CodeQL library for C/C++
codeql/cpp-all 2.0.2 (changelog, source)
Search

Class ScanfFunction

A scanf-like standard library function.

Import path

import semmle.code.cpp.commons.Scanf

Direct supertypes

Indirect supertypes

Known direct subtypes

Predicates

getFormatParameterIndex

Gets the position at which the format parameter occurs.

getInputParameterIndex

Gets the position at which the input string or stream parameter occurs, if this function does not read from standard input.

isWideCharDefault

Holds if the default meaning of %s is a wchar_t* string (rather than a char*).

Inherited predicates

accesses

Holds if this function accesses a function or variable or enumerator a.

from Function
accesses

Holds if this function accesses a function or variable or enumerator a in the Access expression l.

from Function
calls

Holds if this function calls the function f.

from Function
calls

Holds if this function calls the function f in the FunctionCall expression l.

from Function
canAccessClass

Holds if a base class base of derived is accessible at this (N4140 11.2/4). When this holds, and derived has only one base subobject of type base, code in this can implicitly convert a pointer to derived into a pointer to base. Conversely, if such a conversion is possible then this predicate holds.

from AccessHolder
canAccessMember

Holds if a non-static member member is accessible at this when named in a class derived that is derived from or equal to the declaring class of member (N4140 11.2/5 and 11.4).

from AccessHolder
couldAccessMember

Holds if a hypothetical non-static member of memberClass with access specifier memberAccess is accessible at this when named in a class derived that is derived from or equal to memberClass (N4140 11.2/5 and 11.4).

from AccessHolder
findRootCause

Gets the source of this element: either itself or a macro that expanded to this element.

from Element
fromSource

Holds if this element may be from source. This predicate holds for all elements, except for those in the dummy file, whose name is the empty string. The dummy file contains declarations that are built directly into the compiler.

from Element
getACallToThisFunction

Gets a call to this function.

from Function
getADeclaration

Gets a child declaration of this function.

from Function
getADeclarationEntry

Gets a declaration entry corresponding to this declaration. The relationship between Declaration and DeclarationEntry is explained in Declaration.qll.

from Function
getADeclarationLocation

Gets the location of a FunctionDeclarationEntry corresponding to this declaration.

from Function
getAFalseSuccessor

Gets a node such that the control-flow edge (this, result) may be taken when this expression is false.

from ControlFlowNode
getAFile

Gets a file where this element occurs.

from Declaration
getALinkTarget

Gets a link target which compiled or referenced this function.

from Function
getAParameter

Gets a parameter of this function. There is no result for the implicit this parameter, and there is no ... varargs pseudo-parameter.

from Function
getAPredecessor

Gets a direct predecessor of this control-flow node, if any.

from ControlFlowNode
getAPrimaryQlClass

Gets the name of a primary CodeQL class to which this element belongs.

from ElementBase
getASpecifier

Gets a specifier of this function.

from Function
getASuccessor

Gets a direct successor of this control-flow node, if any.

from ControlFlowNode
getATemplateArgument

Gets a template argument used to instantiate this declaration from a template. When called on a template, this will return a template parameter type for both typed and non-typed parameters.

from Declaration
getATemplateArgumentKind

Gets a template argument used to instantiate this declaration from a template. When called on a template, this will return a non-typed template parameter value.

from Declaration
getAThrownType

Gets a type that is specified to be thrown by the function.

from Function
getATrueSuccessor

Gets a node such that the control-flow edge (this, result) may be taken when this expression is true.

from ControlFlowNode
getAWrittenVariable

Gets a variable that is written-to in this function.

from Function
getAnAccess

Gets an access of this function.

from Function
getAnAttribute

Gets an attribute of this function.

from Function
getAnOverload

Gets a function that overloads this one.

from Function
getBasicBlock

Gets the BasicBlock containing this control-flow node.

from ControlFlowNode
getBlock

Gets the block that is the function body.

from Function
getClassAndName

Gets the class of which this function, called memberName, is a member.

