C++: Test to show lack of flow from this by ref.

The `test_nonMemberSetA` also shows how the lack of flow through `&` is a problem for non-member getters, but that's addressed on a separate branch.
2026-04-28 10:15:14 +02:00 · 2019-09-09 09:30:24 +02:00
parent ef96288303
commit 08b63d4342
2 changed files with 78 additions and 0 deletions
--- a/cpp/ql/test/library-tests/dataflow/fields/by_reference.cpp
+++ b/cpp/ql/test/library-tests/dataflow/fields/by_reference.cpp
@@ -0,0 +1,70 @@
+void sink(void *o);
+void *user_input(void);
+
+struct S {
+  void *a;
+
+  /*
+   * Setters
+   */
+
+  friend void nonMemberSetA(struct S *s, void *value) {
+    s->a = value;
+  }
+
+  void setDirectly(void *value) {
+    this->a = value;
+  }
+
+  void setIndirectly(void *value) {
+    this->setDirectly(value);
+  }
+
+  void setThroughNonMember(void *value) {
+    nonMemberSetA(this, value);
+  }
+
+  /*
+   * Getters
+   */
+
+  friend void *nonMemberGetA(const struct S *s) {
+    return s->a;
+  }
+
+  void* getDirectly() const {
+    return this->a;
+  }
+
+  void* getIndirectly() const {
+    return this->getDirectly();
+  }
+
+  void *getThroughNonMember() const {
+    return nonMemberGetA(this);
+  }
+};
+
+void test_setDirectly() {
+  S s;
+  s.setDirectly(user_input());
+  sink(s.getDirectly()); // flow
+}
+
+void test_setIndirectly() {
+  S s;
+  s.setIndirectly(user_input());
+  sink(s.getIndirectly()); // flow
+}
+
+void test_setThroughNonMember() {
+  S s;
+  s.setThroughNonMember(user_input());
+  sink(s.getThroughNonMember()); // flow [NOT DETECTED]
+}
+
+void test_nonMemberSetA() {
+  S s;
+  nonMemberSetA(&s, user_input());
+  sink(nonMemberGetA(&s)); // flow [NOT DETECTED due to lack of flow through &]
+}
--- a/cpp/ql/test/library-tests/dataflow/fields/flow.expected
+++ b/cpp/ql/test/library-tests/dataflow/fields/flow.expected
@@ -109,6 +109,12 @@ edges
 | aliasing.cpp:92:12:92:21 | call to user_input | aliasing.cpp:92:3:92:23 | ... = ... |
 | aliasing.cpp:93:8:93:8 | w [s, m1] | aliasing.cpp:93:10:93:10 | s [m1] |
 | aliasing.cpp:93:10:93:10 | s [m1] | aliasing.cpp:93:12:93:13 | m1 |
+| by_reference.cpp:50:3:50:3 | s [post update] [a] | by_reference.cpp:51:8:51:8 | s [a] |
+| by_reference.cpp:50:17:50:26 | call to user_input | by_reference.cpp:50:3:50:3 | s [post update] [a] |
+| by_reference.cpp:51:8:51:8 | s [a] | by_reference.cpp:51:10:51:20 | call to getDirectly |
+| by_reference.cpp:56:3:56:3 | s [post update] [a] | by_reference.cpp:57:8:57:8 | s [a] |
+| by_reference.cpp:56:19:56:28 | call to user_input | by_reference.cpp:56:3:56:3 | s [post update] [a] |
+| by_reference.cpp:57:8:57:8 | s [a] | by_reference.cpp:57:10:57:22 | call to getIndirectly |
 | complex.cpp:34:15:34:15 | b [f, a_] | complex.cpp:44:8:44:8 | b [f, a_] |
 | complex.cpp:34:15:34:15 | b [f, b_] | complex.cpp:45:8:45:8 | b [f, b_] |
 | complex.cpp:44:8:44:8 | b [f, a_] | complex.cpp:44:10:44:10 | f [a_] |
@@ -195,6 +201,8 @@ edges
 | aliasing.cpp:30:11:30:12 | m1 | aliasing.cpp:13:10:13:19 | call to user_input | aliasing.cpp:30:11:30:12 | m1 | m1 flows from $@ | aliasing.cpp:13:10:13:19 | call to user_input | call to user_input |
 | aliasing.cpp:62:14:62:15 | m1 | aliasing.cpp:60:11:60:20 | call to user_input | aliasing.cpp:62:14:62:15 | m1 | m1 flows from $@ | aliasing.cpp:60:11:60:20 | call to user_input | call to user_input |
 | aliasing.cpp:93:12:93:13 | m1 | aliasing.cpp:92:12:92:21 | call to user_input | aliasing.cpp:93:12:93:13 | m1 | m1 flows from $@ | aliasing.cpp:92:12:92:21 | call to user_input | call to user_input |
+| by_reference.cpp:51:10:51:20 | call to getDirectly | by_reference.cpp:50:17:50:26 | call to user_input | by_reference.cpp:51:10:51:20 | call to getDirectly | call to getDirectly flows from $@ | by_reference.cpp:50:17:50:26 | call to user_input | call to user_input |
+| by_reference.cpp:57:10:57:22 | call to getIndirectly | by_reference.cpp:56:19:56:28 | call to user_input | by_reference.cpp:57:10:57:22 | call to getIndirectly | call to getIndirectly flows from $@ | by_reference.cpp:56:19:56:28 | call to user_input | call to user_input |
 | complex.cpp:44:12:44:12 | call to a | complex.cpp:55:13:55:22 | call to user_input | complex.cpp:44:12:44:12 | call to a | call to a flows from $@ | complex.cpp:55:13:55:22 | call to user_input | call to user_input |
 | complex.cpp:44:12:44:12 | call to a | complex.cpp:57:13:57:22 | call to user_input | complex.cpp:44:12:44:12 | call to a | call to a flows from $@ | complex.cpp:57:13:57:22 | call to user_input | call to user_input |
 | complex.cpp:45:12:45:12 | call to b | complex.cpp:56:13:56:22 | call to user_input | complex.cpp:45:12:45:12 | call to b | call to b flows from $@ | complex.cpp:56:13:56:22 | call to user_input | call to user_input |