Merge branch '51-2cppnon-constant-format-alter-not-const-source' into cpp-non-constant-format-as-path-query

# Conflicts: # cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql
2026-05-01 03:35:13 +02:00 · 2024-02-16 10:49:05 -05:00
parent d6b0746b30 c38376a264
commit aa7c677e13
4 changed files with 34 additions and 38 deletions
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected
@@ -1,4 +1,3 @@
-| consts.cpp:81:9:81:10 | c8 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:86:9:86:10 | v1 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:91:9:91:10 | v2 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:95:9:95:10 | v3 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/consts.cpp
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/consts.cpp
@@ -75,7 +75,7 @@ void a() {
 // GOOD: constFuncToArray() always returns a value from gc1, which is always constant
 printf(constFuncToArray(0));
  
- // BAD: format string is not constant
+ // BAD: format string is not constant [NOT DETECTED]
 char c8[10];
 sprintf(c8, "%d", 1);
 printf(c8);