sqc 0.4.13

Software Code Quality - CERT C compliance checker
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252

//! INT13-C: Use bitwise operators only on unsigned operands
//!
//! Bitwise operations on signed integers can produce implementation-defined
//! or undefined behavior. Using bitwise operators on unsigned types ensures
//! predictable results across platforms.
//!
//! ## Violations:
//! - int x = ...; x << 2;    // Bitwise shift on signed int
//! - signed int y; y & mask; // Bitwise AND on signed operand
//!
//! ## Compliant:
//! - unsigned int x = ...; x << 2; // Bitwise shift on unsigned

use std::collections::HashMap;
use tree_sitter::Node;

use super::super::{CertRule, RuleViolation};
use crate::manifest::{RuleCategory, Severity};
use crate::utility::cert_c::ast_utils::get_node_text;

pub struct Int13C;

impl CertRule for Int13C {
    fn rule_id(&self) -> &'static str {
        "INT13-C"
    }

    fn description(&self) -> &'static str {
        "Use bitwise operators only on unsigned operands"
    }

    fn severity(&self) -> Severity {
        Severity::Medium
    }

    fn category(&self) -> RuleCategory {
        RuleCategory::Rule
    }

    fn cert_id(&self) -> &'static str {
        "INT13-C"
    }

    fn check(&self, node: &Node, source: &str) -> Vec<RuleViolation> {
        let mut violations = Vec::new();

        // Collect variable declarations with their types
        let mut variables: HashMap<String, String> = HashMap::new();
        self.collect_declarations(node, source, &mut variables);

        // Check bitwise operations
        self.check_bitwise_operations(node, source, &variables, &mut violations);

        violations
    }
}

impl Int13C {
    /// Collect variable declarations and their types
    fn collect_declarations(
        &self,
        node: &Node,
        source: &str,
        variables: &mut HashMap<String, String>,
    ) {
        if node.kind() == "declaration" {
            let decl_text = get_node_text(node, source);

            // Extract type and variable name
            if let Some((var_type, var_name)) = self.parse_declaration(&decl_text) {
                variables.insert(var_name, var_type);
            }
        }

        // Recursively process children
        let mut cursor = node.walk();
        for child in node.children(&mut cursor) {
            self.collect_declarations(&child, source, variables);
        }
    }

    /// Parse declaration to extract type and variable name
    fn parse_declaration(&self, decl_text: &str) -> Option<(String, String)> {
        let parts: Vec<&str> = decl_text.split_whitespace().collect();

        if parts.len() >= 2 {
            // Handle types like "int x", "unsigned int x", "signed int x"
            if parts.len() >= 3 && (parts[0] == "unsigned" || parts[0] == "signed") {
                // "unsigned int x" or "signed int x"
                let var_type = format!("{} {}", parts[0], parts[1]);
                let var_name = parts[2]
                    .trim_end_matches(';')
                    .trim_end_matches(',')
                    .split('=')
                    .next()?
                    .trim()
                    .to_string();
                return Some((var_type, var_name));
            } else {
                // Simple type like "int x" or "long x"
                let var_type = parts[0].to_string();
                let var_name = parts[1]
                    .trim_end_matches(';')
                    .trim_end_matches(',')
                    .split('=')
                    .next()?
                    .trim()
                    .to_string();
                return Some((var_type, var_name));
            }
        }

        None
    }

    /// Check bitwise operations for signed operands
    fn check_bitwise_operations(
        &self,
        node: &Node,
        source: &str,
        variables: &HashMap<String, String>,
        violations: &mut Vec<RuleViolation>,
    ) {
        // Check for bitwise binary expressions (<<, >>, &, |, ^)
        if node.kind() == "binary_expression" {
            if let Some(op) = node.child_by_field_name("operator") {
                let op_text = get_node_text(&op, source);

                // Check for bitwise operators
                if matches!(op_text.trim(), "<<" | ">>" | "&" | "|" | "^") {
                    // Get the operands
                    if let (Some(left), Some(right)) = (
                        node.child_by_field_name("left"),
                        node.child_by_field_name("right"),
                    ) {
                        // Check both operands for signed types
                        if let Some(violation) =
                            self.check_operand_type(&left, source, variables, op_text.trim())
                        {
                            violations.push(violation);
                            return; // Only report once per expression
                        }
                        if let Some(violation) =
                            self.check_operand_type(&right, source, variables, op_text.trim())
                        {
                            violations.push(violation);
                            return; // Only report once per expression
                        }
                    }
                }
            }
        }

        // Check for unary bitwise operations (~)
        if node.kind() == "unary_expression" {
            if let Some(op) = node.child_by_field_name("operator") {
                let op_text = get_node_text(&op, source);

                if op_text.trim() == "~" {
                    if let Some(operand) = node.child_by_field_name("argument") {
                        if let Some(violation) =
                            self.check_operand_type(&operand, source, variables, "~")
                        {
                            violations.push(violation);
                            return;
                        }
                    }
                }
            }
        }

        // Recursively check children
        let mut cursor = node.walk();
        for child in node.children(&mut cursor) {
            self.check_bitwise_operations(&child, source, variables, violations);
        }
    }

    /// Check if an operand has a signed type
    fn check_operand_type(
        &self,
        operand: &Node,
        source: &str,
        variables: &HashMap<String, String>,
        operator: &str,
    ) -> Option<RuleViolation> {
        // Extract variable name from operand
        let var_name = self.extract_variable_name(operand, source)?;

        // Look up the variable type
        if let Some(var_type) = variables.get(&var_name) {
            // Check if it's a signed type
            if self.is_signed_type(var_type) {
                return Some(RuleViolation {
                    rule_id: "INT13-C".to_string(),
                    message: format!(
                        "Bitwise operator '{}' used on signed operand '{}' of type '{}'. Use unsigned types for bitwise operations",
                        operator, var_name, var_type
                    ),
                    severity: Severity::Medium,
                    line: operand.start_position().row + 1,
                    column: operand.start_position().column + 1,
                    file_path: String::new(),
                    suggestion: Some(format!(
                        "Change '{}' to an unsigned type (e.g., 'unsigned int' instead of 'int')",
                        var_name
                    )),
                    requires_manual_review: None,
                });
            }
        }

        None
    }

    /// Extract variable name from an expression node
    fn extract_variable_name(&self, node: &Node, source: &str) -> Option<String> {
        if node.kind() == "identifier" {
            let text = get_node_text(node, source);
            return Some(text.trim().to_string());
        }

        // For more complex expressions, look for identifiers
        let mut cursor = node.walk();
        for child in node.children(&mut cursor) {
            if let Some(name) = self.extract_variable_name(&child, source) {
                return Some(name);
            }
        }

        None
    }

    /// Check if a type is a signed integer type
    fn is_signed_type(&self, type_name: &str) -> bool {
        // Signed types are: int, short, long, long long, char (without unsigned keyword)
        // Also explicitly signed: signed int, signed short, signed long, signed char
        matches!(
            type_name,
            "int"
                | "short"
                | "long"
                | "long long"
                | "char"
                | "signed int"
                | "signed short"
                | "signed long"
                | "signed long long"
                | "signed char"
        )
    }
}