C++: Fix false positives involving STDIN_FILENO.

2026-04-29 10:45:15 +02:00 · 2021-09-07 13:49:22 +01:00
parent 3ba9e80635
commit e696eaaa2f
3 changed files with 16 additions and 3 deletions
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
@@ -5,4 +5,3 @@
 | test3.cpp:70:3:70:6 | call to send | test3.cpp:68:21:68:29 | password1 |
 | test3.cpp:77:3:77:6 | call to recv | test3.cpp:75:15:75:22 | password |
 | test3.cpp:95:3:95:6 | call to read | test3.cpp:95:12:95:19 | password |
-| test3.cpp:102:3:102:6 | call to read | test3.cpp:102:12:102:19 | password |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test3.cpp
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test3.cpp
@@ -99,7 +99,7 @@ void test_read()
 		char password[256];
 		int fd = STDIN_FILENO;

-		read(fd, password, 256); // GOOD: `password` is received from stdin, not a network socket [FALSE POSITIVE]
+		read(fd, password, 256); // GOOD: `password` is received from stdin, not a network socket
 	}
 }