Add files via upload

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-754/semmle/tests/ImproperCheckReturnValueScanf.expected

@@ -0,0 +1,2 @@
+| test.cpp:23:3:23:7 | call to scanf | Unchecked return value for call to 'scanf'. |
+| test.cpp:41:3:41:7 | call to scanf | Unchecked return value for call to 'scanf'. |

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-754/semmle/tests/ImproperCheckReturnValueScanf.qlref

@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-754/semmle/tests/test.cpp

@@ -0,0 +1,53 @@
+int scanf(const char *format, ...);
+int globalVal;
+int functionWork1() {
+  int i;
+  if (scanf("%i", i) == 1) // GOOD
+    return i;
+  else
+    return -1;
+}
+
+int functionWork1_() {
+  int i;
+  int r;
+  r = scanf("%i", i);
+  if (r == 1) // GOOD
+    return i;
+  else
+    return -1;
+}
+
+int functionWork1b() {
+  int i;
+  scanf("%i", i); // BAD
+  return i;
+}
+
+int functionWork2() {
+  int i = 0;
+  scanf("%i", i); // GOOD:the error can be determined by examining the initial value.
+  return i;
+}
+
+int functionWork2_() {
+  int i;
+  i = 0;
+  scanf("%i", i); // GOOD:the error can be determined by examining the initial value.
+  return i;
+}
+int functionWork2b() {
+  int i;
+  scanf("%i", i); // BAD
+  globalVal = i;
+  return 0;
+}
+
+void functionRunner() {
+  functionWork1();
+  functionWork1_();
+  functionWork1b();
+  functionWork2();
+  functionWork2_();
+  functionWork2b();
+}