sqc 0.4.13

Software Code Quality - CERT C compliance checker
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286

use crate::manifest::{RuleCategory, Severity};
use crate::prelude::RuleViolation;
use crate::rules::cert_c::CertRule;
use crate::utility::cert_c::ast_utils::get_node_text;
use tree_sitter::Node;

pub struct STR04C;

impl CertRule for STR04C {
    fn rule_id(&self) -> &'static str {
        "STR04-C"
    }

    fn cert_id(&self) -> &'static str {
        "STR04"
    }

    fn description(&self) -> &'static str {
        "Use plain char for characters in the basic character set"
    }

    fn severity(&self) -> Severity {
        Severity::Low
    }

    fn category(&self) -> RuleCategory {
        RuleCategory::Rule
    }

    fn check(&self, node: &Node, source: &str) -> Vec<RuleViolation> {
        let mut violations = Vec::new();
        self.check_node(node, source, &mut violations);
        violations
    }
}

impl STR04C {
    fn check_node(&self, node: &Node, source: &str, violations: &mut Vec<RuleViolation>) {
        // Check declarations for signed/unsigned char arrays with string literals
        if node.kind() == "declaration" {
            if let Some(violation) = self.check_string_declaration(node, source) {
                violations.push(violation);
            }
        }

        // Check function calls with signed/unsigned char arguments (e.g., strlen)
        if node.kind() == "call_expression" {
            violations.extend(self.check_string_function_call(node, source));
        }

        // Recursively check children
        let mut cursor = node.walk();
        for child in node.children(&mut cursor) {
            self.check_node(&child, source, violations);
        }
    }

    fn check_string_function_call(&self, node: &Node, source: &str) -> Vec<RuleViolation> {
        let mut violations = Vec::new();

        // Get function name
        let mut cursor = node.walk();
        let mut function_name = String::new();
        for child in node.children(&mut cursor) {
            if child.kind() == "identifier" {
                function_name = get_node_text(&child, source).to_string();
                break;
            }
        }

        // Check if it's a string function
        if !self.is_string_function(&function_name) {
            return violations;
        }

        // Check arguments
        for child in node.children(&mut cursor) {
            if child.kind() == "argument_list" {
                let mut arg_cursor = child.walk();
                for arg in child.children(&mut arg_cursor) {
                    if arg.kind() == "identifier" {
                        // Look up the variable's declaration type
                        if let Some(var_type) = self.find_variable_type(&arg, source) {
                            if var_type.contains("signed char")
                                || var_type.contains("unsigned char")
                            {
                                let start = arg.start_position();
                                violations.push(RuleViolation {
                                    rule_id: self.rule_id().to_string(),
                                    file_path: String::new(),
                                    message: format!(
                                        "Passing '{}' to string function '{}'. Use plain 'char' for basic character set strings.",
                                        var_type, function_name
                                    ),
                                    line: start.row + 1,
                                    column: start.column + 1,
                                    severity: self.severity(),
                                    suggestion: Some("Change variable type to plain 'char' instead of signed/unsigned char".to_string()),
                                    requires_manual_review: Some(false),
                                });
                            }
                        }
                    }
                }
            }
        }

        violations
    }

    fn is_string_function(&self, name: &str) -> bool {
        matches!(
            name,
            "strlen"
                | "strcpy"
                | "strncpy"
                | "strcat"
                | "strncat"
                | "strcmp"
                | "strncmp"
                | "strchr"
                | "strrchr"
                | "strstr"
                | "strtok"
                | "strspn"
                | "strcspn"
                | "strpbrk"
                | "memcpy"
                | "memmove"
                | "memcmp"
                | "memset"
                | "memchr"
        )
    }

    fn find_variable_type(&self, identifier_node: &Node, source: &str) -> Option<String> {
        let var_name = get_node_text(identifier_node, source);

