hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Add test cases for PotentiallyDangerousFunction.

Browse Source
This commit is contained in:
Geoffrey White
2019-04-04 16:26:53 +01:00
parent 15fa4f8b7a
commit a1e503f428
2 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cpp/ql/test/query-tests/Security/CWE/CWE-676/semmle/PotentiallyDangerousFunction/PotentiallyDangerousFunction.expected
View File

@@ -1,3 +1,3 @@
| test.c:28:22:28:27 | call to gmtime | Call to gmtime is potentially dangerous |
| test.c:39:2:39:5 | call to gets | gets does not guard against buffer overflow |
| test.c:40:6:40:9 | call to gets | gets does not guard against buffer overflow |
| test.c:31:22:31:27 | call to gmtime | Call to gmtime is potentially dangerous |
| test.c:42:2:42:5 | call to gets | gets does not guard against buffer overflow |
| test.c:43:6:43:9 | call to gets | gets does not guard against buffer overflow |

10
cpp/ql/test/query-tests/Security/CWE/CWE-676/semmle/PotentiallyDangerousFunction/test.c
View File

@@ -21,6 +21,9 @@ struct tm {
struct tm *gmtime(const time_t *timer);
time_t time(time_t *timer);
struct tm *localtime(const time_t *timer);
char *ctime(const time_t *timer);
char *asctime(const struct tm *timeptr);
// Code under test
@@ -39,3 +42,10 @@ void testGets() {
gets(buf1); // BAD: use of gets
s = gets(buf2); // BAD: use of gets
}
void testTime()
{
struct tm *now = localtime(time(NULL)); // BAD: localtime uses shared state [NOT DETECTED]
char *time_string = ctime(time(NULL)); // BAD: localtime uses shared state [NOT DETECTED]
char *time_string2 = asctime(now); // BAD: localtime uses shared state [NOT DETECTED]
}