Files
codeql/cpp/ql/lib/semmle/code/cpp/security/PrintfLike.qll
Andrew Eisenberg 2c5dd2dfa3 Packaging: Refactor the cpp libraries
This PR separates the core cpp packs into `codeql/cpp-queries` and
`codeql/cpp-all`.

There are very few lines of code changed. Almost all changes are moving
files around.
2021-08-17 11:22:36 -07:00

29 lines
917 B
Plaintext

/**
* Provides a predicate for identifying formatting functions like `printf`.
*
* Consider using the newer model in
* `semmle.code.cpp.models.interfaces.FormattingFunction` directly instead of
* this library.
*/
import semmle.code.cpp.commons.Printf
import external.ExternalArtifact
/**
* Holds if `func` is a `printf`-like formatting function and `formatArg` is
* the index of the format string argument.
*/
predicate printfLikeFunction(Function func, int formatArg) {
formatArg = func.(FormattingFunction).getFormatParameterIndex() and
not func instanceof UserDefinedFormattingFunction
or
primitiveVariadicFormatter(func, _, formatArg, _)
or
exists(ExternalData data |
// TODO Do this \ to / conversion in the toolchain?
data.getDataPath().replaceAll("\\", "/") = "cert/formatingFunction.csv" and
func.getName() = data.getField(0) and
formatArg = data.getFieldAsInt(1)
)
}