mirror of
https://github.com/github/codeql.git
synced 2026-04-26 01:05:15 +02:00
Merge pull request #15628 from microsoft/cpp-non-constant-format-as-path-query
Cpp non constant format as path query
This commit is contained in:
Mathias Vorreiter Pedersen
@@ -8,7 +8,7 @@
|
||||
* type `const char*` it is still considered non-constant if the value is not coming from a string
|
||||
* literal. For example, for a parameter with type `const char*` of an exported function that is
|
||||
* used as a format string, there is no way to ensure the originating value was a string literal.
|
||||
* @kind problem
|
||||
* @kind path-problem
|
||||
* @problem.severity recommendation
|
||||
* @security-severity 9.3
|
||||
* @precision high
|
||||
@@ -26,6 +26,7 @@ import semmle.code.cpp.ir.dataflow.internal.ModelUtil
|
||||
import semmle.code.cpp.models.interfaces.DataFlow
|
||||
import semmle.code.cpp.models.interfaces.Taint
|
||||
import semmle.code.cpp.ir.IR
|
||||
import NonConstFlow::PathGraph
|
||||
|
||||
class UncalledFunction extends Function {
|
||||
UncalledFunction() {
|
||||
@@ -68,7 +69,10 @@ predicate isNonConst(DataFlow::Node node) {
|
||||
// Parameters of uncalled functions that aren't const
|
||||
exists(UncalledFunction f, Parameter p |
|
||||
f.getAParameter() = p and
|
||||
p = node.asParameter()
|
||||
p = node.asParameter() and
|
||||
// Ignore main's argv parameter as it is already considered a `FlowSource`
|
||||
// not ignoring it will result in path redundancies
|
||||
(f.getName() = "main" implies p != f.getParameter(1))
|
||||
)
|
||||
or
|
||||
// Consider as an input any out arg of a function or a function's return where the function is not:
|
||||
@@ -127,11 +131,13 @@ module NonConstFlowConfig implements DataFlow::ConfigSig {
|
||||
|
||||
module NonConstFlow = TaintTracking::Global<NonConstFlowConfig>;
|
||||
|
||||
from FormattingFunctionCall call, Expr formatString, DataFlow::Node sink
|
||||
from
|
||||
FormattingFunctionCall call, Expr formatString, NonConstFlow::PathNode sink,
|
||||
NonConstFlow::PathNode source
|
||||
where
|
||||
isSinkImpl(sink.getNode(), formatString) and
|
||||
call.getArgument(call.getFormatParameterIndex()) = formatString and
|
||||
NonConstFlow::flowTo(sink) and
|
||||
isSinkImpl(sink, formatString)
|
||||
select formatString,
|
||||
"The format string argument to " + call.getTarget().getName() +
|
||||
" should be constant to prevent security issues and other potential errors."
|
||||
NonConstFlow::flowPath(source, sink)
|
||||
select sink.getNode(), source, sink,
|
||||
"The format string argument to $@ has a source which cannot be " +
|
||||
"verified to originate from a string literal.", call, call.getTarget().getName()
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The "non-constant format string" query (`cpp/non-constant-format`) has been converted to a `path-problem` query.
