Address review comments

2026-05-02 12:15:17 +02:00 · 2022-02-02 10:09:47 +01:00
parent 5b8f56dcc6
commit bd859d99bf
4 changed files with 14 additions and 11 deletions
--- a/cpp/ql/src/Security/CWE/CWE-732/FilePermissions.qll
+++ b/cpp/ql/src/Security/CWE/CWE-732/FilePermissions.qll
@@ -98,7 +98,7 @@ class OpenCreationExpr extends FileCreationWithOptionalModeExpr {
  override predicate hasModeArgument() { exists(this.getArgument(2)) }

  override int getMode() {
-    if hasModeArgument()
+    if this.hasModeArgument()
    then result = this.getArgument(2).getValue().toInt()
    else
      // assume anything is permitted
@@ -125,7 +125,7 @@ class OpenatCreationExpr extends FileCreationWithOptionalModeExpr {
  override predicate hasModeArgument() { exists(this.getArgument(3)) }

  override int getMode() {
-    if hasModeArgument()
+    if this.hasModeArgument()
    then result = this.getArgument(3).getValue().toInt()
    else
      // assume anything is permitted
--- a/cpp/ql/src/Security/CWE/CWE-732/OpenCallMissingModeArgument.ql
+++ b/cpp/ql/src/Security/CWE/CWE-732/OpenCallMissingModeArgument.ql
@@ -2,7 +2,7 @@
 * @name File opened with O_CREAT flag but without mode argument
 * @description Opening a file with the O_CREAT flag but without mode argument reads arbitrary bytes from the stack.
 * @kind problem
- * @problem.severity warning
+ * @problem.severity error
 * @security-severity 7.8
 * @precision medium
 * @id cpp/open-call-with-mode-argument
@@ -16,4 +16,4 @@ import FilePermissions
 from FileCreationWithOptionalModeExpr fc
 where not fc.hasModeArgument()
 select fc,
-  "A file is created here without providing a mode argument, which may leak bits from the stack"
+  "A file is created here without providing a mode argument, which may leak bits from the stack."