Take into account that the 4th argument of openat may be omitted

jketema · jketema · commit dbac9277214e · 2022-02-01T11:41:07.000+01:00
This matches what is done for `open`.
diff --git a/cpp/ql/src/Security/CWE/CWE-732/FilePermissions.qll b/cpp/ql/src/Security/CWE/CWE-732/FilePermissions.qll
@@ -111,12 +111,18 @@ class CreatCreationExpr extends FileCreationExpr {
 class OpenatCreationExpr extends FileCreationExpr {
   OpenatCreationExpr() {
     this.getTarget().getName() = "openat" and
-    this.getNumberOfArguments() = 4
+    sets(this.getArgument(2).getValue().toInt(), o_creat())
   }
 
   override Expr getPath() { result = this.getArgument(1) }
 
-  override int getMode() { result = this.getArgument(3).getValue().toInt() }
+  override int getMode() {
+    if exists(this.getArgument(3))
+    then result = this.getArgument(3).getValue().toInt()
+    else
+      // assume anything is permitted
+      result = 0.bitNot()
+  }
 }
 
 private int fopenMode() {
