blob: ba80f4ad8cedd44734ab32e1fc17eb41d8622bf7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
/**
* @name Use of potentially dangerous function
* @description Certain standard library functions are dangerous to call.
* @kind problem
* @problem.severity error
* @precision high
* @id cpp/potentially-dangerous-function
* @tags reliability
* security
*
* Borrowed from
* https://github.com/Semmle/ql/blob/master/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
*/
import cpp
predicate potentiallyDangerousFunction(Function f, string message) {
(
f.getQualifiedName() = "fgets" and
message = "Call to fgets is potentially dangerous. Use read_line() instead."
) or (
f.getQualifiedName() = "strtok" and
message = "Call to strtok is potentially dangerous. Use extract_first_word() instead."
)
}
from FunctionCall call, Function target, string message
where
call.getTarget() = target and
potentiallyDangerousFunction(target, message)
select call, message
|