mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-10-26 17:25:34 +03:00
lgtm: add a custom query for catching the use of fgets
As everybody knows, nodoby really reads CODING_STYLE (especially the last paragraph :-)) so let's utilize LGTM to help us catch the use of fgets.
This commit is contained in:
parent
9f1c81d80a
commit
f86c1da283
23
.lgtm/cpp-queries/fgets.ql
Normal file
23
.lgtm/cpp-queries/fgets.ql
Normal file
@ -0,0 +1,23 @@
|
||||
/**
|
||||
* @name Use of fgets()
|
||||
* @description fgets() is dangerous to call. Use read_line() instead.
|
||||
* @kind problem
|
||||
* @problem.severity error
|
||||
* @precision high
|
||||
* @id cpp/fgets
|
||||
* @tags reliability
|
||||
* security
|
||||
*/
|
||||
import cpp
|
||||
|
||||
|
||||
predicate dangerousFunction(Function function) {
|
||||
exists (string name | name = function.getQualifiedName() |
|
||||
name = "fgets")
|
||||
}
|
||||
|
||||
|
||||
from FunctionCall call, Function target
|
||||
where call.getTarget() = target
|
||||
and dangerousFunction(target)
|
||||
select call, target.getQualifiedName() + " is potentially dangerous"
|
Loading…
Reference in New Issue
Block a user