        // Walk up to translation_unit
        let mut current = identifier_node.parent();
        while let Some(parent) = current {
            if parent.kind() == "translation_unit" {
                // Search for declaration of this variable
                let mut cursor = parent.walk();
                for child in parent.children(&mut cursor) {
                    if child.kind() == "declaration" {
                        if let Some(var_type) =
                            self.extract_var_type_if_matches(&child, var_name, source)
                        {
                            return Some(var_type);
                        }
                    }
                }
                break;
            }
            current = parent.parent();
        }

        None
    }

    fn extract_var_type_if_matches(
        &self,
        decl_node: &Node,
        target_name: &str,
        source: &str,
    ) -> Option<String> {
        let mut cursor = decl_node.walk();
        let mut type_text = String::new();
        let mut found_name = false;

        for child in decl_node.children(&mut cursor) {
            match child.kind() {
                "type_qualifier" | "primitive_type" | "sized_type_specifier" => {
                    let text = get_node_text(&child, source);
                    type_text.push_str(text);
                    type_text.push(' ');
                }
                "init_declarator" | "array_declarator"
                    // Check if this declarator contains our target variable
                    if self.contains_identifier(&child, target_name, source) => {
                        found_name = true;
                    }
                _ => {}
            }
        }

        if found_name && !type_text.is_empty() {
            return Some(type_text.trim().to_string());
        }

        None
    }

    fn contains_identifier(&self, node: &Node, target: &str, source: &str) -> bool {
        if node.kind() == "identifier" && get_node_text(node, source) == target {
            return true;
        }

        let mut cursor = node.walk();
        for child in node.children(&mut cursor) {
            if self.contains_identifier(&child, target, source) {
                return true;
            }
        }

        false
    }

    fn check_string_declaration(&self, node: &Node, source: &str) -> Option<RuleViolation> {
        let mut cursor = node.walk();
        let mut type_text = String::new();
        let mut has_string_evidence = false;

        for child in node.children(&mut cursor) {
            match child.kind() {
                "type_qualifier" => {
                    // Capture type qualifiers like "signed" or "unsigned"
                    let text = get_node_text(&child, source);
                    type_text.push_str(text);
                    type_text.push(' ');
                }
                "sized_type_specifier" => {
                    // sized_type_specifier contains "signed char" or "unsigned char"
                    type_text = get_node_text(&child, source).to_string();
                }
                "primitive_type" => {
                    let text = get_node_text(&child, source);
                    if text == "char" {
                        if type_text.is_empty() {
                            // Plain char is OK
                            return None;
                        }
                        // Append "char" to type (e.g., "signed char")
                        type_text.push_str(text);
                    }
                }
                "init_declarator" => {
                    // Has initialization - only flag if initialized with string literal
                    let mut init_cursor = child.walk();
                    for init_child in child.children(&mut init_cursor) {
                        if init_child.kind() == "string_literal"
                            || init_child.kind() == "concatenated_string"
                        {
                            has_string_evidence = true;
                        } else if init_child.kind() == "initializer_list" {
                            let mut list_cursor = init_child.walk();
                            for list_item in init_child.children(&mut list_cursor) {
                                if list_item.kind() == "string_literal" {
                                    has_string_evidence = true;
                                }
                            }
                        }
                    }
                }
                // Bare array_declarator without string literal init is likely a binary
                // buffer (e.g., unsigned char cert_buf[2048]) — not a string violation
                "array_declarator" => {}
                _ => {}
            }
        }

        // Only flag signed/unsigned char with string literal evidence
        if has_string_evidence
            && (type_text.contains("signed") || type_text.contains("unsigned"))
            && type_text.contains("char")
        {
            let start = node.start_position();
            return Some(RuleViolation {
                rule_id: self.rule_id().to_string(),
                file_path: String::new(),
                message: format!(
                    "Using '{}' for basic character set strings. Use plain 'char' instead.",
                    type_text.trim()
                ),
                line: start.row + 1,
                column: start.column + 1,
                severity: self.severity(),
                suggestion: Some("Change to plain 'char' for string declarations".to_string()),
                requires_manual_review: Some(false),
            });
        }

        None
    }
}