Merge pull request github#6540 from jbj/ctime-weaken-claims

geoffw0 · web-flow · commit 8f38ab011656 · 2021-08-24T17:01:23.000+01:00
C++:Lower potentially-dangerous-function precision
diff --git a/cpp/change-notes/2021-08-23-ctime-weaken-claims.md b/cpp/change-notes/2021-08-23-ctime-weaken-claims.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Lowered the precision of `cpp/potentially-dangerous-function` so it is run but not displayed on LGTM by default and so it's only run and displayed on Code Scanning if a broader suite like `cpp-security-extended` is opted into.
diff --git a/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.qhelp b/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.qhelp
@@ -26,7 +26,7 @@ can use their own storage.</p>
 <p>Similarly replace calls to <code>localtime</code> with
 <code>localtime_r</code>, calls to <code>ctime</code> with
 <code>ctime_r</code> and calls to <code>asctime</code> with
-<code>asctime_r</code>.</p>
+<code>asctime_r</code> (if those functions exist on your platform).</p>
 
 </recommendation>
 <example>
diff --git a/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql b/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
@@ -4,7 +4,7 @@
  * @kind problem
  * @problem.severity warning
  * @security-severity 10.0
- * @precision high
+ * @precision medium
  * @id cpp/potentially-dangerous-function
  * @tags reliability
  *       security

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+lgtm,codescanning`
	`2`	+* Lowered the precision of `cpp/potentially-dangerous-function` so it is run but not displayed on LGTM by default and so it's only run and displayed on Code Scanning if a broader suite like `cpp-security-extended` is opted into.