Merge remote-tracking branch 'upstream/main' into docsforautofix

2026-05-03 20:58:03 +02:00 · 2024-07-10 11:17:52 +01:00
parent 74384625f6 81593ece5a
commit 0344381120
182 changed files with 830 additions and 272 deletions
--- a/Management/SuspiciousCallToStrncat/SuspiciousCallToStrncat.expected
+++ b/Management/SuspiciousCallToStrncat/SuspiciousCallToStrncat.expected
@@ -3,3 +3,5 @@
 | test.c:67:3:67:9 | call to strncat | Potentially unsafe call to strncat. |
 | test.c:75:3:75:9 | call to strncat | Potentially unsafe call to strncat. |
 | test.c:76:3:76:9 | call to strncat | Potentially unsafe call to strncat. |
+| test.c:91:3:91:9 | call to strncat | Potentially unsafe call to strncat. |
+| test.c:99:3:99:9 | call to strncat | Potentially unsafe call to strncat. |
--- a/Management/SuspiciousCallToStrncat/test.c
+++ b/Management/SuspiciousCallToStrncat/test.c
@@ -82,3 +82,20 @@ void strncat_test5(char *s) {
  strncat(buf, s, len - strlen(buf) - 1); // GOOD
  strncat(buf, s, len - strlen(buf)); // GOOD
 }
+
+void strncat_test6() {
+  {
+  char dest[60];
+  dest[0] = '\0';
+  // Will write `dest[0 .. 5]`
+  strncat(dest, "small", sizeof(dest)); // GOOD [FALSE POSITIVE]
+  }
+
+  {
+  char dest[60];
+  memset(dest, 'a', sizeof(dest));
+  dest[54] = '\0';
+  // Will write `dest[54 .. 59]`
+  strncat(dest, "small", sizeof(dest)); // GOOD [FALSE POSITIVE]
+  }
+}
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-416/semmle/tests/IteratorToExpiredContainer/IteratorToExpiredContainer.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-416/semmle/tests/IteratorToExpiredContainer/IteratorToExpiredContainer.expected
@@ -3,3 +3,4 @@
 | test.cpp:702:27:702:27 | call to operator[] | This object is destroyed at the end of the full-expression. |
 | test.cpp:727:23:727:23 | call to operator[] | This object is destroyed at the end of the full-expression. |
 | test.cpp:735:23:735:23 | call to operator[] | This object is destroyed at the end of the full-expression. |
+| test.cpp:857:3:857:17 | pointer to ~PlusPlusReturnByValueIterator output argument | This object is destroyed at the end of the full-expression. |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-416/semmle/tests/IteratorToExpiredContainer/test.cpp
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-416/semmle/tests/IteratorToExpiredContainer/test.cpp
@@ -801,4 +801,60 @@ void test5(int i)
    for(const auto& vs : vvs) { }
    ++i;
  } // GOOD
+}
+
+struct HasBeginAndEnd
+{
+  ~HasBeginAndEnd();
+  using value_type = int;
+  using difference_type = std::ptrdiff_t;
+  using pointer = int*;
+  using reference = int&;
+  using iterator_category = std::random_access_iterator_tag;
+  std::vector<int>::iterator begin() const;
+  std::vector<int>::iterator end() const;
+};
+
+HasBeginAndEnd getHasBeginAndEnd();
+
+bool getBool();
+
+void test6()
+{
+  while(getBool())
+  {
+    for (const int& x : getHasBeginAndEnd()) // GOOD
+    {
+    }
+  }
+}
+
+struct PlusPlusReturnByValueIterator
+{
+  using value_type = int;
+  using difference_type = std::ptrdiff_t;
+  using pointer = int *;
+  using reference = int &;
+  using iterator_category = std::forward_iterator_tag;
+
+  PlusPlusReturnByValueIterator();
+  PlusPlusReturnByValueIterator(PlusPlusReturnByValueIterator const &);
+
+  PlusPlusReturnByValueIterator operator++();
+  bool operator==(PlusPlusReturnByValueIterator other) const;
+  bool operator!=(PlusPlusReturnByValueIterator other) const;
+  reference operator*() const;
+  pointer operator->() const;
+
+  ~PlusPlusReturnByValueIterator();
+
+  PlusPlusReturnByValueIterator begin();
+};
+
+void test7()
+{
+  PlusPlusReturnByValueIterator it;
+  it.operator++(); // GOOD [FALSE POSITIVE]
+
+  it.begin();
 }