Merge pull request #6794 from geoffw0/impropnullfp

C++: Improvements to cpp/improper-null-termination
2026-05-02 12:15:17 +02:00 · 2021-10-12 14:47:02 +01:00
parent 10739b11ee ac6acfb660
commit 6853f491f4
7 changed files with 116 additions and 32 deletions
--- a/Management/ImproperNullTermination.ql
+++ b/Management/ImproperNullTermination.ql
@@ -5,6 +5,7 @@
 * @kind problem
 * @id cpp/improper-null-termination
 * @problem.severity warning
+ * @precision medium
 * @security-severity 7.8
 * @tags security
 *       external/cwe/cwe-170
@@ -53,6 +54,7 @@ class ImproperNullTerminationReachability extends StackVariableReachabilityWithR
  override predicate isBarrier(ControlFlowNode node, StackVariable v) {
    exprDefinition(v, node, _) or
    mayAddNullTerminator(node, v.getAnAccess()) or
+    node.(AddressOfExpr).getOperand() = v.getAnAccess() or // address taken
    isSinkActual(node, v) // only report first use
  }
 }
--- a/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql
@@ -5,6 +5,7 @@
 * @kind problem
 * @id cpp/user-controlled-null-termination-tainted
 * @problem.severity warning
+ * @precision medium
 * @security-severity 10.0
 * @tags security
 *       external/cwe/cwe-170