fixed references and used autoformat

2026-04-30 11:15:13 +02:00 · 2020-07-01 09:23:36 -07:00
parent 3fdd11a9b5
commit 25bfc3a168
3 changed files with 10 additions and 14 deletions
--- a/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.qhelp
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.qhelp
@@ -8,9 +8,6 @@
 </overview>

 <references>
-<li>https://cwe.mitre.org/data/definitions/120</li>
-<!--  LocalWords:  CWE
- -->
 </references>

 </qhelp>
--- a/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql
@@ -13,14 +13,12 @@
 import cpp
 import semmle.code.cpp.commons.Scanf

-
 from FunctionCall call, ScanfFunction sff
 where
-  call.getTarget() = sff
-  and
+  call.getTarget() = sff and
  (
-  call.getArgument(sff.getFormatParameterIndex()).toString().regexpMatch(".*%s.*")
-  or
-  call.getArgument(sff.getFormatParameterIndex()).toString() = (".*%ls.*")
+    call.getArgument(sff.getFormatParameterIndex()).toString().regexpMatch(".*%s.*")
+    or
+    call.getArgument(sff.getFormatParameterIndex()).toString() = (".*%ls.*")
  )
-select call, "Dangerous use of one of the scanf functions"
+select call, "Dangerous use of one of the scanf functions"
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/semmle/tests/MemoryUnsafeFunctionScan.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/semmle/tests/MemoryUnsafeFunctionScan.cpp
@@ -1,12 +1,13 @@
 ///// Library routines /////

-int scanf(const char* format, ... );
-int sscanf(const char* str, const char* format, ...);
-int fscanf(const char* str, const char* format, ...);
+int scanf(const char *format, ...);
+int sscanf(const char *str, const char *format, ...);
+int fscanf(const char *str, const char *format, ...);

 ///// Test code /////

-int main(int argc, char** argv) { 
+int main(int argc, char **argv)
+{

    // BAD, do not use scanf without specifying a length first
    char buf1[10];