lgtm: add a custom query for catching the use of fgets

As everybody knows, nodoby really reads CODING_STYLE (especially the last paragraph :-)) so let's utilize LGTM to help us catch the use of fgets.
2018-10-26 09:19:09 +00:00 · 2018-10-26 09:19:09 +00:00 · f86c1da283
parent 9f1c81d80a
commit f86c1da283
1 changed files with 23 additions and 0 deletions
--- a/.lgtm/cpp-queries/fgets.ql
+++ b/.lgtm/cpp-queries/fgets.ql
@ -0,0 +1,23 @@
+/**
+ * @name Use of fgets()
+ * @description fgets() is dangerous to call. Use read_line() instead.
+ * @kind problem
+ * @problem.severity error
+ * @precision high
+ * @id cpp/fgets
+ * @tags reliability
+ *       security
+ */
+import cpp
+
+
+predicate dangerousFunction(Function function) {
+  exists (string name | name = function.getQualifiedName() |
+    name = "fgets")
+}
+
+
+from FunctionCall call, Function target
+where call.getTarget() = target
+  and dangerousFunction(target)
+select call, target.getQualifiedName() + " is potentially dangerous"