperatorCall() { this.getTarget().(Operator).hasQualifiedName("std", "operator>>") }
+  ExtractionOperatorCall() { this.getTarget() instanceof StreamExtractionOperator }
 
   override Expr getFStream() {
     result = this.getQualifier()
