Apply suggestions from code review

Co-authored-by: Jeroen Ketema <[email protected]>

Author: ihsinme

cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.cpp

@@ -1,10 +1,10 @@
 ...
-  r = scanf("%i", i);
+  r = scanf("%i", &i);
   if (r == 1) // GOOD
     return i;
   else
     return -1;
 ...
-  scanf("%i", i); // BAD
+  scanf("%i", &i); // BAD
   return i;
 ...

cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql

@@ -1,5 +1,5 @@
 /**
- * @name Improper check return value scanf.
+ * @name Improper check return value scanf
  * @description Using a function call without the ability to evaluate the correctness of the work can lead to unexpected results.
  * @kind problem
  * @id cpp/improper-check-return-value-scanf
@@ -15,20 +15,16 @@ import cpp
 import semmle.code.cpp.commons.Exclusions
 import semmle.code.cpp.valuenumbering.GlobalValueNumbering
 
-/** Returns the starting position of the argument being filled. */
+/** Returns the position of the first argument being filled. */
 int posArgumentInFunctionCall(FunctionCall fc) {
   (
     (
-      fc.getTarget().hasGlobalOrStdName("scanf") or
-      fc.getTarget().hasGlobalOrStdName("scanf_s")
+      fc.getTarget().hasGlobalOrStdName(["scanf", "scanf_s"])
     ) and
     result = 1
     or
     (
-      fc.getTarget().hasGlobalOrStdName("fscanf") or
-      fc.getTarget().hasGlobalOrStdName("sscanf") or
-      fc.getTarget().hasGlobalOrStdName("fscanf_s") or
-      fc.getTarget().hasGlobalOrStdName("sscanf_s")
+      fc.getTarget().hasGlobalOrStdName(["fscanf", "sscanf", "fscanf_s", "sscanf_s"])
     ) and
     result = 2
   )

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-754/semmle/tests/test.cpp

@@ -2,7 +2,7 @@ int scanf(const char *format, ...);
 int globalVal;
 int functionWork1() {
   int i;
-  if (scanf("%i", i) == 1) // GOOD
+  if (scanf("%i", &i) == 1) // GOOD
     return i;
   else
     return -1;
@@ -11,7 +11,7 @@ int functionWork1() {
 int functionWork1_() {
   int i;
   int r;
-  r = scanf("%i", i);
+  r = scanf("%i", &i);
   if (r == 1) // GOOD
     return i;
   else
@@ -20,25 +20,25 @@ int functionWork1_() {
 
 int functionWork1b() {
   int i;
-  scanf("%i", i); // BAD
+  scanf("%i", &i); // BAD
   return i;
 }
 
 int functionWork2() {
   int i = 0;
-  scanf("%i", i); // GOOD:the error can be determined by examining the initial value.
+  scanf("%i", &i); // GOOD:the error can be determined by examining the initial value.
   return i;
 }
 
 int functionWork2_() {
   int i;
   i = 0;
-  scanf("%i", i); // GOOD:the error can be determined by examining the initial value.
+  scanf("%i", &i); // GOOD:the error can be determined by examining the initial value.
   return i;
 }
 int functionWork2b() {
   int i;
-  scanf("%i", i); // BAD
+  scanf("%i", &i); // BAD
   globalVal = i;
   return 0;
 }