hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Move the 'gets' case.

Browse Source
This commit is contained in:
Geoffrey White
2019-01-29 11:10:42 +00:00
parent a82832e779
commit 429f53ed74
3 changed files with 5 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
cpp/ql/src/Likely Bugs/Memory Management/PotentialBufferOverflow.ql
View File

@@ -18,20 +18,6 @@ abstract class PotentiallyDangerousFunctionCall extends FunctionCall {
abstract string getDescription();
}
class GetsCall extends PotentiallyDangerousFunctionCall {
GetsCall() {
this.getTarget().hasName("gets")
}
override predicate isDangerous() {
any()
}
override string getDescription() {
result = "gets does not guard against buffer overflow"
}
}
class SprintfCall extends PotentiallyDangerousFunctionCall {
SprintfCall() {
this.getTarget().hasName("sprintf") or this.getTarget().hasName("vsprintf")

3
cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
View File

@@ -15,6 +15,9 @@ predicate potentiallyDangerousFunction(Function f, string message) {
(
f.getQualifiedName() = "gmtime" and
message = "Call to gmtime is potentially dangerous"
) or (
f.hasName("gets") and
message = "gets does not guard against buffer overflow"
)
}