Application Security Testing: An Integral Part of DevOps
ProblemIn the CRT and MFC libraries there are many functions, which take variable number of parameters. The problem is that there is no method to figure out how many arguments were passed during runtime and retrieve particular argument by the given index. Functions sprintf, CString::Format, etc. uses one of passed parameters (format string) to figure out the number of parameters. Sometimes there is a need to pass the number of parameters, which cannot be defined by another argument.
SolutionThere are at least two solutions:
Passing one more extra parameter that will either define the number of passed parameters. This solution is straightforward, but less elegant. Analyzing of the stack and retrieving all passed arguments as well as the number of them. This solution is more elegant, but uneasy, because there is no mechanism in C++, which allows to do that. CFunctionService is the implementation of the second solution.
CFunctionService is a C++ class, which allows retrieving information about the number of passed arguments and retrieve pointers to all arguments passed to the function with variable number of arguments.
CFunctionService contains the following methods, fully documented in the download file.
- Constructor - Initializes the class.
- begin - Checks if arguments can be enumerated, enumerates arguments, allocates an array to store argument pointers, stores each argument in the internal array and figures out the number of argument.
- getargument - Retrieves the pointer to argument by the given index
- getargumentcount - Retrieves the number of passed arguments
- end - Deallocates an array of arguments and makes necessary cleaning.
Development MethodologyThe core code (CFunctionService) is developed as reusable C++ class.
- During the implementation was made an assumption that there cannot be more than 32 passed parameters.
- Arguments are not checked on their validity, which may cause the problem sometimes. For example if one of arguments is the class, which has no copy constructor and passed by reference it may cause a corruption of stack. When this argument is passed in the function with the fixed number of arguments the C++ compiler checks for this situation. In CFunctionService if stack is corrupted then an exception is thrown.
ConclusionThis class (CFunctionService) resolves very interesting issue - of how to define during runtime the number of passed arguments.
DownloadsDownload source - 4 Kb
Download demo project - 13 Kb