CPP: Extend coverage.

2026-04-28 10:15:14 +02:00 · 2019-04-04 16:31:02 +01:00
parent a1e503f428
commit a437e6c103
3 changed files with 14 additions and 6 deletions
--- a/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
+++ b/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
@@ -12,9 +12,14 @@
 import cpp

 predicate potentiallyDangerousFunction(Function f, string message) {
-  (
-    f.getQualifiedName() = "gmtime" and
-    message = "Call to gmtime is potentially dangerous"
+  exists(string name | name = f.getQualifiedName() |
+    (
+      name = "gmtime" or
+      name = "localtime" or
+      name = "ctime" or
+      name = "asctime"
+    ) and
+    message = "Call to " + name + " is potentially dangerous"
  ) or (
    f.getQualifiedName() = "gets" and
    message = "gets does not guard against buffer overflow"