C++: Add more scanf testing.

Author: MathiasVP

cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp

@@ -131,3 +131,41 @@ void test_strsafe_gets() {
 		StringCchGetsExA(dest, sizeof(dest), &end, &remaining, 0); // $ local_source
 	}
 }
+
+int scanf_s(const char *format, ...);
+int fscanf_s(FILE *stream, const char *format, ...);
+
+void test_scanf_s(FILE *stream) {
+  {
+  int n1, n2;
+  scanf_s(
+    "%d",
+    &n1, // $ MISSING: local_source
+    &n2); // $ MISSING: local_source
+  }
+
+  {
+  int n;
+  fscanf_s(stream, "%d", &n); // $ MISSING: remote_source
+  }
+
+  {
+  int n1, n2;
+  char buf[256];
+  scanf_s("%d %s",
+    &n1, // $ MISSING: local_source
+    buf, // $ MISSING: local_source
+    256,
+    &n2); // $ MISSING: local_source
+  }
+
+  {
+  int n1, n2;
+  char buf[256];
+  fscanf_s(stream, "%d %s",
+    &n1, // $ MISSING: remote_source
+    buf, // $ MISSING: remote_source
+    256,
+    &n2); // $ MISSING: remote_source
+  }
+}

cpp/ql/test/library-tests/scanf/scanfFormatLiteral.expected

@@ -1,5 +1,5 @@
-| test.c:18:2:18:6 | call to scanf | 0 | s | 0 | 0 |
-| test.c:19:2:19:7 | call to fscanf | 0 | s | 10 | 10 |
-| test.c:19:2:19:7 | call to fscanf | 1 | i | 0 | 0 |
-| test.c:20:2:20:7 | call to sscanf | 0 | s | 0 | 0 |
-| test.c:21:2:21:8 | call to swscanf | 0 | s | 10 | 10 |
+| test.c:19:2:19:6 | call to scanf | 0 | s | 0 | 0 |
+| test.c:20:2:20:7 | call to fscanf | 0 | s | 10 | 10 |
+| test.c:20:2:20:7 | call to fscanf | 1 | i | 0 | 0 |
+| test.c:21:2:21:7 | call to sscanf | 0 | s | 0 | 0 |
+| test.c:22:2:22:8 | call to swscanf | 0 | s | 10 | 10 |

cpp/ql/test/library-tests/scanf/scanfFunctionCall.expected

@@ -1,5 +1,5 @@
 | ms.cpp:17:3:17:8 | call to sscanf | 0 | 1 | ms.cpp:17:24:17:30 | %I64i | non-wide |
-| test.c:18:2:18:6 | call to scanf | 0 | 0 | test.c:18:8:18:11 | %s | non-wide |
-| test.c:19:2:19:7 | call to fscanf | 0 | 1 | test.c:19:15:19:23 | %10s %i | non-wide |
-| test.c:20:2:20:7 | call to sscanf | 0 | 1 | test.c:20:19:20:28 | %*i%s%*s | non-wide |
-| test.c:21:2:21:8 | call to swscanf | 0 | 1 | test.c:21:21:21:26 | %10s | wide |
+| test.c:19:2:19:6 | call to scanf | 0 | 0 | test.c:19:8:19:11 | %s | non-wide |
+| test.c:20:2:20:7 | call to fscanf | 0 | 1 | test.c:20:15:20:23 | %10s %i | non-wide |
+| test.c:21:2:21:7 | call to sscanf | 0 | 1 | test.c:21:19:21:28 | %*i%s%*s | non-wide |
+| test.c:22:2:22:8 | call to swscanf | 0 | 1 | test.c:22:21:22:26 | %10s | wide |

cpp/ql/test/library-tests/scanf/scanfFunctionCallOutput.expected

@@ -0,0 +1,6 @@
+| ms.cpp:17:3:17:8 | call to sscanf | ms.cpp:17:33:17:36 | & ... | 0 |
+| test.c:19:2:19:6 | call to scanf | test.c:19:14:19:19 | buffer | 0 |
+| test.c:20:2:20:7 | call to fscanf | test.c:20:26:20:31 | buffer | 0 |
+| test.c:20:2:20:7 | call to fscanf | test.c:20:34:20:34 | i | 1 |
+| test.c:21:2:21:7 | call to sscanf | test.c:21:31:21:36 | buffer | 0 |
+| test.c:22:2:22:8 | call to swscanf | test.c:22:29:22:35 | wbuffer | 0 |

cpp/ql/test/library-tests/scanf/scanfFunctionCallOutput.ql

@@ -0,0 +1,5 @@
+import semmle.code.cpp.commons.Scanf
+
+from ScanfFunctionCall sfc, Expr e, int n
+where e = sfc.getOutputArgument(n)
+select sfc, e, n

cpp/ql/test/library-tests/scanf/test.c

@@ -7,18 +7,20 @@ int scanf(const char *format, ...);
 int fscanf(FILE *stream, const char *format, ...);
 int sscanf(const char *s, const char *format, ...);
 int swscanf(const wchar_t* ws, const wchar_t* format, ...);
+int scanf_s(const char *format, ...);
 
 int main(int argc, char *argv[])
 {
 	char buffer[256];
 	wchar_t wbuffer[256];
 	FILE *file;
-	int i;
+	int i, i2;
 
 	scanf("%s", buffer);
 	fscanf(file, "%10s %i", buffer, i);
 	sscanf("Hello.", "%*i%s%*s", buffer);
 	swscanf(L"Hello.", "%10s", wbuffer);
+	scanf_s("%d %s %d", &i, buffer, 10, &i2);
 
 	return 0;
 }