Though the codeql/cwe-scores update-queries.py script did not make any changes on its own,
I looked up the score of the CWEs that @geoffw0 suggested using the explain.py script.
As discussed elsewhere, this should be more of a warning than a recommendation.
Extract some of the logic from the `cpp/missing-check-scanf` query into
the more generally useful `getOutputArgument(int index)`, `getAnOutputArgument()`,
and `getNumberOfOutputArguments()` predicates.
There are still some remaining FPs (haven't fully tested them)
that should be ironed out in a follow-up to increase the precision, e.g.:
* if scanf(&i) != 1 return
if maybe() && scanf(&i) != 1 return
use(i) // should be OK on both counts
* The minimum guard constant for the *_s variants may not be right.
* int i[2]
scanf(i, i+1) // second i is flagged as a use of the first
* Maybe loosen the "unguarded or badly guarded use() = bad" policy to
"unguarded but already-initialized = good" and "badly guarded = bad",
since a lot of FPs in MRVA fall into the "unguarded but already-
initialized" bucket.
