hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Address review comments.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2021-02-01 13:32:46 +01:00
parent c747914ef2
commit 27b41c2016
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
cpp/ql/src/semmle/code/cpp/models/implementations/Sscanf.qll
View File

@@ -15,7 +15,7 @@ import semmle.code.cpp.models.interfaces.SideEffect
private class Sscanf extends ArrayFunction, TaintFunction, AliasFunction, SideEffectFunction {
Sscanf() {
this.hasGlobalOrStdName([
"sscanf", // sscanf(src_stream, format, args...)
"sscanf", // sscanf(src, format, args...)
"swscanf", // swscanf(src, format, args...)
"fscanf", // fscanf(src_stream, format, args...)
"fwscanf" // fwscanf(src_stream, format, args...)
@@ -32,11 +32,16 @@ private class Sscanf extends ArrayFunction, TaintFunction, AliasFunction, SideEf
])
}
private predicate isSscanf() { this.getName().regexpMatch(".*sn?w?scanf.*") }
override predicate hasArrayWithNullTerminator(int bufParam) {
bufParam = [0, getFormatPosition()]
bufParam = getFormatPosition()
or
isSscanf() and
bufParam = 0
}
override predicate hasArrayInput(int bufParam) { bufParam = [0, getFormatPosition()] }
override predicate hasArrayInput(int bufParam) { hasArrayWithNullTerminator(bufParam) }
private int getLengthPosition() {
this.getName().matches("\\_sn%") and