Updates based on feedback

Author: raulgarciamsft

.gitignore

@@ -14,3 +14,4 @@
 /.vs/ProjectSettings.json
 
 /.vs/ql/v15/.suo
+/.vs/VSWorkspaceState.json

cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.cpp

@@ -1,3 +1,3 @@
-LPWSTR pSrc;
+wchar_t* pSrc;
 
-pSrc = (LPWSTR)"a";
+pSrc = (wchar_t*)"a"; // casting a byte-string literal "a" to a wide-character string

cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.qhelp

@@ -4,22 +4,32 @@
 <qhelp>
 
 <overview>
-  <p>This rule indicates a potentially incorrect cast from/to an ANSI string (<code>char *</code>) to/from a Unicode string (<code>wchar_t *</code>).</p>
+  <p>This rule indicates a potentially incorrect cast from an byte string (<code>char *</code>) to a wide-character string (<code>wchar_t *</code>).</p>
   <p>This cast might yield strings that are not correctly terminated; including potential buffer overruns when using such strings with some dangerous APIs.</p>
 </overview>
 
 <recommendation>
-  <p>Do not explicitly casting ANSI strings to/from Unicode strings.</p>
+  <p>Do not explicitly cast byte strings to wide-character strings.</p>
+  <p>For string literals, prepend the literal string with the letter "L" to indicate that the string is a wide-character string (<code>wchar_t *</code>).</p>
+  <p>For converting a byte literal to a wide-character string literal, you would need to use the appropriate conversion function for the platform you are using. Please see the references section for options according to your platform.</p>
 </recommendation>
 
 <example>
-<p>In the following example, an ANSI string literal (<code>"a"</code>) is casted as a Unicode string.</p>
+<p>In the following example, an byte string literal (<code>"a"</code>) is cast to a wide-character string.</p>
 <sample src="WcharCharConversion.cpp" />
 
-<p>To fix this issue, prepend the literal with the letter "L" (<code>L"a"</code>) to define it as a Unicode string.</p>
+<p>To fix this issue, prepend the literal with the letter "L" (<code>L"a"</code>) to define it as a wide-character string.</p>
 </example>
 
 <references>
+  <li>
+    General resources:
+    <a href="https://en.cppreference.com/w/cpp/string/multibyte/mbstowcs">std::mbstowcs</a>
+  </li>
+  <li>
+    Microsoft specific resources:
+    <a href="https://docs.microsoft.com/en-us/windows/desktop/Intl/security-considerations--international-features">Security Considerations: International Features</a>
+  </li>
 </references>
 
 </qhelp>

cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql

@@ -21,18 +21,9 @@ class WideCharPointerType extends PointerType {
 
 from Expr e1, Cast e2
 where 
-  e2 = e1.getConversion() 
-  and
-  (
-    exists( WideCharPointerType w, CharPointerType c  | 
-      w = e1.getType().getUnspecifiedType().(PointerType)
-      and c = e2.getType().getUnspecifiedType().(PointerType)
-    )
-    or exists
-    ( 
-      WideCharPointerType w, CharPointerType c | 
-      w = e2.getType().getUnspecifiedType().(PointerType)
-      and c = e1.getType().getUnspecifiedType().(PointerType)
-    )
+  e2 = e1.getConversion() and
+  exists(WideCharPointerType w, CharPointerType c |
+    w = e2.getType().getUnspecifiedType().(PointerType) and
+    c = e1.getType().getUnspecifiedType().(PointerType)
   )
 select e1, "Conversion from " + e1.getType().toString() + " to " +  e2.getType().toString() + ". Use of invalid string can lead to undefined behavior."

cpp/ql/test/query-tests/Security/CWE/CWE-704/WcharCharConversion.cpp

@@ -9,32 +9,26 @@ typedef CONST WCHAR *LPCWSTR;
 typedef CHAR *LPSTR;
 typedef CONST CHAR *LPCSTR;
 
