hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++:Lower potentially-dangerous-function precision

Browse Source 
There have been multiple reports of false positives from this query over
time. Now that it has `@security-severity 10.0`, these false positives
look even worse.

The query looks purely for calls to functions with certain names, not
at whether the calls happen in a dangerous context. To justify a higher
precision, the query should only flag calls that happen in a thread or
another non-reentrant context.
This commit is contained in:
Jonas Jensen
2021-08-24 17:14:42 +02:00
parent 2f5ed03798
commit 19ee64d9ad
3 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cpp/change-notes/2021-08-23-ctime-weaken-claims.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* Lowered the precision of `cpp/potentially-dangerous-function` so it is run but not displayed on LGTM by default and so it's only run and displayed on Code Scanning if a broader suite like `cpp-security-extended` is opted into.