mirror of
https://github.com/github/codeql.git
synced 2025-12-17 09:13:20 +01:00
14 lines
544 B
Plaintext
14 lines
544 B
Plaintext
import semmle.code.cpp.dataflow.new.DataFlow
|
|
import semmle.code.cpp.commons.Printf
|
|
|
|
from FormattingFunction format, FunctionCall call, Expr formatString, DataFlow::Node sink
|
|
where
|
|
call.getTarget() = format and
|
|
call.getArgument(format.getFormatParameterIndex()) = formatString and
|
|
sink.asIndirectExpr(1) = formatString and
|
|
not exists(DataFlow::Node source |
|
|
DataFlow::localFlow(source, sink) and
|
|
source.asIndirectExpr(1) instanceof StringLiteral
|
|
)
|
|
select call, "Argument to " + format.getQualifiedName() + " isn't hard-coded."
|