Skip to content

DescriptorNeverClosed.ql identifies only sockets (not file handles) #2623

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
marcrepo opened this issue Jan 13, 2020 · 2 comments
Closed

DescriptorNeverClosed.ql identifies only sockets (not file handles) #2623

marcrepo opened this issue Jan 13, 2020 · 2 comments
Labels
C++ question Further information is requested

Comments

@marcrepo
Copy link
Contributor

Description of the issue
The wiki description for the DescriptorNeverClosed Library
(URL: https://help.semmle.com/wiki/display/CCPPOBJ/Open+descriptor+never+closed)
states that this library identifies both socket handles and file handles that have not been
closed. However, it appears the query only searches for socket handles that have not been closed.

In the DescriptorNeverClosed.ql file (URL: https://github.com/Semmle/ql/blob/master/cpp/ql/src/Critical/DescriptorNeverClosed.ql)
the handles being search for by the query are initially acquired with the allocateDescriptorCall predicate that appears in the where clause (line 29 of the DescriptorNeverClosed.ql file).

However, the implementation of this predicate, which is found in https://github.com/Semmle/ql/blob/3a95cd5e9c15f02208c73d3972f6283a27ca8657/cpp/ql/src/semmle/code/cpp/pointsto/PointsTo.qll

has the following implementation - which only searches for socket handles (starting line 699):

predicate allocateDescriptorCall(FunctionCall fc) {
exists(string name |
name = "socket" and
fc.getTarget().hasGlobalName(name)
)
}
@marcrepo marcrepo added the question Further information is requested label Jan 13, 2020
@geoffw0 geoffw0 added the C++ label Jan 13, 2020
@jbj
Copy link
Contributor

jbj commented Jan 13, 2020

Thanks for pointing out this issue. The affected query is not in active use, but I'd be happy to merge a PR that updates the @description and *.qhelp to make them less misleading.

marcrepo added a commit to marcrepo/ql that referenced this issue Jan 17, 2020
@marcrepo
Removed word "file" from description (see Issue 2623)
140051c 
This pull request is in reference to Issue github#2623 - "DescriptorNeverClosed.ql identifies only sockets (not file handles)"
marcrepo added a commit to marcrepo/ql that referenced this issue Jan 17, 2020
@marcrepo
Documentation update for Issue github#2623
0d409b2 
Changes based on Issue github#2623 - DescriptorNeverClosed.ql identifies only sockets (not file handles)
This was referenced Jan 17, 2020
Merged
Merged
marcrepo added a commit to marcrepo/ql that referenced this issue Jan 17, 2020
@marcrepo
Merge pull request #2 from marcrepo/patch-2
dbe51e0 
Documentation update for Issue github#2623
@marcrepo marcrepo mentioned this issue Jan 17, 2020
Merged
@marcrepo
Copy link
Contributor Author

Thanks. I just sent a pull request that modified the descriptions in the two files.

jbj added a commit that referenced this issue Jan 29, 2020
@jbj
Merge pull request #2641 from marcrepo/master
d7e8ea7 
Documentation update for Issue #2623
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C++ question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jbj @geoffw0 @marcrepo