Merge pull request github#12325 from MathiasVP/gets-return-deref

MathiasVP · web-flow · commit f9c724d9a3ff · 2023-02-27T18:39:36.000Z
C++: Make `gets` indirect output a LocalFlowSource
diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Gets.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Gets.qll
@@ -97,10 +97,11 @@ private class GetsFunction extends DataFlowFunction, ArrayFunction, AliasFunctio
   }
 
   override predicate hasLocalFlowSource(FunctionOutput output, string description) {
-    output.isParameterDeref(0) and
-    description = "string read by " + this.getName()
-    or
-    output.isReturnValue() and
+    (
+      output.isParameterDeref(0) or
+      output.isReturnValue() or
+      output.isReturnValueDeref()
+    ) and
     description = "string read by " + this.getName()
   }
 

Original file line number	Diff line number	Diff line change
`@@ -97,10 +97,11 @@ private class GetsFunction extends DataFlowFunction, ArrayFunction, AliasFunctio`
`97`	`97`	`}`
`98`	`98`
`99`	`99`	`override predicate hasLocalFlowSource(FunctionOutput output, string description) {`
`100`		`- output.isParameterDeref(0) and`
`101`		`- description = "string read by " + this.getName()`
`102`		`- or`
`103`		`- output.isReturnValue() and`
	`100`	`+ (`
	`101`	`+ output.isParameterDeref(0) or`
	`102`	`+ output.isReturnValue() or`
	`103`	`+ output.isReturnValueDeref()`
	`104`	`+ ) and`
`104`	`105`	`description = "string read by " + this.getName()`
`105`	`106`	`}`
`106`	`107`