Skip to content

C++: Add two more fopen-like models.#21862

Merged
MathiasVP merged 1 commit into
github:mainfrom
MathiasVP:more-fopen-models
May 18, 2026
Merged

C++: Add two more fopen-like models.#21862
MathiasVP merged 1 commit into
github:mainfrom
MathiasVP:more-fopen-models

Conversation

@MathiasVP
Copy link
Copy Markdown
Contributor

@MathiasVP MathiasVP commented May 18, 2026

Just found two fopen-like models that we didn't model. See here.

@github-actions github-actions Bot added the C++ label May 18, 2026
@MathiasVP MathiasVP marked this pull request as ready for review May 18, 2026 18:49
Copilot AI review requested due to automatic review settings May 18, 2026 18:49
@MathiasVP MathiasVP requested a review from a team as a code owner May 18, 2026 18:49
@MathiasVP MathiasVP added the no-change-note-required This PR does not need a change note label May 18, 2026
Copilot AI reviewed May 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds models for the Windows CRT functions _sopen_s and _wsopen_s to the existing Fopen family of modeled functions, so the filename parameter is treated as a buffer read and tainted flow propagates from filename to the output file descriptor parameter.

Changes:

  • Extend the Fopen class predicate to recognize _sopen_s and _wsopen_s.
  • Add a parameterIsRead case marking parameter index 1 as a buffer for these two functions.
  • Add a hasTaintFlow case routing taint from isParameterDeref(1) to isParameterDeref(0).
Show a summary per file
File Description
cpp/ql/lib/semmle/code/cpp/models/implementations/Fopen.qll Adds _sopen_s / _wsopen_s recognition, buffer-read modeling for the filename parameter, and taint flow to the output fd parameter.

Copilot's findings

  • Files reviewed: 1/1 changed files
  • Comments generated: 0

geoffw0
geoffw0 approved these changes May 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@geoffw0 geoffw0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@MathiasVP MathiasVP merged commit 0633bc7 into github:main May 18, 2026
23 of 24 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@geoffw0 geoffw0 geoffw0 approved these changes

Assignees

No one assigned

Labels

C++ no-change-note-required This PR does not need a change note

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MathiasVP @geoffw0