Add files via upload

2026-04-29 18:55:14 +02:00 · 2021-10-25 14:24:35 +03:00
parent 8e8a324fa6
commit 3f3988ce1c
3 changed files with 18 additions and 0 deletions
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-377/semmle/tests/InsecureTemporaryFile.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-377/semmle/tests/InsecureTemporaryFile.expected
@@ -0,0 +1 @@
+| test.cpp:11:20:11:25 | call to tmpnam | Finding the name of a file that does not exist does not mean that it will not be exist at the next operation. |
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-377/semmle/tests/InsecureTemporaryFile.qlref
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-377/semmle/tests/InsecureTemporaryFile.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-377/semmle/tests/test.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-377/semmle/tests/test.cpp
@@ -0,0 +1,16 @@
+typedef int FILE;
+#define NULL (0)
+FILE *fopen(char *filename, const char *mode);
+char * tmpnam(char * name);
+int fprintf(FILE *fp,const char *fmt, ...);
+int fclose(FILE *stream);
+
+int main(int argc, char *argv[])
+{
+  FILE *fp;
+  char *filename = tmpnam(NULL); // BAD
+  fp = fopen(filename,"w");
+  fprintf(fp,"%s\n","data to file");
+  fclose(fp);
+  return 0;
+}
				`@@ -0,0 +1 @@`
				`\| test.cpp:11:20:11:25 \| call to tmpnam \| Finding the name of a file that does not exist does not mean that it will not be exist at the next operation. \|`
				`@@ -0,0 +1 @@`
				`experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql`