CPP: Add query for CWE-754: Improper Check for Unusual or Exceptional Conditions when using functions scanf by ihsinme · Pull Request #8246 · github/codeql

ihsinme · 2022-02-25T08:17:01Z

the query looks for situations of working with scanf functions in situations where the developer has not left the possibility of controlling the correctness of work. There is no check of the returned value, the filled variable is not initialized and its value is not evaluated after the function has run. this leads to a situation where, continuing to work with a filled variable, the developer runs the risk of working with a randomly filled value at the declaration stage.

CVE-2019-15900

I'm working on a real fix for this issue.

up to head

jketema

Hi @ihsinme. Thanks for your contribution. Some comments below.

cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.qhelp

cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql

ihsinme · 2022-03-01T06:34:57Z

thanks for the comments.
I will try to fix everything as soon as possible.

Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>

jketema

Thanks for the updates, especially making the tests cover more cases.

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-754/semmle/tests/test.cpp

Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>

cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.qhelp

cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-754/semmle/tests/test.cpp

Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>

ihsinme · 2022-03-08T05:13:24Z

I want to thank you for your corrections.
especially the English text.

ihsinme · 2022-03-08T05:13:24Z

I want to thank you for your corrections.
especially the English text.

jketema

Thanks for the contribution and addressing my comments.

Not for this PR, but you might want to have a look at the data flow library https://codeql.github.com/docs/codeql-language-guides/analyzing-data-flow-in-cpp/. I think that a rewrite based on that library might help to improve the quality of the analysis of what happens after a scanf call.

ihsinme added 3 commits February 25, 2022 11:04

Merge pull request #1 from github/main

3d1f4d5

up to head

Add files via upload

bddb5fd

Add files via upload

0c8a072

ihsinme requested a review from a team as a code owner February 25, 2022 08:17

github-actions bot added C++ documentation labels Feb 25, 2022

MathiasVP assigned jketema Feb 28, 2022

jketema reviewed Feb 28, 2022

View reviewed changes

ihsinme and others added 4 commits March 1, 2022 10:49

Apply suggestions from code review

d772ea0

Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>

Update ImproperCheckReturnValueScanf.expected

bfec3c5

Update test.cpp

e9fefab

Update ImproperCheckReturnValueScanf.ql

a6654fc

jketema reviewed Mar 2, 2022

View reviewed changes

ihsinme and others added 7 commits March 3, 2022 10:14

Apply suggestions from code review

1a30b8d

Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>

Update test.cpp

547342c

Update test.cpp

2dc85e1

Update test.cpp

25b3aba

Update test.cpp

8e0c0ad

Update ImproperCheckReturnValueScanf.expected

bec4170

Update test.cpp

01f9114