Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 429f53e

Browse files
geoffw0geoffw0
committed
CPP: Move the 'gets' case.
1 parent a82832e commit 429f53e

3 files changed

Lines changed: 5 additions & 14 deletions

File tree

cpp/ql/src/Likely Bugs/Memory Management/PotentialBufferOverflow.ql

Lines changed: 0 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -18,20 +18,6 @@ abstract class PotentiallyDangerousFunctionCall extends FunctionCall {
1818
abstract string getDescription();
1919
}
2020

21-
class GetsCall extends PotentiallyDangerousFunctionCall {
22-
GetsCall() {
23-
this.getTarget().hasName("gets")
24-
}
25-
26-
override predicate isDangerous() {
27-
any()
28-
}
29-
30-
override string getDescription() {
31-
result = "gets does not guard against buffer overflow"
32-
}
33-
}
34-
3521
class SprintfCall extends PotentiallyDangerousFunctionCall {
3622
SprintfCall() {
3723
this.getTarget().hasName("sprintf") or this.getTarget().hasName("vsprintf")

cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,9 @@ predicate potentiallyDangerousFunction(Function f, string message) {
1515
(
1616
f.getQualifiedName() = "gmtime" and
1717
message = "Call to gmtime is potentially dangerous"
18+
) or (
19+
f.hasName("gets") and
20+
message = "gets does not guard against buffer overflow"
1821
)
1922
}
2023

cpp/ql/test/query-tests/Security/CWE/CWE-676/semmle/PotentiallyDangerousFunction/PotentiallyDangerousFunction.expected

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1 +1,3 @@
11
| test.c:28:22:28:27 | call to gmtime | Call to gmtime is potentially dangerous |
2+
| test.c:39:2:39:5 | call to gets | gets does not guard against buffer overflow |
3+
| test.c:40:6:40:9 | call to gets | gets does not guard against buffer overflow |

0 commit comments

Comments
 (0)