|
||||
@@ -1,21 +1,99 @@
|
||||
| NonConstantFormat.c:30:10:30:16 | access to array | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| NonConstantFormat.c:41:9:41:27 | call to any_random_function | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| NonConstantFormat.c:45:9:45:48 | call to gettext | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| nested.cpp:21:23:21:26 | fmt0 | The format string argument to snprintf should be constant to prevent security issues and other potential errors. |
|
||||
| nested.cpp:79:32:79:38 | call to get_fmt | The format string argument to diagnostic should be constant to prevent security issues and other potential errors. |
|
||||
| nested.cpp:87:18:87:20 | fmt | The format string argument to diagnostic should be constant to prevent security issues and other potential errors. |
|
||||
| test.cpp:51:10:51:21 | call to make_message | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| test.cpp:130:20:130:26 | access to array | The format string argument to sprintf should be constant to prevent security issues and other potential errors. |
|
||||
| test.cpp:157:12:157:15 | data | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| test.cpp:170:12:170:14 | res | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| test.cpp:195:31:195:33 | str | The format string argument to StringCchPrintfW should be constant to prevent security issues and other potential errors. |
|
||||
| test.cpp:197:11:197:14 | wstr | The format string argument to wprintf should be constant to prevent security issues and other potential errors. |
|
||||
| test.cpp:205:12:205:20 | ... + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| test.cpp:206:12:206:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| test.cpp:211:12:211:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| test.cpp:217:12:217:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| test.cpp:223:12:223:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| test.cpp:228:12:228:18 | ++ ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| test.cpp:235:12:235:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| test.cpp:242:12:242:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| test.cpp:247:12:247:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
edges
|
||||
| NonConstantFormat.c:28:27:28:30 | **argv | NonConstantFormat.c:30:10:30:16 | *access to array | provenance | |
|
||||
| NonConstantFormat.c:45:11:45:47 | *call to any_random_function | NonConstantFormat.c:45:9:45:48 | *call to gettext | provenance | |
|
||||
| nested.cpp:19:29:19:32 | *fmt0 | nested.cpp:21:23:21:26 | *fmt0 | provenance | |
|
||||
| nested.cpp:27:32:27:34 | *fmt | nested.cpp:28:16:28:18 | *fmt | provenance | |
|
||||
| nested.cpp:28:16:28:18 | *fmt | nested.cpp:19:29:19:32 | *fmt0 | provenance | |
|
||||
| nested.cpp:34:37:34:39 | *fmt | nested.cpp:35:19:35:21 | *fmt | provenance | |
|
||||
| nested.cpp:35:19:35:21 | *fmt | nested.cpp:27:32:27:34 | *fmt | provenance | |
|
||||
| nested.cpp:42:24:42:34 | *call to ext_fmt_str | nested.cpp:34:37:34:39 | *fmt | provenance | |
|
||||
| nested.cpp:86:19:86:46 | *call to __builtin_alloca | nested.cpp:87:18:87:20 | *fmt | provenance | |
|
||||
| test.cpp:27:39:27:39 | n | test.cpp:27:13:27:24 | **make_message | provenance | |
|
||||
| test.cpp:46:14:46:17 | argc | test.cpp:51:23:51:30 | ... - ... | provenance | |
|
||||
| test.cpp:46:27:46:30 | **argv | test.cpp:130:20:130:26 | *access to array | provenance | |
|
||||
| test.cpp:51:23:51:30 | ... - ... | test.cpp:27:39:27:39 | n | provenance | |
|
||||
| test.cpp:51:23:51:30 | ... - ... | test.cpp:51:10:51:21 | *call to make_message | provenance | |
|
||||
| test.cpp:155:27:155:30 | data | test.cpp:157:12:157:15 | data | provenance | |
|
||||
| test.cpp:167:31:167:34 | data | test.cpp:170:12:170:14 | *res | provenance | |
|
||||
| test.cpp:193:32:193:34 | str | test.cpp:195:31:195:33 | str | provenance | |
|
||||
| test.cpp:193:32:193:34 | str | test.cpp:197:11:197:14 | *wstr | provenance | |
|
||||
| test.cpp:204:25:204:36 | *call to get_string | test.cpp:205:12:205:20 | *... + ... | provenance | |
|
||||
| test.cpp:204:25:204:36 | *call to get_string | test.cpp:206:12:206:16 | *hello | provenance | |
