Update DangerousUseMbtowc.ql

ihsinme · web-flow · commit 9d12f1be53c4 · 2022-06-02T14:34:38.000+03:00
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-125/DangerousUseMbtowc.ql b/cpp/ql/src/experimental/Security/CWE/CWE-125/DangerousUseMbtowc.ql
@@ -19,7 +19,10 @@ predicate exprMayBeString(Expr exp) {
     exists(StringLiteral sl | globalValueNumber(exp) = globalValueNumber(sl))
     or
     exists(FunctionCall fctmp |
-      globalValueNumber(fctmp.getAnArgument()) = globalValueNumber(exp) and
+      (
+        fctmp.getAnArgument().(VariableAccess).getTarget() = exp.(VariableAccess).getTarget() or
+        globalValueNumber(fctmp.getAnArgument()) = globalValueNumber(exp)
+      ) and
       fctmp.getTarget().hasGlobalOrStdName(["strlen", "strcat", "strncat", "strcpy", "sptintf"])
     )
     or