from Function
getControlFlowScope

Implements ControlFlowNode.getControlFlowScope. The Function is used to represent the exit node of the control flow graph, so it is its own scope.

from Function
getDeclaringType

Gets the class where this member is declared, if it is a member. For templates, both the template itself and all instantiations of the template are considered to have the same declaring class.

from Declaration
getDefinition

Gets the declaration entry corresponding to this declaration that is a definition, if any.

from Function
getDefinitionLocation

Gets the location of the definition, if any.

from Function
getDescription

Gets a description of this Declaration for display purposes.

from Declaration
getEffectiveNumberOfParameters

Gets the number of parameters of this function, including any implicit this parameter but not including any ... varargs pseudo-parameter.

from Function
getEnclosingAccessHolder

Gets the nearest enclosing AccessHolder.

from Function
getEnclosingElement

Gets the closest Element enclosing this one.

from Element
getEnclosingStmt

Implements ControlFlowNode.getEnclosingStmt. The Function is used to represent the exit node of the control flow graph, so it has no enclosing statement.

from Function
getEntryPoint

Gets the first node in this function’s control flow graph.

from Function
getExplicitExpr

Gets the constant expression that determines whether the function is explicit.

from Function
getFile

Gets the primary file where this element occurs.

from Element
getLocation

Gets the preferred location of this declaration. (The location of the definition, if possible.)

from Function
getMetrics

Gets the metric class. MetricFunction has methods for computing various metrics, such as “number of lines of code” and “number of function calls”.

from Function
getName

Gets the name of this declaration.

from Function
getNamespace

Gets the innermost namespace which contains this declaration.

from Declaration
getNumberOfParameters

Gets the number of parameters of this function, not including any implicit this parameter or any ... varargs pseudo-parameter.

from Function
getNumberOfTemplateArguments

Gets the number of template arguments for this declaration.

from Declaration
getParameter

Gets the nth parameter of this function. There is no result for the implicit this parameter, and there is no ... varargs pseudo-parameter.

from Function
getParameterString

Gets a string representing the parameters of this function.

from Function
getParentScope

Gets the parent scope of this Element, if any. A scope is a Type (Class / Enum), a Namespace, a BlockStmt, a Function, or certain kinds of Statement.

from Element
getPrimaryQlClasses

Gets a comma-separated list of the names of the primary CodeQL classes to which this element belongs.

from ElementBase
getQualifiedName

Gets the name of the declaration, fully qualified with its namespace and declaring type.

from Declaration
getTemplateArgument

Gets the ith template argument used to instantiate this declaration from a template.

from Declaration
getTemplateArgumentKind

Gets the ith template argument value used to instantiate this declaration from a template. When called on a template, this will return the ith template parameter value if it exists.

from Declaration
getThrownType

Gets the ith type specified to be thrown by the function.

from Function
getType

Gets the return type of this function.

from Function
getUnspecifiedType

Gets the return type of this function after specifiers have been deeply stripped and typedefs have been resolved.

from Function
hasCLinkage

Holds if this function has C linkage, as specified by one of its declaration entries. For example: extern "C" void foo();.

from Function
hasDeclaringType

Holds if this declaration is a member of a class/struct/union.

from Declaration
hasDefinition

Holds if the declaration has a definition.

from Declaration
hasEntryPoint

Holds if this function has an entry point.

from Function
hasErrors

Holds if this function has extraction errors that create an ErrorExpr.

from Function
hasExceptionSpecification

Holds if the function has an exception specification.

from Function
hasGlobalName

Holds if this declaration has the given name in the global namespace.

from Declaration
hasGlobalOrStdName

Holds if this declaration has the given name in the global namespace or the std namespace.

from Declaration
hasGlobalOrStdOrBslName

Holds if this declaration has the given name in the global namespace, the std namespace or the bsl namespace. We treat std and bsl as the same in some of our models.

from Declaration
hasName

Holds if this declaration has the given name.

