C++: Add another good example.

2026-04-30 11:15:13 +02:00 · 2020-12-09 16:46:33 +00:00
parent 80db155d54
commit 209191bb24
2 changed files with 17 additions and 2 deletions
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/semmle/tests/MemoryUnsafeFunctionScan.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/semmle/tests/MemoryUnsafeFunctionScan.cpp
@@ -1,5 +1,10 @@
 ///// Library routines /////

+typedef unsigned long size_t;
+void *malloc(size_t size);
+
+size_t strlen(const char *s);
+
 int scanf(const char *format, ...);
 int sscanf(const char *str, const char *format, ...);
 int fscanf(const char *str, const char *format, ...);
@@ -22,5 +27,14 @@ int main(int argc, char **argv)
    char file[10];
    fscanf(file, "%s", buf2);

+    // GOOD, with 'sscanf' the input can be checked first and enough room allocated [FALSE POSITIVE]
+    if (argc >= 1)
+    {
+		char *src = argv[0];
+		char *dest = (char *)malloc(strlen(src) + 1);
+
+		sscanf(src, "%s", dest);
+	}
+
    return 0;
 }
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/semmle/tests/MemoryUnsafeFunctionScan.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/semmle/tests/MemoryUnsafeFunctionScan.expected
@@ -1,2 +1,3 @@
-| MemoryUnsafeFunctionScan.cpp:14:5:14:9 | call to scanf | Dangerous use of one of the scanf functions |
-| MemoryUnsafeFunctionScan.cpp:23:5:23:10 | call to fscanf | Dangerous use of one of the scanf functions |
+| MemoryUnsafeFunctionScan.cpp:19:5:19:9 | call to scanf | Dangerous use of one of the scanf functions |
+| MemoryUnsafeFunctionScan.cpp:28:5:28:10 | call to fscanf | Dangerous use of one of the scanf functions |
+| MemoryUnsafeFunctionScan.cpp:36:3:36:8 | call to sscanf | Dangerous use of one of the scanf functions |