Reduce FPs in IncorrectPrivilegeAssignment.ql

JarLob · web-flow · commit 92f5a5f893db · 2022-01-18T13:43:17.000+01:00
Implements suggestions from #6949 (comment)
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql
@@ -53,7 +53,13 @@ where
       fctmp.getTarget().hasGlobalOrStdName("fopen") or
       fctmp.getTarget().hasGlobalOrStdName("open")
     ) and
-    not fctmp.getArgument(1).getValue().matches("r%") and
+    (
+      fctmp.getArgument(1).getValue().matches("%a%") or
+      // unfortunately cannot use numeric value here because // O_APPEND is defined differently on different OSes:
+      // https://github.com/red/red/blob/92feb0c0d5f91e087ab35fface6906afbf99b603/runtime/definitions.reds#L477-L491
+      // this may introduce false negatives
+      fctmp.getArgument(1).getValueText().matches("%O_APPEND%")
+    ) and
     fctmp.getNumberOfArguments() = 2 and
     not fctmp.getArgument(0).getValue() = "/dev/null" and
     fcsnd = fctmp
