hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 08:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Limiting << operator to ostream, and putting this check at the same location as the check for basic_string for + operator.

Browse Source
This commit is contained in:
Benjamin Rodes
2024-01-04 15:25:47 -05:00
parent 8d84540a54
commit e9bb3b4b28
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll
View File

@@ -21,16 +21,16 @@ class StringConcatenation extends Call {
or
this.getTarget() instanceof StrlcatFunction
or
// operator+ concat
// operator+ and ostream (<<) concat
exists(Call call, Operator op |
call.getTarget() = op and
op.hasQualifiedName(["std", "bsl"], "operator+") and
op.getType().(UserType).hasQualifiedName(["std", "bsl"], "basic_string") and
op.hasQualifiedName(["std", "bsl"], ["operator+", "operator<<"]) and
op.getType()
.stripType()
.(UserType)
.hasQualifiedName(["std", "bsl"], ["basic_string", "basic_ostream"]) and
this = call
)
or
// string stream concat (operator<<)
this.getTarget().hasQualifiedName(["std", "bsl"], "operator<<")
}
/**