From e0ba23d2c7e569a317e59e28b1272763d1faa95b Mon Sep 17 00:00:00 2001
From: Jonas Jensen <jbj@github.com>
Date: Tue, 16 Jun 2020 16:47:33 +0200
Subject: [PATCH] C++: @precision high for tainted-format-string*

I think these queries have excellent results on lgtm.com. Many of the
results come from projects that use `sprintf` like it's a templating
engine, trusting that values from `argv` or `getenv` contain the correct
number of `%s`. I think we want to flag that.

The structure of the change note is modeled after 91af51cf46.
---
 change-notes/1.25/analysis-cpp.md                               | 2 ++
 cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql     | 2 +-
 .../CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql     | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/change-notes/1.25/analysis-cpp.md b/change-notes/1.25/analysis-cpp.md
index 7ab98ffe859..47997f07052 100644
--- a/change-notes/1.25/analysis-cpp.md
+++ b/change-notes/1.25/analysis-cpp.md
@@ -13,6 +13,8 @@ The following changes in version 1.25 affect C/C++ analysis in all applications.
 
 | **Query**                  | **Expected impact**    | **Change**                                                       |
 |----------------------------|------------------------|------------------------------------------------------------------|
+| Uncontrolled format string (`cpp/tainted-format-string`) |  | This query is now displayed by default on LGTM. |
+| Uncontrolled format string (through global variable) (`cpp/tainted-format-string-through-global`) |  | This query is now displayed by default on LGTM. |
 
 ## Changes to libraries
 
diff --git a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
index 91ccc5c4d40..b64091263e0 100644
--- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
+++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
@@ -5,7 +5,7 @@
  *              or data representation problems.
  * @kind path-problem
  * @problem.severity warning
- * @precision medium
+ * @precision high
  * @id cpp/tainted-format-string
  * @tags reliability
  *       security
diff --git a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql
index 96cffdb024b..d38f3eb24c2 100644
--- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql
+++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql
@@ -5,7 +5,7 @@
  *              or data representation problems.
  * @kind path-problem
  * @problem.severity warning
- * @precision medium
+ * @precision high
  * @id cpp/tainted-format-string-through-global
  * @tags reliability
  *       security