Skip to content

CPP: Add query for CWE-754: Improper Check for Unusual or Exceptional Conditions when using functions scanf #8246

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 22 commits into from
Mar 11, 2022
Merged

CPP: Add query for CWE-754: Improper Check for Unusual or Exceptional Conditions when using functions scanf #8246

merged 22 commits into from
Mar 11, 2022

Conversation

ihsinme
Copy link
Contributor

@ihsinme ihsinme commented Feb 25, 2022

the query looks for situations of working with scanf functions in situations where the developer has not left the possibility of controlling the correctness of work. There is no check of the returned value, the filled variable is not initialized and its value is not evaluated after the function has run. this leads to a situation where, continuing to work with a filled variable, the developer runs the risk of working with a randomly filled value at the declaration stage.

CVE-2019-15900

I'm working on a real fix for this issue.

@ihsinme ihsinme requested a review from a team as a code owner February 25, 2022 08:17
jketema
jketema reviewed Feb 28, 2022
View reviewed changes
Copy link
Contributor

@jketema jketema left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @ihsinme. Thanks for your contribution. Some comments below.

@ihsinme
Copy link
Contributor Author

ihsinme commented Mar 1, 2022

thanks for the comments.
I will try to fix everything as soon as possible.

jketema
jketema reviewed Mar 2, 2022
View reviewed changes
Copy link
Contributor

@jketema jketema left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates, especially making the tests cover more cases.

ihsinme and others added 2 commits March 8, 2022 07:42
@ihsinme @jketema
Apply suggestions from code review
c0c7748 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
@ihsinme
Update ImproperCheckReturnValueScanf.qhelp
8335778
@ihsinme
Copy link
Contributor Author

ihsinme commented Mar 8, 2022

I want to thank you for your corrections.
especially the English text.

jketema
jketema approved these changes Mar 11, 2022
View reviewed changes
Copy link
Contributor

@jketema jketema left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution and addressing my comments.

Not for this PR, but you might want to have a look at the data flow library https://codeql.github.com/docs/codeql-language-guides/analyzing-data-flow-in-cpp/. I think that a rewrite based on that library might help to improve the quality of the analysis of what happens after a scanf call.

@jketema jketema merged commit a8b2805 into github:main Mar 11, 2022
@ihsinme ihsinme mentioned this pull request Mar 14, 2022
Closed
2 tasks
@d10c d10c mentioned this pull request Aug 24, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Sergo2106 Sergo2106 Sergo2106 left review comments

@jketema jketema jketema approved these changes

Assignees

@jketema jketema

Labels
C++ documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ihsinme @jketema @Sergo2106