Package SignalHandlers

mbaluda · mbaluda · commit 61c41f3a7442 · 2023-03-16T23:14:30.000+01:00
diff --git a/c/cert/src/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.md b/c/cert/src/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.md
@@ -0,0 +1,18 @@
+# SIG30-C: Call only asynchronous-safe functions within signal handlers
+
+This query implements the CERT-C rule SIG30-C:
+
+> Call only asynchronous-safe functions within signal handlers
+
+
+## CERT
+
+** REPLACE THIS BY RUNNING THE SCRIPT `scripts/help/cert-help-extraction.py` **
+
+## Implementation notes
+
+None
+
+## References
+
+* CERT-C: [SIG30-C: Call only asynchronous-safe functions within signal handlers](https://wiki.sei.cmu.edu/confluence/display/c)
diff --git a/c/cert/src/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql b/c/cert/src/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql
@@ -0,0 +1,18 @@
+/**
+ * @id c/cert/call-only-async-safe-functions-within-signal-handlers
+ * @name SIG30-C: Call only asynchronous-safe functions within signal handlers
+ * @description Call only asynchronous-safe functions within signal handlers.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/cert/id/sig30-c
+ *       external/cert/obligation/rule
+ */
+
+import cpp
+import codingstandards.c.cert
+
+from
+where
+  not isExcluded(x, SignalHandlersPackage::callOnlyAsyncSafeFunctionsWithinSignalHandlersQuery()) and
+select
diff --git a/c/cert/src/rules/SIG31-C/DoNotAccessSharedObjectsInSignalHandlers.md b/c/cert/src/rules/SIG31-C/DoNotAccessSharedObjectsInSignalHandlers.md
@@ -0,0 +1,18 @@
+# SIG31-C: Do not access shared objects in signal handlers
+
+This query implements the CERT-C rule SIG31-C:
+
+> Do not access shared objects in signal handlers
+
+
+## CERT
+
+** REPLACE THIS BY RUNNING THE SCRIPT `scripts/help/cert-help-extraction.py` **
+
+## Implementation notes
+
+None
+
+## References
+
+* CERT-C: [SIG31-C: Do not access shared objects in signal handlers](https://wiki.sei.cmu.edu/confluence/display/c)
diff --git a/c/cert/src/rules/SIG31-C/DoNotAccessSharedObjectsInSignalHandlers.ql b/c/cert/src/rules/SIG31-C/DoNotAccessSharedObjectsInSignalHandlers.ql
@@ -0,0 +1,18 @@
+/**
+ * @id c/cert/do-not-access-shared-objects-in-signal-handlers
+ * @name SIG31-C: Do not access shared objects in signal handlers
+ * @description Do not access shared objects in signal handlers.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/cert/id/sig31-c
+ *       external/cert/obligation/rule
+ */
+
+import cpp
+import codingstandards.c.cert
+
+from
+where
+  not isExcluded(x, SignalHandlersPackage::doNotAccessSharedObjectsInSignalHandlersQuery()) and
+select
diff --git a/c/cert/src/rules/SIG34-C/DoNotCallSignalFromInterruptibleSignalHandlers.md b/c/cert/src/rules/SIG34-C/DoNotCallSignalFromInterruptibleSignalHandlers.md
@@ -0,0 +1,18 @@
+# SIG34-C: Do not call signal() from within interruptible signal handlers
+
+This query implements the CERT-C rule SIG34-C:
+
+> Do not call signal() from within interruptible signal handlers
+
+
+## CERT
+
+** REPLACE THIS BY RUNNING THE SCRIPT `scripts/help/cert-help-extraction.py` **
+
+## Implementation notes
+
+None
+
+## References
+
+* CERT-C: [SIG34-C: Do not call signal() from within interruptible signal handlers](https://wiki.sei.cmu.edu/confluence/display/c)
diff --git a/c/cert/src/rules/SIG34-C/DoNotCallSignalFromInterruptibleSignalHandlers.ql b/c/cert/src/rules/SIG34-C/DoNotCallSignalFromInterruptibleSignalHandlers.ql
@@ -0,0 +1,18 @@
+/**
+ * @id c/cert/do-not-call-signal-from-interruptible-signal-handlers
+ * @name SIG34-C: Do not call signal() from within interruptible signal handlers
+ * @description Do not call signal() from within interruptible signal handlers.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/cert/id/sig34-c
+ *       external/cert/obligation/rule
+ */
+
+import cpp
+import codingstandards.c.cert
+
+from
+where
+  not isExcluded(x, SignalHandlersPackage::doNotCallSignalFromInterruptibleSignalHandlersQuery()) and
+select
diff --git a/c/cert/src/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.md b/c/cert/src/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.md