|
||||
| test.cpp:209:25:209:36 | *call to get_string | test.cpp:211:12:211:16 | *hello | provenance | |
|
||||
| test.cpp:215:25:215:36 | *call to get_string | test.cpp:217:12:217:16 | *hello | provenance | |
|
||||
| test.cpp:221:25:221:36 | *call to get_string | test.cpp:223:12:223:16 | *hello | provenance | |
|
||||
| test.cpp:227:25:227:36 | *call to get_string | test.cpp:228:12:228:18 | *++ ... | provenance | |
|
||||
| test.cpp:232:25:232:36 | *call to get_string | test.cpp:235:12:235:16 | *hello | provenance | |
|
||||
| test.cpp:239:25:239:36 | *call to get_string | test.cpp:242:12:242:16 | *hello | provenance | |
|
||||
| test.cpp:245:25:245:36 | *call to get_string | test.cpp:247:12:247:16 | *hello | provenance | |
|
||||
nodes
|
||||
| NonConstantFormat.c:28:27:28:30 | **argv | semmle.label | **argv |
|
||||
| NonConstantFormat.c:30:10:30:16 | *access to array | semmle.label | *access to array |
|
||||
| NonConstantFormat.c:41:9:41:45 | *call to any_random_function | semmle.label | *call to any_random_function |
|
||||
| NonConstantFormat.c:45:9:45:48 | *call to gettext | semmle.label | *call to gettext |
|
||||
| NonConstantFormat.c:45:11:45:47 | *call to any_random_function | semmle.label | *call to any_random_function |
|
||||
| nested.cpp:19:29:19:32 | *fmt0 | semmle.label | *fmt0 |
|
||||
| nested.cpp:21:23:21:26 | *fmt0 | semmle.label | *fmt0 |
|
||||
| nested.cpp:27:32:27:34 | *fmt | semmle.label | *fmt |
|
||||
| nested.cpp:28:16:28:18 | *fmt | semmle.label | *fmt |
|
||||
| nested.cpp:34:37:34:39 | *fmt | semmle.label | *fmt |
|
||||
| nested.cpp:35:19:35:21 | *fmt | semmle.label | *fmt |
|
||||
| nested.cpp:42:24:42:34 | *call to ext_fmt_str | semmle.label | *call to ext_fmt_str |
|
||||
| nested.cpp:79:32:79:38 | *call to get_fmt | semmle.label | *call to get_fmt |
|
||||
| nested.cpp:86:19:86:46 | *call to __builtin_alloca | semmle.label | *call to __builtin_alloca |
|
||||
| nested.cpp:87:18:87:20 | *fmt | semmle.label | *fmt |
|
||||
| test.cpp:27:13:27:24 | **make_message | semmle.label | **make_message |
|
||||
| test.cpp:27:39:27:39 | n | semmle.label | n |
|
||||
| test.cpp:46:14:46:17 | argc | semmle.label | argc |
|
||||
| test.cpp:46:27:46:30 | **argv | semmle.label | **argv |
|
||||
| test.cpp:51:10:51:21 | *call to make_message | semmle.label | *call to make_message |
|
||||
| test.cpp:51:23:51:30 | ... - ... | semmle.label | ... - ... |
|
||||
| test.cpp:130:20:130:26 | *access to array | semmle.label | *access to array |
|
||||
| test.cpp:155:27:155:30 | data | semmle.label | data |
|
||||
| test.cpp:157:12:157:15 | data | semmle.label | data |
|
||||
| test.cpp:167:31:167:34 | data | semmle.label | data |
|
||||
| test.cpp:170:12:170:14 | *res | semmle.label | *res |
|
||||
| test.cpp:193:32:193:34 | str | semmle.label | str |
|
||||
| test.cpp:195:31:195:33 | str | semmle.label | str |
|
||||
| test.cpp:197:11:197:14 | *wstr | semmle.label | *wstr |
|
||||
| test.cpp:204:25:204:36 | *call to get_string | semmle.label | *call to get_string |
|
||||
| test.cpp:205:12:205:20 | *... + ... | semmle.label | *... + ... |
|
||||
| test.cpp:206:12:206:16 | *hello | semmle.label | *hello |
|
||||
| test.cpp:209:25:209:36 | *call to get_string | semmle.label | *call to get_string |
|
||||
| test.cpp:211:12:211:16 | *hello | semmle.label | *hello |
|
||||
| test.cpp:215:25:215:36 | *call to get_string | semmle.label | *call to get_string |
|
||||
| test.cpp:217:12:217:16 | *hello | semmle.label | *hello |
|
||||
| test.cpp:221:25:221:36 | *call to get_string | semmle.label | *call to get_string |
|
||||
| test.cpp:223:12:223:16 | *hello | semmle.label | *hello |
|
||||
| test.cpp:227:25:227:36 | *call to get_string | semmle.label | *call to get_string |
|
||||
| test.cpp:228:12:228:18 | *++ ... | semmle.label | *++ ... |
|
||||
| test.cpp:232:25:232:36 | *call to get_string | semmle.label | *call to get_string |
|
||||
| test.cpp:235:12:235:16 | *hello | semmle.label | *hello |
|
||||
| test.cpp:239:25:239:36 | *call to get_string | semmle.label | *call to get_string |
|
||||
| test.cpp:242:12:242:16 | *hello | semmle.label | *hello |
|
||||
| test.cpp:245:25:245:36 | *call to get_string | semmle.label | *call to get_string |
|
||||
