Update test.cpp

2026-04-28 18:25:24 +02:00 · 2022-03-01 16:36:24 +03:00
parent bfec3c5e6e
commit e9fefab9b1
1 changed files with 54 additions and 6 deletions
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-754/semmle/tests/test.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-754/semmle/tests/test.cpp
@@ -1,45 +1,92 @@
 int scanf(const char *format, ...);
 int globalVal;
+char * globalVala;
+int * globalValp;
+char globalVala2;
 int functionWork1() {
  int i;
-  if (scanf("%i", &i) == 1) // GOOD
-    return i;
-  else
+  char a[10];
+  int b;
+  int *p = &b;
+  if (scanf("%i", &i) != 1) // GOOD
    return -1;
+  if (scanf("%s", a) != 1) // GOOD
+    return -1;
+  if (scanf("%i", p) != 1) // GOOD
+    return -1;
+  return i;
 }

 int functionWork1_() {
  int i;
+  char a[10];
+  int b;
+  int *p = &b;
  int r;
  r = scanf("%i", &i);
-  if (r == 1) // GOOD
-    return i;
-  else
+  if (r != 1) // GOOD
    return -1;
+  r = scanf("%s", a);
+  if (r == 1) // GOOD
+    return -1;
+  r = scanf("%i", p);
+  if (r != 1) // GOOD
+    return -1;
+  return i;
 }

 int functionWork1b() {
  int i;
+  char a[10];
+  int b;
+  int *p = &b;
  scanf("%i", &i); // BAD
+  scanf("%s", a); // BAD
+  scanf("%i", p); // BAD
  return i;
 }

 int functionWork2() {
  int i = 0;
+  char a[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+  int b = 1;
+  int *p = &b;
  scanf("%i", &i); // GOOD:the error can be determined by examining the initial value.
+  scanf("%s", a); // GOOD:the error can be determined by examining the initial value.
+  scanf("%i", p); // GOOD:the error can be determined by examining the initial value.
  return i;
 }

 int functionWork2_() {
  int i;
  i = 0;
+  char a[10];
+  a[0] = 0;
+  int b;
+  b=1;
+  int *p = &b;
  scanf("%i", &i); // GOOD:the error can be determined by examining the initial value.
+  scanf("%s", a); // GOOD:the error can be determined by examining the initial value.
+  scanf("%i", p); // GOOD:the error can be determined by examining the initial value.
  return i;
 }
 int functionWork2b() {
  int i;
+  char a[10];
+  int b;
+  int *p = &b;
  scanf("%i", &i); // BAD
+  scanf("%s", a); // BAD
+  scanf("%i", p); // BAD
  globalVal = i;
+  globalVala = a;
+  globalValp = p;
+  return 0;
+}
+int functionWork2b_() {
+  char a[10];
+  scanf("%s", a); // BAD
+  globalVala2 = a[0];
  return 0;
 }

@@ -50,4 +97,5 @@ void functionRunner() {
  functionWork2();
  functionWork2_();
  functionWork2b();
+  functionWork2b_();
 }