Update InsecureTemporaryFile.ql

ihsinme · web-flow · commit c8a4a8b96517 · 2021-10-29T09:44:43.000+03:00
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql b/cpp/ql/src/experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql
@@ -39,6 +39,7 @@ predicate numberArgumentWrite(Function f, int apos) {
 
 from FunctionCall fc, string msg
 where
+  // search for functions for generating a name, without a guarantee of the absence of a file during the period of work with it.
   (
     fc.getTarget().hasGlobalOrStdName("tmpnam") or
     fc.getTarget().hasGlobalOrStdName("tmpnam_s") or
@@ -53,6 +54,7 @@ where
   msg =
     "Finding the name of a file that does not exist does not mean that it will not be exist at the next operation."
   or
+  // finding places to work with a file without setting permissions, but with predictable names.
   (
     fc.getTarget().hasGlobalOrStdName("fopen") or
     fc.getTarget().hasGlobalOrStdName("open")

Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,7 @@ predicate numberArgumentWrite(Function f, int apos) {`
`39`	`39`
`40`	`40`	`from FunctionCall fc, string msg`
`41`	`41`	`where`
	`42`	`+ // search for functions for generating a name, without a guarantee of the absence of a file during the period of work with it.`
`42`	`43`	`(`
`43`	`44`	`fc.getTarget().hasGlobalOrStdName("tmpnam") or`
`44`	`45`	`fc.getTarget().hasGlobalOrStdName("tmpnam_s") or`
`@@ -53,6 +54,7 @@ where`
`53`	`54`	`msg =`
`54`	`55`	`"Finding the name of a file that does not exist does not mean that it will not be exist at the next operation."`
`55`	`56`	`or`
	`57`	`+ // finding places to work with a file without setting permissions, but with predictable names.`
`56`	`58`	`(`
`57`	`59`	`fc.getTarget().hasGlobalOrStdName("fopen") or`
`58`	`60`	`fc.getTarget().hasGlobalOrStdName("open")`