| test.cpp:247:12:247:16 | *hello | semmle.label | *hello |
|
||||
subpaths
|
||||
| test.cpp:51:23:51:30 | ... - ... | test.cpp:27:39:27:39 | n | test.cpp:27:13:27:24 | **make_message | test.cpp:51:10:51:21 | *call to make_message |
|
||||
#select
|
||||
| NonConstantFormat.c:30:10:30:16 | *access to array | NonConstantFormat.c:28:27:28:30 | **argv | NonConstantFormat.c:30:10:30:16 | *access to array | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | NonConstantFormat.c:30:3:30:8 | call to printf | printf |
|
||||
| NonConstantFormat.c:41:9:41:45 | *call to any_random_function | NonConstantFormat.c:41:9:41:45 | *call to any_random_function | NonConstantFormat.c:41:9:41:45 | *call to any_random_function | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | NonConstantFormat.c:41:2:41:7 | call to printf | printf |
|
||||
| NonConstantFormat.c:45:9:45:48 | *call to gettext | NonConstantFormat.c:45:11:45:47 | *call to any_random_function | NonConstantFormat.c:45:9:45:48 | *call to gettext | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | NonConstantFormat.c:45:2:45:7 | call to printf | printf |
|
||||
| nested.cpp:21:23:21:26 | *fmt0 | nested.cpp:42:24:42:34 | *call to ext_fmt_str | nested.cpp:21:23:21:26 | *fmt0 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | nested.cpp:21:5:21:12 | call to snprintf | snprintf |
|
||||
| nested.cpp:79:32:79:38 | *call to get_fmt | nested.cpp:79:32:79:38 | *call to get_fmt | nested.cpp:79:32:79:38 | *call to get_fmt | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | nested.cpp:79:5:79:14 | call to diagnostic | diagnostic |
|
||||
| nested.cpp:87:18:87:20 | *fmt | nested.cpp:86:19:86:46 | *call to __builtin_alloca | nested.cpp:87:18:87:20 | *fmt | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | nested.cpp:87:7:87:16 | call to diagnostic | diagnostic |
|
||||
| test.cpp:51:10:51:21 | *call to make_message | test.cpp:46:14:46:17 | argc | test.cpp:51:10:51:21 | *call to make_message | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | test.cpp:51:3:51:8 | call to printf | printf |
|
||||
| test.cpp:130:20:130:26 | *access to array | test.cpp:46:27:46:30 | **argv | test.cpp:130:20:130:26 | *access to array | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | test.cpp:130:2:130:10 | call to sprintf | sprintf |
|
||||
| test.cpp:157:12:157:15 | data | test.cpp:155:27:155:30 | data | test.cpp:157:12:157:15 | data | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | test.cpp:157:5:157:10 | call to printf | printf |
|
||||
| test.cpp:170:12:170:14 | *res | test.cpp:167:31:167:34 | data | test.cpp:170:12:170:14 | *res | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | test.cpp:170:5:170:10 | call to printf | printf |
|
||||
| test.cpp:195:31:195:33 | str | test.cpp:193:32:193:34 | str | test.cpp:195:31:195:33 | str | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | test.cpp:195:3:195:18 | call to StringCchPrintfW | StringCchPrintfW |
|
||||
| test.cpp:197:11:197:14 | *wstr | test.cpp:193:32:193:34 | str | test.cpp:197:11:197:14 | *wstr | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | test.cpp:197:3:197:9 | call to wprintf | wprintf |
|
||||
| test.cpp:205:12:205:20 | *... + ... | test.cpp:204:25:204:36 | *call to get_string | test.cpp:205:12:205:20 | *... + ... | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | test.cpp:205:5:205:10 | call to printf | printf |
|
||||
| test.cpp:206:12:206:16 | *hello | test.cpp:204:25:204:36 | *call to get_string | test.cpp:206:12:206:16 | *hello | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | test.cpp:206:5:206:10 | call to printf | printf |
|
||||
| test.cpp:211:12:211:16 | *hello | test.cpp:209:25:209:36 | *call to get_string | test.cpp:211:12:211:16 | *hello | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | test.cpp:211:5:211:10 | call to printf | printf |
|
||||
| test.cpp:217:12:217:16 | *hello | test.cpp:215:25:215:36 | *call to get_string | test.cpp:217:12:217:16 | *hello | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | test.cpp:217:5:217:10 | call to printf | printf |
|
||||
| test.cpp:223:12:223:16 | *hello | test.cpp:221:25:221:36 | *call to get_string | test.cpp:223:12:223:16 | *hello | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | test.cpp:223:5:223:10 | call to printf | printf |
