Add files via upload

ihsinme · web-flow · commit 99740876cb51 · 2021-11-14T11:28:27.000+03:00
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/test1.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/test1.cpp
@@ -0,0 +1,17 @@
+typedef int FILE;
+FILE *fopen(const char *filename, const char *mode);
+int umask(int pmode);
+int chmod(char * filename,int pmode);
+int fprintf(FILE *fp,const char *fmt, ...);
+int fclose(FILE *stream);
+
+int main(int argc, char *argv[])
+{
+  //umask(0022);
+  FILE *fp;
+  fp = fopen("myFile.txt","w"); // BAD
+  //chmod("myFile.txt",0644);
+  fprintf(fp,"%s\n","data to file");
+  fclose(fp);
+  return 0;
+}
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/test2.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/semmle/tests/test2.cpp
@@ -0,0 +1,18 @@
+typedef int FILE;
+FILE *fopen(const char *filename, const char *mode);
+int umask(int pmode);
+int chmod(char * filename,int pmode);
+int fprintf(FILE *fp,const char *fmt, ...);
+char *fgets(char *str, int num, FILE *stream);
+int fclose(FILE *stream);
+
+int main(int argc, char *argv[])
+{
+  FILE *fp;
+  char buf[128];
+  fp = fopen("myFile.txt","w"); // BAD [NOT DETECTED]
+  fgets(buf,128,fp); 
+  fprintf(fp,"%s\n","data to file");
+  fclose(fp);
+  return 0;
+}