@@ -0,0 +1,16 @@
+# SIG35-C: Do not return from a computational exception signal handler
+
+This query implements the CERT-C rule SIG35-C:
+
+> Do not return from a computational exception signal handler
+## CERT
+
+** REPLACE THIS BY RUNNING THE SCRIPT `scripts/help/cert-help-extraction.py` **
+
+## Implementation notes
+
+None
+
+## References
+
+* CERT-C: [SIG35-C: Do not return from a computational exception signal handler](https://wiki.sei.cmu.edu/confluence/display/c)
diff --git a/c/cert/src/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.ql b/c/cert/src/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.ql
@@ -0,0 +1,18 @@
+/**
+ * @id c/cert/do-not-return-from-a-computational-exception-handler
+ * @name SIG35-C: Do not return from a computational exception signal handler
+ * @description Do not return from a computational exception signal handler.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/cert/id/sig35-c
+ *       external/cert/obligation/rule
+ */
+
+import cpp
+import codingstandards.c.cert
+
+from
+where
+  not isExcluded(x, SignalHandlersPackage::doNotReturnFromAComputationalExceptionHandlerQuery()) and
+select
diff --git a/c/cert/test/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.expected b/c/cert/test/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.expected
@@ -0,0 +1 @@
+No expected results have yet been specified
diff --git a/c/cert/test/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.qlref b/c/cert/test/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.qlref
@@ -0,0 +1 @@
+rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql
diff --git a/c/cert/test/rules/SIG31-C/DoNotAccessSharedObjectsInSignalHandlers.expected b/c/cert/test/rules/SIG31-C/DoNotAccessSharedObjectsInSignalHandlers.expected
@@ -0,0 +1 @@
+No expected results have yet been specified
diff --git a/c/cert/test/rules/SIG31-C/DoNotAccessSharedObjectsInSignalHandlers.qlref b/c/cert/test/rules/SIG31-C/DoNotAccessSharedObjectsInSignalHandlers.qlref
@@ -0,0 +1 @@
+rules/SIG31-C/DoNotAccessSharedObjectsInSignalHandlers.ql
diff --git a/c/cert/test/rules/SIG34-C/DoNotCallSignalFromInterruptibleSignalHandlers.expected b/c/cert/test/rules/SIG34-C/DoNotCallSignalFromInterruptibleSignalHandlers.expected
@@ -0,0 +1 @@
+No expected results have yet been specified
diff --git a/c/cert/test/rules/SIG34-C/DoNotCallSignalFromInterruptibleSignalHandlers.qlref b/c/cert/test/rules/SIG34-C/DoNotCallSignalFromInterruptibleSignalHandlers.qlref
@@ -0,0 +1 @@
+rules/SIG34-C/DoNotCallSignalFromInterruptibleSignalHandlers.ql
diff --git a/c/cert/test/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.expected b/c/cert/test/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.expected
@@ -0,0 +1 @@
+No expected results have yet been specified
diff --git a/c/cert/test/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.qlref b/c/cert/test/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.qlref
@@ -0,0 +1 @@
+rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.ql
diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/RuleMetadata.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/RuleMetadata.qll
@@ -46,6 +46,7 @@ import Preprocessor5
 import Preprocessor6
 import SideEffects1
 import SideEffects2
+import SignalHandlers
 import Strings1
 import Strings2
 import Strings3
@@ -97,6 +98,7 @@ newtype TCQuery =
   TPreprocessor6PackageQuery(Preprocessor6Query q) or
   TSideEffects1PackageQuery(SideEffects1Query q) or
   TSideEffects2PackageQuery(SideEffects2Query q) or
+  TSignalHandlersPackageQuery(SignalHandlersQuery q) or
   TStrings1PackageQuery(Strings1Query q) or
   TStrings2PackageQuery(Strings2Query q) or
   TStrings3PackageQuery(Strings3Query q) or
@@ -148,6 +150,7 @@ predicate isQueryMetadata(Query query, string queryId, string ruleId, string cat
   isPreprocessor6QueryMetadata(query, queryId, ruleId, category) or
   isSideEffects1QueryMetadata(query, queryId, ruleId, category) or
   isSideEffects2QueryMetadata(query, queryId, ruleId, category) or
