scanf fixes, still need to update qhelp file

2026-05-04 21:25:44 +02:00 · 2020-06-30 17:22:29 -07:00
parent 0552f9b0cc
commit 3fdd11a9b5
9 changed files with 49 additions and 69 deletions
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/semmle/tests/MemoryUnsafeFunctionScan.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/semmle/tests/MemoryUnsafeFunctionScan.cpp
@@ -0,0 +1,24 @@
+///// Library routines /////
+
+int scanf(const char* format, ... );
+int sscanf(const char* str, const char* format, ...);
+int fscanf(const char* str, const char* format, ...);
+
+///// Test code /////
+
+int main(int argc, char** argv) { 
+
+    // BAD, do not use scanf without specifying a length first
+    char buf1[10];
+    scanf("%s", buf1);
+
+    // GOOD, length is specified
+    char buf2[10];
+    sscanf(buf2, "%9s");
+
+    // BAD, do not use scanf without specifying a length first
+    char file[10];
+    fscanf(file, "%s", buf2);
+
+    return 0;
+}
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/semmle/tests/MemoryUnsafeFunctionScan.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/semmle/tests/MemoryUnsafeFunctionScan.expected
@@ -0,0 +1,2 @@
+| MemoryUnsafeFunctionScan.cpp:13:5:13:9 | call to scanf | Dangerous use of one of the scanf functions |
+| MemoryUnsafeFunctionScan.cpp:21:5:21:10 | call to fscanf | Dangerous use of one of the scanf functions |
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/semmle/tests/MemoryUnsafeFunctionScan.qlref
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/semmle/tests/MemoryUnsafeFunctionScan.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql
				`@@ -0,0 +1 @@`
				`experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql`