C++: Refine examples and tests for cpp/memory-unsafe-function-scan (experimental) query #4805
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I ran this query today and found a false positive on an
sscanfcall. Because the source is a buffer, its perfectly possible to know or check the length beforehand and allocate sufficient space in the destination buffer, unlike forscanforfscanfwhere you don't tend to know what's coming.I was tempted to exclude
sscanfresults from the query, but this seems to be the majority of results in the wild and some of them look like good results to me. Maybe we can do something more clever. But for now I've just documented the problem through a test.Also fixed a mistake in one of the examples.