feat(cpp): Add Insecure Functions query

[GeekMasher]

No description provided.

[Copilot]

Pull Request Overview

This PR introduces a new CodeQL query to detect insecure C-style functions in C++ code and provides corresponding documentation and examples.

• Add InsecureFunctions.ql to identify uses of functions like strcpy, sprintf, and scanf.
• Add InsecureFunctions.md with descriptions, vulnerable and secure usage examples, and best practices.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
cpp/src/security/CWE-242/InsecureFunctions.ql	New CodeQL query to flag insecure functions.
cpp/src/security/CWE-242/InsecureFunctions.md	Documentation with examples and recommended alternatives.

Comments suppressed due to low confidence (1)

cpp/src/security/CWE-242/InsecureFunctions.ql:1

• No tests were added for this new query. Add positive and negative CodeQL tests to verify that insecure calls are flagged and safe patterns (e.g., strncpy, snprintf) are not.

/**

[Copilot]

The import 'ghsl' isn't used in this query. You can remove it to keep the imports minimal and avoid confusion.

Suggested change

import ghsl

[Copilot]

Flagging all 'scanf' and 'sscanf' calls will generate false positives for safe uses with width specifiers (e.g., "%19s"). Refine the predicate to exclude calls where the format string includes a field width.

Suggested change

	functionName in ["strcpy", "strcat", "sprintf", "gets", "scanf", "sscanf"]
	}
	functionName in ["strcpy", "strcat", "sprintf", "gets", "scanf", "sscanf"] and
	not (functionName in ["scanf", "sscanf"] and hasWidthSpecifier(call))
	}
	/** Checks if the format string of a function call contains a width specifier (e.g., "%19s"). */
	predicate hasWidthSpecifier(FunctionCall call) {
	exists(string formatString |
	call.getArgument(0).getValue().toString() = formatString and
	formatString.regexpMatch("%[0-9]+s")
	)
	}