Add more (false-negative) MissingCheckScanf tests

Author: d10c

cpp/ql/test/query-tests/Critical/MissingCheckScanf/MissingCheckScanf.expected

@@ -2,8 +2,8 @@
 | test.cpp:39:3:39:7 | call to scanf | This is a call to scanf. |
 | test.cpp:48:3:48:8 | call to fscanf | This is a call to scanf. |
 | test.cpp:55:3:55:8 | call to sscanf | This is a call to scanf. |
-| test.cpp:135:3:135:7 | call to scanf | This is a call to scanf. |
-| test.cpp:143:3:143:7 | call to scanf | This is a call to scanf. |
-| test.cpp:151:3:151:7 | call to scanf | This is a call to scanf. |
-| test.cpp:163:3:163:7 | call to scanf | This is a call to scanf. |
-| test.cpp:173:3:173:7 | call to scanf | This is a call to scanf. |
+| test.cpp:156:3:156:7 | call to scanf | This is a call to scanf. |
+| test.cpp:164:3:164:7 | call to scanf | This is a call to scanf. |
+| test.cpp:172:3:172:7 | call to scanf | This is a call to scanf. |
+| test.cpp:184:3:184:7 | call to scanf | This is a call to scanf. |
+| test.cpp:194:3:194:7 | call to scanf | This is a call to scanf. |

cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.cpp

@@ -94,22 +94,43 @@ int main()
 		}
 	}
 
+	{
+		int r;
+		int i;
+
+		r = scanf("%d", &i); // GOOD
+
+		if (r >= 1)
+		{
+			use(i);
+		}
+	}
+
 	{
 		bool b;
 		int i;
 
-		b = scanf("%d", &i); // GOOD
+		b = scanf("%d", &i); // BAD [NOT DETECTED]: scanf can return EOF (boolifies true)
 
 		if (b >= 1)
 		{
 			use(i);
 		}
 	}
 
+	{
+		bool b;
+		int i;
+
+		b = scanf("%d", &i); // BAD [NOT DETECTED]
+
+		use(i);
+	}
+
 	{
 		int i, j;
 
-		if (scanf("%d %d", &i) >= 2) // GOOD
+		if (scanf("%d %d", &i) >= 2) // GOOD: `j` is not a scanf arg, so out of scope of MissingCheckScanf
 		{
 			use(i);
 			use(j);
@@ -165,7 +186,7 @@ int main()
 	}
 
 	// --- different use ---
-	
+
 	{
 		int i;
 		int *ptr_i = &i;