Switching to looking for explicit declaration of unsigned char, to avoid cases where unsigned char is the default char width for char.

bdrodes · bdrodes · commit 51e787b31657 · 2024-09-30T11:02:43.000-04:00
diff --git a/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql b/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql
@@ -37,7 +37,9 @@ Type getABaseType(Type t) {
 class UnlikelyToBeAStringType extends Type {
   UnlikelyToBeAStringType() {
     exists(Type targ |
-      targ.(CharType).isUnsigned() or
+      // NOTE: not using CharType isUnsigned, but rather look for any explicitly declared unsigned 
+      // char types. Assuming these are used for buffers, not strings.
+      targ.(CharType).getName().toLowerCase().matches(["unsigned%"]) or
       targ.getName().toLowerCase().matches(["uint8_t", "%byte%"])
     |
       getABaseType(this) = targ