-void fconstChar(LPCSTR p) {}
-void fChar(LPSTR p) {}
 void fconstWChar(LPCWSTR p) {}
 void fWChar(LPWSTR p) {}
 
 void Test()
 {
-    char *lpChar = NULL;
-    wchar_t *lpWchar = NULL;
+	char *lpChar = NULL;
+	wchar_t *lpWchar = NULL;
+	LPCSTR lpcstr = "b";
 
-    lpChar = (LPSTR)L"a";   // BUG
-    lpWchar = (LPWSTR)"a";  // BUG
+	lpWchar = (LPWSTR)"a"; // BUG
+	lpWchar = (LPWSTR)lpcstr; // BUG
 
-    lpChar = (char*)lpWchar;    // BUG
-    lpWchar = (wchar_t*)lpChar; // BUG
+	lpWchar = (wchar_t*)lpChar;	// BUG
 
-    fconstChar((LPCSTR)lpWchar);    // BUG
-    fChar((LPSTR)lpWchar);          // BUG
-    fconstWChar((LPCWSTR)lpChar);   // BUG
-    fWChar((LPWSTR)lpChar);         // BUG
+	fconstWChar((LPCWSTR)lpChar);	// BUG
+	fWChar((LPWSTR)lpChar);			// BUG
 
-    lpChar = (LPSTR)"a";    // Valid
-    lpWchar = (LPWSTR)L"a"; // Valid
+	lpChar = (LPSTR)"a"; // Valid
+	lpWchar = (LPWSTR)L"a"; // Valid
 
-    fconstChar((LPCSTR)lpChar);     // Valid
-    fChar(lpChar);                  // Valid
-    fconstWChar((LPCWSTR)lpWchar);  // Valid
-    fWChar(lpWchar);                // Valid
+	fconstWChar((LPCWSTR)lpWchar);	// Valid
+	fWChar(lpWchar);				// Valid
 }

cpp/ql/test/query-tests/Security/CWE/CWE-704/WcharCharConversion.expected

@@ -1,8 +1,5 @@
-| WcharCharConversion.cpp:22:18:22:21 | array to pointer conversion | Conversion from const wchar_t * to LPSTR. Use of invalid string can lead to undefined behavior. |
-| WcharCharConversion.cpp:23:20:23:22 | array to pointer conversion | Conversion from const char * to LPWSTR. Use of invalid string can lead to undefined behavior. |
-| WcharCharConversion.cpp:25:18:25:24 | lpWchar | Conversion from wchar_t * to char *. Use of invalid string can lead to undefined behavior. |
-| WcharCharConversion.cpp:26:22:26:27 | lpChar | Conversion from char * to wchar_t *. Use of invalid string can lead to undefined behavior. |
-| WcharCharConversion.cpp:28:21:28:27 | lpWchar | Conversion from wchar_t * to LPCSTR. Use of invalid string can lead to undefined behavior. |
-| WcharCharConversion.cpp:29:15:29:21 | lpWchar | Conversion from wchar_t * to LPSTR. Use of invalid string can lead to undefined behavior. |
-| WcharCharConversion.cpp:30:23:30:28 | lpChar | Conversion from char * to LPCWSTR. Use of invalid string can lead to undefined behavior. |
-| WcharCharConversion.cpp:31:17:31:22 | lpChar | Conversion from char * to LPWSTR. Use of invalid string can lead to undefined behavior. |
+| WcharCharConversion.cpp:21:20:21:22 | array to pointer conversion | Conversion from const char * to LPWSTR. Use of invalid string can lead to undefined behavior. |
+| WcharCharConversion.cpp:22:20:22:25 | lpcstr | Conversion from LPCSTR to LPWSTR. Use of invalid string can lead to undefined behavior. |
+| WcharCharConversion.cpp:24:22:24:27 | lpChar | Conversion from char * to wchar_t *. Use of invalid string can lead to undefined behavior. |
+| WcharCharConversion.cpp:26:23:26:28 | lpChar | Conversion from char * to LPCWSTR. Use of invalid string can lead to undefined behavior. |
+| WcharCharConversion.cpp:27:17:27:22 | lpChar | Conversion from char * to LPWSTR. Use of invalid string can lead to undefined behavior. |