from Declaration
hasQualifiedName

Holds if this declaration has a fully-qualified name with a name-space component of namespaceQualifier, no declaring type, and a base name of baseName.

from Declaration
hasQualifiedName

Holds if this declaration has a fully-qualified name with a name-space component of namespaceQualifier, a declaring type of typeQualifier, and a base name of baseName. Template parameters and arguments are stripped from all components. Missing components are "".

from Declaration
hasSpecifier

Holds if this declaration has a specifier with the given name.

from Declaration
hasTrailingReturnType

Holds if this function has a trailing return type.

from Function
inMemberOrFriendOf

Holds if this can access private members of class c.

from AccessHolder
isAffectedByMacro

Holds if this element is affected in any way by a macro. All elements that are totally or partially generated by a macro are included, so this is a super-set of isInMacroExpansion.

from Element
isCompilerGenerated

Holds if this function is generated by the compiler.

from Function
isCondition

Holds if this node is the top-level expression of a conditional statement, meaning that this.getATrueSuccessor() or this.getAFalseSuccessor() will have a result.

from ControlFlowNode
isConsteval

Holds if this function is declared to be consteval.

from Function
isConstexpr

Holds if this function is constexpr. Normally, this holds if and only if isDeclaredConstexpr() holds, but in some circumstances they differ. For example, with int f(int i) { return 6; } template <typename T> constexpr int g(T x) { return f(x); } g<int> is declared constexpr, but is not constexpr.

from Function
isConstructedFrom

Holds if this function is constructed from f as a result of template instantiation. If so, it originates either from a template function or from a function nested in a template class.

from Function
isDeclaredConstexpr

Holds if this function is declared to be constexpr.

from Function
isDeclaredVirtual

Holds if this function is declared with the virtual specifier.

from Function
isDefaulted

Holds if this function is explicitly defaulted with the = default specifier.

from Function
isDeleted

Holds if this function is deleted. This may be because it was explicitly deleted with an = delete definition, or because the compiler was unable to auto-generate a definition for it.

from Function
isExplicit

Holds if this function is declared to be explicit.

from Function
isFinal

Holds if this function is declared with the final specifier.

from Function
isFromTemplateInstantiation

Holds if this Element is a part of a template instantiation (but not the template itself).

from Element
isFromUninstantiatedTemplate

Holds if this Element is part of a template template (not if it is part of an instantiation of template). This means it is represented in the database purely as syntax and without guarantees on the presence or correctness of type-based operations such as implicit conversions.

from Element
isInMacroExpansion

Holds if this element comes from a macro expansion. Only elements that are entirely generated by a macro are included - for elements that partially come from a macro, see isAffectedByMacro.

from Element
isInline

Holds if this function is inline.

from Function
isMember

Holds if this declaration is a member of a class/struct/union.

from Declaration
isMultiplyDefined

Holds if this function is defined in several files. This is illegal in C (though possible in some C++ compilers), and likely indicates that several functions that are not linked together have been compiled. An example would be a project with many ‘main’ functions.

from Function
isNaked

Holds if this function is declared with __attribute__((naked)) or __declspec(naked).

from Function
isNoExcept

Holds if this function has a noexcept exception specification.

from Function
isNoThrow

Holds if this function has a throw() exception specification.

from Function
isOverride

Holds if this function is declared with the override specifier.

from Function
isPrototyped

Holds if this function has a prototyped interface.

from Function
isSideEffectFree

Holds if this function is side-effect free (conservative approximation).

from Function
isSpecialization

Holds if this Function is a Template specialization.

from Function
isStatic

Holds if this declaration is static.

from Declaration
isTopLevel

Holds if this declaration is a top-level declaration.

from Declaration
isVarargs

Holds if this function is a varargs function.

from Function
isVirtual

Holds if this function is virtual.

from Function
mayHaveSideEffects

Holds if this function may have side-effects; if in doubt, we assume it may.

from Function
toString

Gets a textual representation of this element.

from Declaration