For other CodeQL resources, including tutorials and examples, see the CodeQL documentation

BufferWrite

Module BufferWrite

name: CWE-120
description: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’).
kind: problem
problem.severity: recommendation


                                import semmle.code.cpp.security.BufferWrite

Buffer
Scanf	A library for dealing with scanf-like formatting strings. This is similar to printf.qll but the format specification for scanf is quite different.
Strcat	Provides implementation classes modeling `strcat` and various similar functions. See `semmle.code.cpp.models.Models` for usage information.
Strcpy	Provides implementation classes modeling `strcpy` and various similar functions. See `semmle.code.cpp.models.Models` for usage information.
cpp	Provides classes and predicates for working with C/C++ code.

BufferWrite	An operation that writes a variable amount of data to a buffer (strcpy, strncat, sprintf etc).
BufferWriteCall	A `BufferWrite` that is also a `FunctionCall` (most cases).
GetsBW	A call to a variant of `gets`.
RealpathBW	A call to `realpath`.
ScanfBW	A string that is written by a `scanf`-like function.
SnprintfBW	A call to a variant of `snprintf`.
SprintfBW	A call to a variant of `sprintf`.
StrCatBW	A call to a variant of `strcat`.
StrCopyBW	A call to a variant of `strcpy`.