Add more MissingCheckScanf test cases

Author: d10c

cpp/ql/test/query-tests/Critical/MissingCheckScanf/MissingCheckScanf.expected

@@ -1,9 +1,10 @@
 | test.cpp:23:3:23:7 | call to scanf | This is a call to scanf. |
 | test.cpp:39:3:39:7 | call to scanf | This is a call to scanf. |
-| test.cpp:48:3:48:8 | call to fscanf | This is a call to scanf. |
-| test.cpp:55:3:55:8 | call to sscanf | This is a call to scanf. |
-| test.cpp:135:3:135:7 | call to scanf | This is a call to scanf. |
-| test.cpp:143:3:143:7 | call to scanf | This is a call to scanf. |
-| test.cpp:151:3:151:7 | call to scanf | This is a call to scanf. |
-| test.cpp:163:3:163:7 | call to scanf | This is a call to scanf. |
-| test.cpp:173:3:173:7 | call to scanf | This is a call to scanf. |
+| test.cpp:56:3:56:7 | call to scanf | This is a call to scanf. |
+| test.cpp:70:3:70:8 | call to fscanf | This is a call to scanf. |
+| test.cpp:77:3:77:8 | call to sscanf | This is a call to scanf. |
+| test.cpp:178:3:178:7 | call to scanf | This is a call to scanf. |
+| test.cpp:186:3:186:7 | call to scanf | This is a call to scanf. |
+| test.cpp:194:3:194:7 | call to scanf | This is a call to scanf. |
+| test.cpp:206:3:206:7 | call to scanf | This is a call to scanf. |
+| test.cpp:216:3:216:7 | call to scanf | This is a call to scanf. |

cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.cpp

@@ -36,8 +36,30 @@ int main()
 	{
 		int i = 0;
 
+		scanf("%d", &i); // BAD. Design choice: already initialized variables shouldn't make a difference.
+		use(i);
+	}
+
+	{
+		int i;
+		use(i);
+
+		if (scanf("%d", &i) == 1) // GOOD: only care about uses after scanf call
+		{
+			use(i);
+		}
+	}
+
+	{
+		int i; // Reused variable
+
 		scanf("%d", &i); // BAD
 		use(i);
+
+		if (scanf("%d", &i) == 1) // GOOD
+		{
+			use(i);
+		}
 	}
 
 	// --- different scanf functions ---
@@ -94,22 +116,43 @@ int main()
 		}
 	}
 
+	{
+		int r;
+		int i;
+
+		r = scanf("%d", &i); // GOOD
+
+		if (r >= 1)
+		{
+			use(i);
+		}
+	}
+
 	{
 		bool b;
 		int i;
 
-		b = scanf("%d", &i); // GOOD
+		b = scanf("%d", &i); // BAD [NOT DETECTED]: scanf can return EOF (boolifies true)
 
 		if (b >= 1)
 		{
 			use(i);
 		}
 	}
 
+	{
+		bool b;
+		int i;
+
+		b = scanf("%d", &i); // BAD [NOT DETECTED]
+
+		use(i);
+	}
+
 	{
 		int i, j;
 
-		if (scanf("%d %d", &i) >= 2) // GOOD
+		if (scanf("%d %d", &i) >= 2) // GOOD: `j` is not a scanf arg, so out of scope of MissingCheckScanf
 		{
 			use(i);
 			use(j);
@@ -165,7 +208,7 @@ int main()
 	}
 
 	// --- different use ---
-	
+
 	{
 		int i;
 		int *ptr_i = &i;
@@ -203,3 +246,25 @@ int main()
 		}
 	}
 }
+
+// Non-local cases:
+
+bool my_scan_int(int &i)
+{
+	return scanf("%d", &i) == 1; // GOOD
+}
+
+void my_scan_int_test()
+{
+	int i;
+
+	use(i); // GOOD: used before scanf
+
+	my_scan_int(i); // BAD [NOT DETECTED]
+	use(i);
+
+	if (my_scan_int(i)) // GOOD
+	{
+		use(i);
+	}
+}