|
||||
| test.cpp:228:12:228:18 | *++ ... | test.cpp:227:25:227:36 | *call to get_string | test.cpp:228:12:228:18 | *++ ... | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | test.cpp:228:5:228:10 | call to printf | printf |
|
||||
| test.cpp:235:12:235:16 | *hello | test.cpp:232:25:232:36 | *call to get_string | test.cpp:235:12:235:16 | *hello | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | test.cpp:235:5:235:10 | call to printf | printf |
|
||||
| test.cpp:242:12:242:16 | *hello | test.cpp:239:25:239:36 | *call to get_string | test.cpp:242:12:242:16 | *hello | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | test.cpp:242:5:242:10 | call to printf | printf |
|
||||
| test.cpp:247:12:247:16 | *hello | test.cpp:245:25:245:36 | *call to get_string | test.cpp:247:12:247:16 | *hello | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | test.cpp:247:5:247:10 | call to printf | printf |
|
||||
|
||||
@@ -1,14 +1,83 @@
|
||||
| consts.cpp:86:9:86:10 | v1 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| consts.cpp:91:9:91:10 | v2 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| consts.cpp:95:9:95:10 | v3 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| consts.cpp:100:9:100:10 | v4 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| consts.cpp:103:9:103:15 | call to varFunc | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| consts.cpp:107:9:107:10 | v5 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| consts.cpp:112:9:112:10 | v6 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| consts.cpp:116:9:116:13 | access to array | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| consts.cpp:121:9:121:10 | v8 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| consts.cpp:126:9:126:27 | call to nonConstFuncToArray | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| consts.cpp:130:9:130:10 | v9 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| consts.cpp:135:9:135:11 | v10 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| consts.cpp:140:9:140:11 | v11 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
| consts.cpp:145:9:145:11 | v12 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
|
||||
edges
|
||||
| consts.cpp:24:7:24:9 | **gv1 | consts.cpp:24:7:24:9 | **gv1 | provenance | |
|
||||
| consts.cpp:24:7:24:9 | **gv1 | consts.cpp:29:7:29:25 | **nonConstFuncToArray | provenance | |
|
||||
| consts.cpp:29:7:29:25 | **nonConstFuncToArray | consts.cpp:126:9:126:30 | *call to nonConstFuncToArray | provenance | |
|
||||
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:24:7:24:9 | **gv1 | provenance | |
|
||||
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:86:9:86:10 | *v1 | provenance | |
|
||||
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:95:9:95:10 | *v3 | provenance | |
|
||||
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:100:9:100:10 | *v4 | provenance | |
|
||||
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:116:9:116:13 | *access to array | provenance | |
|
||||
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:121:9:121:10 | *v8 | provenance | |
|
||||
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:130:9:130:10 | *v9 | provenance | |
|
||||
| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:135:9:135:11 | *v10 | provenance | |
|
||||
| consts.cpp:90:7:90:10 | *call to gets | consts.cpp:91:9:91:10 | *v2 | provenance | |
|
||||
| consts.cpp:90:7:90:10 | *call to gets | consts.cpp:116:9:116:13 | *access to array | provenance | |
|
||||
| consts.cpp:90:7:90:10 | *call to gets | consts.cpp:121:9:121:10 | *v8 | provenance | |
|
||||
| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:24:7:24:9 | **gv1 | provenance | |
|
||||
| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:95:9:95:10 | *v3 | provenance | |
|
||||
| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:100:9:100:10 | *v4 | provenance | |
|
||||
| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:116:9:116:13 | *access to array | provenance | |
|
||||
| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:121:9:121:10 | *v8 | provenance | |
|
||||
| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:130:9:130:10 | *v9 | provenance | |
