implemented pr fixes

2026-05-01 11:45:14 +02:00 · 2020-07-08 09:23:52 -07:00
parent 3b9daa2db2
commit 6e6921b11e
1 changed files with 1 additions and 5 deletions
--- a/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql
@@ -15,9 +15,5 @@ import semmle.code.cpp.commons.Scanf
 from FunctionCall call, ScanfFunction sff
 where
  call.getTarget() = sff and
-  (
-    call.getArgument(sff.getFormatParameterIndex()).toString().regexpMatch(".*%s.*")
-    or
-    call.getArgument(sff.getFormatParameterIndex()).toString() = (".*%ls.*")
-  )
+  call.getArgument(sff.getFormatParameterIndex()).getValue().regexpMatch(".*%l?s.*")
 select call, "Dangerous use of one of the scanf functions"