hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-24 08:07:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #21862 from MathiasVP/more-fopen-models

Browse Source 
C++: Add two more `fopen`-like models.
This commit is contained in:
Mathias Vorreiter Pedersen
2026-05-18 22:43:48 +01:00
committed by GitHub
parent ad69cfb721 2c156994de
commit 0633bc7b91
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
cpp/ql/lib/semmle/code/cpp/models/implementations/Fopen.qll
View File

@@ -11,7 +11,9 @@ private class Fopen extends Function, AliasFunction, SideEffectFunction, TaintFu
Fopen() {
this.hasGlobalOrStdName(["fopen", "fopen_s", "freopen"])
or
this.hasGlobalName(["_open", "_wfopen", "_fsopen", "_wfsopen", "_wopen"])
this.hasGlobalName([
"_open", "_wfopen", "_fsopen", "_wfsopen", "_wopen", "_sopen_s", "_wsopen_s"
])
}
override predicate hasOnlySpecificWriteSideEffects() { any() }
@@ -46,6 +48,10 @@ private class Fopen extends Function, AliasFunction, SideEffectFunction, TaintFu
this.hasGlobalName(["_open", "_wopen"]) and
i = 0 and
buffer = true
or
this.hasGlobalName(["_sopen_s", "_wsopen_s"]) and
i = 1 and
buffer = true
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
@@ -64,5 +70,9 @@ private class Fopen extends Function, AliasFunction, SideEffectFunction, TaintFu
this.hasGlobalName(["_open", "_wopen"]) and
input.isParameterDeref(0) and
output.isReturnValue()
or
this.hasGlobalName(["_sopen_s", "_wsopen_s"]) and
input.isParameterDeref(1) and
output.isParameterDeref(0)
}
}