|
||||
| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:135:9:135:11 | *v10 | provenance | |
|
||||
| consts.cpp:106:13:106:19 | *call to varFunc | consts.cpp:107:9:107:10 | *v5 | provenance | |
|
||||
| consts.cpp:111:7:111:13 | *call to varFunc | consts.cpp:112:9:112:10 | *v6 | provenance | |
|
||||
| consts.cpp:139:13:139:16 | readString output argument | consts.cpp:140:9:140:11 | *v11 | provenance | |
|
||||
| consts.cpp:139:13:139:16 | readString output argument | consts.cpp:140:9:140:11 | v11 | provenance | |
|
||||
| consts.cpp:144:16:144:18 | readStringRef output argument | consts.cpp:145:9:145:11 | *v12 | provenance | |
|
||||
| consts.cpp:144:16:144:18 | readStringRef output argument | consts.cpp:145:9:145:11 | v12 | provenance | |
|
||||
nodes
|
||||
| consts.cpp:24:7:24:9 | **gv1 | semmle.label | **gv1 |
|
||||
| consts.cpp:29:7:29:25 | **nonConstFuncToArray | semmle.label | **nonConstFuncToArray |
|
||||
| consts.cpp:85:7:85:8 | gets output argument | semmle.label | gets output argument |
|
||||
| consts.cpp:86:9:86:10 | *v1 | semmle.label | *v1 |
|
||||
| consts.cpp:90:7:90:10 | *call to gets | semmle.label | *call to gets |
|
||||
| consts.cpp:90:12:90:13 | gets output argument | semmle.label | gets output argument |
|
||||
| consts.cpp:91:9:91:10 | *v2 | semmle.label | *v2 |
|
||||
| consts.cpp:95:9:95:10 | *v3 | semmle.label | *v3 |
|
||||
| consts.cpp:100:9:100:10 | *v4 | semmle.label | *v4 |
|
||||
| consts.cpp:103:9:103:17 | *call to varFunc | semmle.label | *call to varFunc |
|
||||
| consts.cpp:106:13:106:19 | *call to varFunc | semmle.label | *call to varFunc |
|
||||
| consts.cpp:107:9:107:10 | *v5 | semmle.label | *v5 |
|
||||
| consts.cpp:111:7:111:13 | *call to varFunc | semmle.label | *call to varFunc |
|
||||
| consts.cpp:112:9:112:10 | *v6 | semmle.label | *v6 |
|
||||
| consts.cpp:116:9:116:13 | *access to array | semmle.label | *access to array |
|
||||
| consts.cpp:121:9:121:10 | *v8 | semmle.label | *v8 |
|
||||
| consts.cpp:126:9:126:30 | *call to nonConstFuncToArray | semmle.label | *call to nonConstFuncToArray |
|
||||
| consts.cpp:130:9:130:10 | *v9 | semmle.label | *v9 |
|
||||
| consts.cpp:135:9:135:11 | *v10 | semmle.label | *v10 |
|
||||
| consts.cpp:139:13:139:16 | readString output argument | semmle.label | readString output argument |
|
||||
| consts.cpp:139:13:139:16 | readString output argument | semmle.label | readString output argument |
|
||||
| consts.cpp:140:9:140:11 | *v11 | semmle.label | *v11 |
|
||||
| consts.cpp:140:9:140:11 | v11 | semmle.label | v11 |
|
||||
| consts.cpp:144:16:144:18 | readStringRef output argument | semmle.label | readStringRef output argument |
|
||||
| consts.cpp:144:16:144:18 | readStringRef output argument | semmle.label | readStringRef output argument |
|
||||
| consts.cpp:145:9:145:11 | *v12 | semmle.label | *v12 |
|
||||
| consts.cpp:145:9:145:11 | v12 | semmle.label | v12 |
|
||||
subpaths
|
||||
#select
|
||||
| consts.cpp:86:9:86:10 | *v1 | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:86:9:86:10 | *v1 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:86:2:86:7 | call to printf | printf |
|
||||
| consts.cpp:91:9:91:10 | *v2 | consts.cpp:90:7:90:10 | *call to gets | consts.cpp:91:9:91:10 | *v2 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:91:2:91:7 | call to printf | printf |
|
||||
| consts.cpp:95:9:95:10 | *v3 | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:95:9:95:10 | *v3 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:95:2:95:7 | call to printf | printf |
|
||||
| consts.cpp:95:9:95:10 | *v3 | consts.cpp:90:12:90:13 | gets output argument | consts.cpp:95:9:95:10 | *v3 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:95:2:95:7 | call to printf | printf |
|
||||
| consts.cpp:100:9:100:10 | *v4 | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:100:9:100:10 | *v4 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:100:2:100:7 | call to printf | printf |
|
||||
| consts.cpp:100:9:100:10 | *v4 | consts.cpp:90:12:90:13 | gets output argument | consts.cpp:100:9:100:10 | *v4 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:100:2:100:7 | call to printf | printf |
|
||||
