зеркало из https://github.com/github/codeql.git
C++: Add FP tests.
This commit is contained in:
Родитель
4ca6c80eb5
Коммит
a40c1d50b8
|
@ -52,6 +52,9 @@ edges
|
|||
| test.cpp:541:39:541:40 | sscanf output argument | test.cpp:549:8:549:8 | e | provenance | |
|
||||
| test.cpp:541:43:541:44 | sscanf output argument | test.cpp:545:8:545:8 | f | provenance | |
|
||||
| test.cpp:541:43:541:44 | sscanf output argument | test.cpp:550:8:550:8 | f | provenance | |
|
||||
| test.cpp:559:30:559:31 | scanf output argument | test.cpp:561:9:561:9 | i | provenance | |
|
||||
| test.cpp:567:35:567:36 | scanf output argument | test.cpp:569:9:569:9 | i | provenance | |
|
||||
| test.cpp:575:30:575:31 | scanf output argument | test.cpp:577:9:577:9 | i | provenance | |
|
||||
nodes
|
||||
| test.cpp:34:15:34:16 | scanf output argument | semmle.label | scanf output argument |
|
||||
| test.cpp:35:7:35:7 | i | semmle.label | i |
|
||||
|
@ -154,6 +157,12 @@ nodes
|
|||
| test.cpp:548:8:548:8 | d | semmle.label | d |
|
||||
| test.cpp:549:8:549:8 | e | semmle.label | e |
|
||||
| test.cpp:550:8:550:8 | f | semmle.label | f |
|
||||
| test.cpp:559:30:559:31 | scanf output argument | semmle.label | scanf output argument |
|
||||
| test.cpp:561:9:561:9 | i | semmle.label | i |
|
||||
| test.cpp:567:35:567:36 | scanf output argument | semmle.label | scanf output argument |
|
||||
| test.cpp:569:9:569:9 | i | semmle.label | i |
|
||||
| test.cpp:575:30:575:31 | scanf output argument | semmle.label | scanf output argument |
|
||||
| test.cpp:577:9:577:9 | i | semmle.label | i |
|
||||
subpaths
|
||||
#select
|
||||
| test.cpp:35:7:35:7 | i | test.cpp:34:15:34:16 | scanf output argument | test.cpp:35:7:35:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:34:3:34:7 | call to scanf | call to scanf |
|
||||
|
@ -177,3 +186,6 @@ subpaths
|
|||
| test.cpp:484:9:484:9 | i | test.cpp:480:25:480:26 | scanf output argument | test.cpp:484:9:484:9 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:480:13:480:17 | call to scanf | call to scanf |
|
||||
| test.cpp:495:8:495:8 | i | test.cpp:491:25:491:26 | scanf output argument | test.cpp:495:8:495:8 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:491:13:491:17 | call to scanf | call to scanf |
|
||||
| test.cpp:545:8:545:8 | f | test.cpp:541:43:541:44 | sscanf output argument | test.cpp:545:8:545:8 | f | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 3. | test.cpp:541:10:541:15 | call to sscanf | call to sscanf |
|
||||
| test.cpp:561:9:561:9 | i | test.cpp:559:30:559:31 | scanf output argument | test.cpp:561:9:561:9 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:559:18:559:22 | call to scanf | call to scanf |
|
||||
| test.cpp:569:9:569:9 | i | test.cpp:567:35:567:36 | scanf output argument | test.cpp:569:9:569:9 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:567:23:567:27 | call to scanf | call to scanf |
|
||||
| test.cpp:577:9:577:9 | i | test.cpp:575:30:575:31 | scanf output argument | test.cpp:577:9:577:9 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:575:18:575:22 | call to scanf | call to scanf |
|
||||
|
|
|
@ -553,3 +553,27 @@ void switch_cases(const char *data) {
|
|||
break;
|
||||
}
|
||||
}
|
||||
|
||||
void test_scanf_compared_right_away() {
|
||||
int i;
|
||||
bool success = scanf("%d", &i) == 1;
|
||||
if(success) {
|
||||
use(i); // GOOD [FALSE POSITIVE]
|
||||
}
|
||||
}
|
||||
|
||||
void test_scanf_compared_in_conjunct_right(bool b) {
|
||||
int i;
|
||||
bool success = b && scanf("%d", &i) == 1;
|
||||
if(success) {
|
||||
use(i); // GOOD [FALSE POSITIVE]
|
||||
}
|
||||
}
|
||||
|
||||
void test_scanf_compared_in_conjunct_left(bool b) {
|
||||
int i;
|
||||
bool success = scanf("%d", &i) == 1 && b;
|
||||
if(success) {
|
||||
use(i); // GOOD [FALSE POSITIVE]
|
||||
}
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче