hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Improve docs based on doc-review

Browse Source 
Thanks to @mchammer01 and @geoffw0 for the suggestions latest.
This commit is contained in:
Nora Dimitrijević
2022-08-30 11:14:57 +02:00
parent 7d24d96d80
commit e10042be7d
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cpp/ql/src/Critical/MissingCheckScanf.qhelp
View File

@@ -12,8 +12,8 @@ improper return-value checking.
<p>
Specifically, the query flags uses of variables that may have been modified by
<tt>scanf</tt> and subsequently are used without being guarded by a correct
return-value check. A proper check is one that asserts the corresponding
<tt>scanf</tt> to have returned (at least) a certain minimum constant.
return-value check. A proper check is one that ensures that the corresponding
<tt>scanf</tt> has returned (at least) a certain minimum constant.
</p>
<p>
Functions in the <tt>scanf</tt> family return either EOF (a negative value)
@@ -24,7 +24,7 @@ is not enough.
<warning>
This query has medium precision because, in the current implementation, it
takes a strict stance on unguarded uses of output variables, and flags them
as problematic even if they had already been initialized.
as problematic even if they have already been initialized.
</warning>
</overview>
@@ -46,6 +46,6 @@ input. This can be done by comparing the return value to a numerical constant.
<references>
<li>SEI CERT C++ Coding Standard: <a href="https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR62-CPP.+Detect+errors+when+converting+a+string+to+a+number">ERR62-CPP. Detect errors when converting a string to a number</a>.</li>
<li>SEI CERT C Coding Standard: <a href="https://wiki.sei.cmu.edu/confluence/display/c/ERR33-C.+Detect+and+handle+standard+library+errors">ERR33-C. Detect and handle standard library errors</a>.</li>
<li>cppreference.com: <a href="https://en.cppreference.com/w/c/io/fscanf">scanf, fscanf, sscanf, scanf_s, fscanf_s, sscanf_s</a></li>
<li>cppreference.com: <a href="https://en.cppreference.com/w/c/io/fscanf">scanf, fscanf, sscanf, scanf_s, fscanf_s, sscanf_s</a>.</li>
</references>
</qhelp>

4
cpp/ql/src/Critical/MissingCheckScanf.ql
View File

@@ -1,7 +1,7 @@
/**
* @name Missing return-value check for a 'scanf'-like function
* @description Without checking that a call to 'scanf' actually wrote to an
* output variable, reading from it can lead to unexpected behavior.
* @description Failing to check that a call to 'scanf' actually writes to an
* output variable can lead to unexpected behavior at reading time.
* @kind problem
* @problem.severity recommendation
* @security-severity 4.5