| consts.cpp:103:9:103:17 | *call to varFunc | consts.cpp:103:9:103:17 | *call to varFunc | consts.cpp:103:9:103:17 | *call to varFunc | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:103:2:103:7 | call to printf | printf |
|
||||
| consts.cpp:107:9:107:10 | *v5 | consts.cpp:106:13:106:19 | *call to varFunc | consts.cpp:107:9:107:10 | *v5 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:107:2:107:7 | call to printf | printf |
|
||||
| consts.cpp:112:9:112:10 | *v6 | consts.cpp:111:7:111:13 | *call to varFunc | consts.cpp:112:9:112:10 | *v6 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:112:2:112:7 | call to printf | printf |
|
||||
| consts.cpp:116:9:116:13 | *access to array | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:116:9:116:13 | *access to array | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:116:2:116:7 | call to printf | printf |
|
||||
| consts.cpp:116:9:116:13 | *access to array | consts.cpp:90:7:90:10 | *call to gets | consts.cpp:116:9:116:13 | *access to array | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:116:2:116:7 | call to printf | printf |
|
||||
| consts.cpp:116:9:116:13 | *access to array | consts.cpp:90:12:90:13 | gets output argument | consts.cpp:116:9:116:13 | *access to array | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:116:2:116:7 | call to printf | printf |
|
||||
| consts.cpp:121:9:121:10 | *v8 | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:121:9:121:10 | *v8 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:121:2:121:7 | call to printf | printf |
|
||||
| consts.cpp:121:9:121:10 | *v8 | consts.cpp:90:7:90:10 | *call to gets | consts.cpp:121:9:121:10 | *v8 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:121:2:121:7 | call to printf | printf |
|
||||
| consts.cpp:121:9:121:10 | *v8 | consts.cpp:90:12:90:13 | gets output argument | consts.cpp:121:9:121:10 | *v8 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:121:2:121:7 | call to printf | printf |
|
||||
| consts.cpp:126:9:126:30 | *call to nonConstFuncToArray | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:126:9:126:30 | *call to nonConstFuncToArray | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:126:2:126:7 | call to printf | printf |
|
||||
| consts.cpp:126:9:126:30 | *call to nonConstFuncToArray | consts.cpp:90:12:90:13 | gets output argument | consts.cpp:126:9:126:30 | *call to nonConstFuncToArray | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:126:2:126:7 | call to printf | printf |
|
||||
| consts.cpp:130:9:130:10 | *v9 | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:130:9:130:10 | *v9 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:130:2:130:7 | call to printf | printf |
|
||||
| consts.cpp:130:9:130:10 | *v9 | consts.cpp:90:12:90:13 | gets output argument | consts.cpp:130:9:130:10 | *v9 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:130:2:130:7 | call to printf | printf |
|
||||
| consts.cpp:135:9:135:11 | *v10 | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:135:9:135:11 | *v10 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:135:2:135:7 | call to printf | printf |
|
||||
| consts.cpp:135:9:135:11 | *v10 | consts.cpp:90:12:90:13 | gets output argument | consts.cpp:135:9:135:11 | *v10 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:135:2:135:7 | call to printf | printf |
|
||||
| consts.cpp:140:9:140:11 | *v11 | consts.cpp:139:13:139:16 | readString output argument | consts.cpp:140:9:140:11 | *v11 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:140:2:140:7 | call to printf | printf |
|
||||
| consts.cpp:140:9:140:11 | v11 | consts.cpp:139:13:139:16 | readString output argument | consts.cpp:140:9:140:11 | v11 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:140:2:140:7 | call to printf | printf |
|
||||
| consts.cpp:145:9:145:11 | *v12 | consts.cpp:144:16:144:18 | readStringRef output argument | consts.cpp:145:9:145:11 | *v12 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:145:2:145:7 | call to printf | printf |
|
||||
| consts.cpp:145:9:145:11 | v12 | consts.cpp:144:16:144:18 | readStringRef output argument | consts.cpp:145:9:145:11 | v12 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:145:2:145:7 | call to printf | printf |
|
||||
|
||||
Reference in New Issue
Block a user