@specs-feup/clava/src-api/clava/analysis/checkers/CinChecker.ts

A C/C++ source-to-source compiler written in Typescript

import { Call, Joinpoint } from "../../../Joinpoints.js";
import Checker from "../Checker.js";
import CheckResult from "../CheckResult.js";

export default class CinChecker extends Checker {
  private advice =
    " Using std::cin with operator>> is risky because there is no verification for buffer overflow. Consider using a safer way to retrieve user input (CWE-20).\n\n";

  constructor() {
    super("cin");
  }

  check($node: Joinpoint): CheckResult | undefined {
    if (
      !($node instanceof Call) ||
      $node.name !== "operator>>" ||
      ($node.args[0].code !== "cin" && $node.args[0].code !== "std::cin")
    ) {
      return;
    }
    return new CheckResult(this.name, $node, this.advice);
  }
}