CPP: Extend coverage.

cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql

@@ -12,9 +12,14 @@
 import cpp
 
 predicate potentiallyDangerousFunction(Function f, string message) {
-  (
+  exists(string name | name = f.getQualifiedName() |
-    f.getQualifiedName() = "gmtime" and
+    (
-    message = "Call to gmtime is potentially dangerous"
+      name = "gmtime" or
+      name = "localtime" or
+      name = "ctime" or
+      name = "asctime"
+    ) and
+    message = "Call to " + name + " is potentially dangerous"
   ) or (
     f.getQualifiedName() = "gets" and
     message = "gets does not guard against buffer overflow"

cpp/ql/test/query-tests/Security/CWE/CWE-676/semmle/PotentiallyDangerousFunction/PotentiallyDangerousFunction.expected

@@ -1,3 +1,6 @@
 | test.c:31:22:31:27 | call to gmtime | Call to gmtime is potentially dangerous |
 | test.c:42:2:42:5 | call to gets | gets does not guard against buffer overflow |
 | test.c:43:6:43:9 | call to gets | gets does not guard against buffer overflow |
+| test.c:48:19:48:27 | call to localtime | Call to localtime is potentially dangerous |
+| test.c:49:22:49:26 | call to ctime | Call to ctime is potentially dangerous |
+| test.c:50:23:50:29 | call to asctime | Call to asctime is potentially dangerous |

cpp/ql/test/query-tests/Security/CWE/CWE-676/semmle/PotentiallyDangerousFunction/test.c

@@ -45,7 +45,7 @@ void testGets() {
 
 void testTime()
 {
-	struct tm *now = localtime(time(NULL)); // BAD: localtime uses shared state [NOT DETECTED]
+	struct tm *now = localtime(time(NULL)); // BAD: localtime uses shared state
-	char *time_string = ctime(time(NULL)); // BAD: localtime uses shared state [NOT DETECTED]
+	char *time_string = ctime(time(NULL)); // BAD: localtime uses shared state
-	char *time_string2 = asctime(now); // BAD: localtime uses shared state [NOT DETECTED]
+	char *time_string2 = asctime(now); // BAD: localtime uses shared state
 }