hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 20:58:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Fix false positives around terminal output.

Browse Source
This commit is contained in:
Geoffrey White
2022-02-02 17:56:48 +00:00
parent 39a2ffd438
commit 4048ba0a1c
3 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
View File

@@ -16,6 +16,7 @@ import semmle.code.cpp.security.SensitiveExprs
import semmle.code.cpp.dataflow.TaintTracking
import semmle.code.cpp.valuenumbering.GlobalValueNumbering
import semmle.code.cpp.models.interfaces.FlowSource
import semmle.code.cpp.commons.File
import DataFlow::PathGraph
/**
@@ -143,6 +144,13 @@ abstract class NetworkSendRecv extends FunctionCall {
v.getTarget().getName() = ["stdin", "stdout", "stderr"] and
g = globalValueNumber(v)
)
or
// open of `"/dev/tty"`
exists(FunctionCall fc |
fopenCall(fc) and
fc.getAnArgument().getValue() = "/dev/tty" and
g = globalValueNumber(fc)
)
// (this is not exhaustive)
)
)