+  isSignalHandlersQueryMetadata(query, queryId, ruleId, category) or
   isStrings1QueryMetadata(query, queryId, ruleId, category) or
   isStrings2QueryMetadata(query, queryId, ruleId, category) or
   isStrings3QueryMetadata(query, queryId, ruleId, category) or
diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/SignalHandlers.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/SignalHandlers.qll
@@ -0,0 +1,78 @@
+//** THIS FILE IS AUTOGENERATED, DO NOT MODIFY DIRECTLY.  **/
+import cpp
+import RuleMetadata
+import codingstandards.cpp.exclusions.RuleMetadata
+
+newtype SignalHandlersQuery =
+  TCallOnlyAsyncSafeFunctionsWithinSignalHandlersQuery() or
+  TDoNotAccessSharedObjectsInSignalHandlersQuery() or
+  TDoNotCallSignalFromInterruptibleSignalHandlersQuery() or
+  TDoNotReturnFromAComputationalExceptionHandlerQuery()
+
+predicate isSignalHandlersQueryMetadata(Query query, string queryId, string ruleId, string category) {
+  query =
+    // `Query` instance for the `callOnlyAsyncSafeFunctionsWithinSignalHandlers` query
+    SignalHandlersPackage::callOnlyAsyncSafeFunctionsWithinSignalHandlersQuery() and
+  queryId =
+    // `@id` for the `callOnlyAsyncSafeFunctionsWithinSignalHandlers` query
+    "c/cert/call-only-async-safe-functions-within-signal-handlers" and
+  ruleId = "SIG30-C" and
+  category = "rule"
+  or
+  query =
+    // `Query` instance for the `doNotAccessSharedObjectsInSignalHandlers` query
+    SignalHandlersPackage::doNotAccessSharedObjectsInSignalHandlersQuery() and
+  queryId =
+    // `@id` for the `doNotAccessSharedObjectsInSignalHandlers` query
+    "c/cert/do-not-access-shared-objects-in-signal-handlers" and
+  ruleId = "SIG31-C" and
+  category = "rule"
+  or
+  query =
+    // `Query` instance for the `doNotCallSignalFromInterruptibleSignalHandlers` query
+    SignalHandlersPackage::doNotCallSignalFromInterruptibleSignalHandlersQuery() and
+  queryId =
+    // `@id` for the `doNotCallSignalFromInterruptibleSignalHandlers` query
+    "c/cert/do-not-call-signal-from-interruptible-signal-handlers" and
+  ruleId = "SIG34-C" and
+  category = "rule"
+  or
+  query =
+    // `Query` instance for the `doNotReturnFromAComputationalExceptionHandler` query
+    SignalHandlersPackage::doNotReturnFromAComputationalExceptionHandlerQuery() and
+  queryId =
+    // `@id` for the `doNotReturnFromAComputationalExceptionHandler` query
+    "c/cert/do-not-return-from-a-computational-exception-handler" and
+  ruleId = "SIG35-C" and
+  category = "rule"
+}
+
+module SignalHandlersPackage {
+  Query callOnlyAsyncSafeFunctionsWithinSignalHandlersQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `callOnlyAsyncSafeFunctionsWithinSignalHandlers` query
+      TQueryC(TSignalHandlersPackageQuery(TCallOnlyAsyncSafeFunctionsWithinSignalHandlersQuery()))
+  }
+
+  Query doNotAccessSharedObjectsInSignalHandlersQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `doNotAccessSharedObjectsInSignalHandlers` query
+      TQueryC(TSignalHandlersPackageQuery(TDoNotAccessSharedObjectsInSignalHandlersQuery()))
+  }
+
+  Query doNotCallSignalFromInterruptibleSignalHandlersQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `doNotCallSignalFromInterruptibleSignalHandlers` query
+      TQueryC(TSignalHandlersPackageQuery(TDoNotCallSignalFromInterruptibleSignalHandlersQuery()))
+  }
+
+  Query doNotReturnFromAComputationalExceptionHandlerQuery() {
+    //autogenerate `Query` type
+    result =
+      // `Query` type for `doNotReturnFromAComputationalExceptionHandler` query
+      TQueryC(TSignalHandlersPackageQuery(TDoNotReturnFromAComputationalExceptionHandlerQuery()))
+  }
+}
diff --git a/rule_packages/c/SignalHandlers.json b/rule_packages/c/SignalHandlers.json
@@ -0,0 +1,72 @@
+{
+  "CERT-C": {
+    "SIG30-C": {
+      "properties": {
+        "obligation": "rule"
+      },
+      "queries": [
+        {
+          "description": "Call only asynchronous-safe functions within signal handlers.",
+          "kind": "problem",
+          "name": "Call only asynchronous-safe functions within signal handlers",
+          "precision": "very-high",
+          "severity": "error",
+          "short_name": "CallOnlyAsyncSafeFunctionsWithinSignalHandlers",
+          "tags": []
+        }
+      ],
+      "title": "Call only asynchronous-safe functions within signal handlers"
+    },
+    "SIG31-C": {
+      "properties": {
+        "obligation": "rule"
+      },
+      "queries": [
+        {
+          "description": "Do not access shared objects in signal handlers.",
+          "kind": "problem",
+          "name": "Do not access shared objects in signal handlers",
+          "precision": "very-high",
+          "severity": "error",
+          "short_name": "DoNotAccessSharedObjectsInSignalHandlers",
+          "tags": []
+        }
+      ],
+      "title": "Do not access shared objects in signal handlers"
+    },
+    "SIG34-C": {
+      "properties": {
+        "obligation": "rule"
+      },
+      "queries": [
+        {
+          "description": "Do not call signal() from within interruptible signal handlers.",
+          "kind": "problem",
+          "name": "Do not call signal() from within interruptible signal handlers",
+          "precision": "very-high",
+          "severity": "error",
+          "short_name": "DoNotCallSignalFromInterruptibleSignalHandlers",
+          "tags": []
+        }
+      ],
+      "title": "Do not call signal() from within interruptible signal handlers"
+    },
+    "SIG35-C": {
+      "properties": {
+        "obligation": "rule"
+      },
+      "queries": [
+        {
+          "description": "Do not return from a computational exception signal handler.",
+          "kind": "problem",
+          "name": "Do not return from a computational exception signal handler",
+          "precision": "very-high",
+          "severity": "error",
+          "short_name": "DoNotReturnFromAComputationalExceptionHandler",
+          "tags": []
+        }
+      ],
+      "title": "Do not return from a computational exception signal handler"
+    }
+  }
+}
diff --git a/rules.csv b/rules.csv
@@ -588,10 +588,10 @@ c,CERT-C,POS54-C,OutOfScope,Rule,,,Detect and handle POSIX library errors,,,,
 c,CERT-C,PRE30-C,No,Rule,,,Do not create a universal character name through concatenation,,,Medium,
 c,CERT-C,PRE31-C,Yes,Rule,,,Avoid side effects in arguments to unsafe macros,RULE-13-2,SideEffects,Medium,
 c,CERT-C,PRE32-C,Yes,Rule,,,Do not use preprocessor directives in invocations of function-like macros,,Preprocessor5,Hard,
-c,CERT-C,SIG30-C,Yes,Rule,,,Call only asynchronous-safe functions within signal handlers,,Contracts,Medium,
-c,CERT-C,SIG31-C,Yes,Rule,,,Do not access shared objects in signal handlers,,Contracts,Medium,
-c,CERT-C,SIG34-C,Yes,Rule,,,Do not call signal() from within interruptible signal handlers,,Contracts,Medium,
-c,CERT-C,SIG35-C,Yes,Rule,,,Do not return from a computational exception signal handler,,Contracts,Easy,
+c,CERT-C,SIG30-C,Yes,Rule,,,Call only asynchronous-safe functions within signal handlers,,SignalHandlers,Medium,
+c,CERT-C,SIG31-C,Yes,Rule,,,Do not access shared objects in signal handlers,,SignalHandlers,Medium,
+c,CERT-C,SIG34-C,Yes,Rule,,,Do not call signal() from within interruptible signal handlers,,SignalHandlers,Medium,
+c,CERT-C,SIG35-C,Yes,Rule,,,Do not return from a computational exception signal handler,,SignalHandlers,Easy,
 c,CERT-C,STR30-C,Yes,Rule,,,Do not attempt to modify string literals,,Strings1,Medium,
 c,CERT-C,STR31-C,Yes,Rule,,,Guarantee that storage for strings has sufficient space for character data and the null terminator,STR50-CPP,Strings1,Very Hard,
 c,CERT-C,STR32-C,Yes,Rule,,,Do not pass a non-null-terminated character sequence to a library function that expects a string,STR51-CPP,Strings1,Very Hard,

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+No expected results have yet been specified`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+rules/SIG31-C/DoNotAccessSharedObjectsInSignalHandlers.ql`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+rules/SIG34-C/DoNotCallSignalFromInterruptibleSignalHandlers.ql`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.ql`