From: Mike Yuan <me@yhndnzj.com>
Date: Tue, 16 Sep 2025 17:38:09 +0000 (+0200)
Subject: codeql: taint setmntent() and getmntent()
X-Git-Tag: v259-rc1~501^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6b8dcb98535e724552f0652f896e5b6cdc75c400;p=thirdparty%2Fsystemd.git

codeql: taint setmntent() and getmntent()
---

diff --git a/.github/codeql-queries/PotentiallyDangerousFunction.ql b/.github/codeql-queries/PotentiallyDangerousFunction.ql
index 40e2bbb6f9e..abd3f87a342 100644
--- a/.github/codeql-queries/PotentiallyDangerousFunction.ql
+++ b/.github/codeql-queries/PotentiallyDangerousFunction.ql
@@ -52,6 +52,12 @@ predicate potentiallyDangerousFunction(Function f, string message) {
   ) or (
     f.getQualifiedName() = "basename" and
     message = "Call basename() is icky. Use path_extract_filename() instead."
+  ) or (
+    f.getQualifiedName() = "setmntent" and
+    message = "Libmount parser is used instead, specifically libmount_parse_fstab()."
+  ) or (
+    f.getQualifiedName() = "getmntent" and
+    message = "Libmount parser is used instead, specifically mnt_table_next_fs()."
   )
 }