hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-21 23:14:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

Updating tests to account for removing const char* heuristic.

Browse Source
This commit is contained in:
Benjamin Rodes
2024-02-15 09:54:03 -05:00
parent caf2ee27fa
commit 9e50fc6893
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.expected
View File

@@ -1,6 +1,8 @@
| NonConstantFormat.c:30:10:30:16 | access to array | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| NonConstantFormat.c:41:9:41:27 | call to any_random_function | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| NonConstantFormat.c:45:9:45:48 | call to gettext | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| nested.cpp:21:23:21:26 | fmt0 | The format string argument to snprintf should be constant to prevent security issues and other potential errors. |
| nested.cpp:79:32:79:38 | call to get_fmt | The format string argument to diagnostic should be constant to prevent security issues and other potential errors. |
| nested.cpp:87:18:87:20 | fmt | The format string argument to diagnostic should be constant to prevent security issues and other potential errors. |
| test.cpp:51:10:51:21 | call to make_message | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:130:20:130:26 | access to array | The format string argument to sprintf should be constant to prevent security issues and other potential errors. |

6
cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/nested.cpp
View File

@@ -18,7 +18,7 @@ extern "C" int snprintf ( char * s, int n, const char * format, ... );
struct A {
void do_print(const char *fmt0) {
char buf[32];
snprintf(buf, 32, fmt0); // GOOD, all paths to year use const char*
snprintf(buf, 32, fmt0); // BAD, all paths from unknown const char*, not assuming literal
}
};
@@ -34,7 +34,7 @@ struct C {
void do_some_printing(const char *fmt) {
b.do_printing(fmt);
}
const char *ext_fmt_str(void);
const char *ext_fmt_str(void); // NOTE: not assuming result is literal
};
void foo(void) {
@@ -76,7 +76,7 @@ void diagnostic(const char *fmt, ...)
}
void bar(void) {
diagnostic (some_instance->get_fmt()); // GOOD get_fmt is const char* assumed static
diagnostic (some_instance->get_fmt()); // BAD const char* but not assuming literal
}
namespace ns {