* @name Conditionally uninitialized variable
* @description WhenAn an initialization function is used to initialize a local variable, but the
* returned status code is not checked,. theThe variable may be left in an uninitialized
* state, and reading the variable may result in undefined behavior.
* @kind problem
* @problem.severity warning
* @opaque-id SM02313
* @id cpp/conditionally-uninitialized-variable
* @tags security
private import UninitializedVariables
ConditionallyInitializedVariable v, ConditionalInitializationFunction f,
ConditionalInitializationCall call, string defined, Evidence e
exists(v.getARiskyAccess(f, call, e)) and
if e = DefinitionInSnapshot()
then defined = ""
if e = SuggestiveSALAnnotation()
then defined = "externally defined (SAL) "
else defined = "externally defined (CSV) "
"The status of this call to " + defined +
"$@ is not checked, potentially leaving $@ uninitialized.", f, f.getName(), v, v.getName()