mirror of
https://github.com/github/codeql.git
synced 2026-04-24 08:15:14 +02:00
C++: Add an inline test for interpretElement matching.
This commit is contained in:
Geoffrey White
@@ -0,0 +1,2 @@
|
||||
testFailures
|
||||
failures
|
||||
@@ -0,0 +1,18 @@
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
import testModels
|
||||
|
||||
module InterpretElementTest implements TestSig {
|
||||
string getARelevantTag() { result = "interpretElement" }
|
||||
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
exists(Element e |
|
||||
e = interpretElement(_, _, _, _, _, _) and
|
||||
location = e.getLocation() and
|
||||
element = e.toString() and
|
||||
tag = "interpretElement" and
|
||||
value = ""
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<InterpretElementTest>
|
||||
@@ -1,80 +1,5 @@
|
||||
import TestUtilities.dataflow.FlowTestCommon
|
||||
import semmle.code.cpp.security.FlowSources
|
||||
|
||||
/**
|
||||
* Models-as-data source models for this test.
|
||||
*/
|
||||
private class TestSources extends SourceModelCsv {
|
||||
override predicate row(string row) {
|
||||
row =
|
||||
[
|
||||
";;false;localMadSource;;;ReturnValue;local",
|
||||
";;false;remoteMadSource;;;ReturnValue;remote",
|
||||
";;false;localMadSourceVoid;;;ReturnValue;local",
|
||||
";;false;localMadSourceHasBody;;;ReturnValue;local",
|
||||
// TODO: remoteMadSourceIndirect
|
||||
";;false;remoteMadSourceArg0;;;Argument[0];remote",
|
||||
";;false;remoteMadSourceArg1;;;Argument[1];remote", ";;false;remoteMadSourceVar;;;;remote",
|
||||
";;false;remoteMadSourceParam0;;;Parameter[0];remote",
|
||||
"MyNamespace;;false;namespaceLocalMadSource;;;ReturnValue;local",
|
||||
"MyNamespace;;false;namespaceLocalMadSourceVar;;;;local",
|
||||
"MyNamespace::MyNamespace2;;false;namespace2LocalMadSource;;;ReturnValue;local",
|
||||
";MyClass;true;memberRemoteMadSource;;;ReturnValue;remote",
|
||||
";MyClass;true;memberRemoteMadSourceArg0;;;Argument[0];remote",
|
||||
";MyClass;true;memberRemoteMadSourceVar;;;;remote",
|
||||
";MyClass;true;subtypeRemoteMadSource1;;;ReturnValue;remote",
|
||||
";MyClass;false;subtypeNonSource;;;ReturnValue;remote", // the tests define this in MyDerivedClass, so it should *not* be recongized as a source
|
||||
";MyDerivedClass;false;subtypeRemoteMadSource2;;;ReturnValue;remote",
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Models-as-data sink models for this test.
|
||||
*/
|
||||
private class TestSinks extends SinkModelCsv {
|
||||
override predicate row(string row) {
|
||||
row =
|
||||
[
|
||||
";;false;madSinkArg0;;;Argument[0];test-sink",
|
||||
";;false;madSinkArg1;;;Argument[1];test-sink",
|
||||
";;false;madSinkArg01;;;Argument[0..1];test-sink",
|
||||
";;false;madSinkArg02;;;Argument[0,2];test-sink",
|
||||
// TODO: madSinkIndirectArg0
|
||||
";;false;madSinkVar;;;;test-sink", ";;false;madSinkParam0;;;Parameter[0];test-sink",
|
||||
";MyClass;true;memberMadSinkArg0;;;Argument[0];test-sink",
|
||||
";MyClass;true;memberMadSinkVar;;;;test-sink",
|
||||
"MyNamespace;MyClass;true;namespaceMemberMadSinkArg0;;;Argument[0];test-sink",
|
||||
"MyNamespace;MyClass;true;namespaceStaticMemberMadSinkArg0;;;Argument[0];test-sink",
|
||||
"MyNamespace;MyClass;true;namespaceMemberMadSinkVar;;;;test-sink",
|
||||
"MyNamespace;MyClass;true;namespaceStaticMemberMadSinkVar;;;;test-sink",
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Models-as-data summary models for this test.
|
||||
*/
|
||||
private class TestSummaries extends SummaryModelCsv {
|
||||
override predicate row(string row) {
|
||||
row =
|
||||
[
|
||||
";;false;madArg0ToReturn;;;Argument[0];ReturnValue;taint",
|
||||
";;false;madArg0ToReturnValueFlow;;;Argument[0];ReturnValue;value",
|
||||
// TODO: madArg0IndirectToReturn
|
||||
";;false;madArg0ToArg1;;;Argument[0];Argument[1];taint",
|
||||
// TODO: madArg0IndirectToArg1
|
||||
";;false;madArg0FieldToReturn;;;Argument[0].value;ReturnValue;taint",
|
||||
// TODO: madArg0IndirectFieldToReturn
|
||||
";;false;madArg0ToReturnField;;;Argument[0];ReturnValue.value;taint",
|
||||
";MyClass;true;madArg0ToSelf;;;Argument[0];Argument[-1];taint",
|
||||
";MyClass;true;madSelfToReturn;;;Argument[-1];ReturnValue;taint",
|
||||
";MyClass;true;madArg0ToField;;;Argument[0];Argument[-1].val;taint",
|
||||
";MyClass;true;madFieldToReturn;;;Argument[-1].val;ReturnValue;taint",
|
||||
"MyNamespace;MyClass;true;namespaceMadSelfToReturn;;;Argument[-1];ReturnValue;taint",
|
||||
]
|
||||
}
|
||||
}
|
||||
import testModels
|
||||
|
||||
module IRTest {
|
||||
private import semmle.code.cpp.ir.IR
|
||||
|
||||
@@ -0,0 +1,76 @@
|
||||
import semmle.code.cpp.security.FlowSources
|
||||
|
||||
/**
|
||||
* Models-as-data source models for this test.
|
||||
*/
|
||||
private class TestSources extends SourceModelCsv {
|
||||
override predicate row(string row) {
|
||||
row =
|
||||
[
|
||||
";;false;localMadSource;;;ReturnValue;local",
|
||||
";;false;remoteMadSource;;;ReturnValue;remote",
|
||||
";;false;localMadSourceVoid;;;ReturnValue;local",
|
||||
";;false;localMadSourceHasBody;;;ReturnValue;local",
|
||||
// TODO: remoteMadSourceIndirect
|
||||
";;false;remoteMadSourceArg0;;;Argument[0];remote",
|
||||
";;false;remoteMadSourceArg1;;;Argument[1];remote", ";;false;remoteMadSourceVar;;;;remote",
|
||||
";;false;remoteMadSourceParam0;;;Parameter[0];remote",
|
||||
"MyNamespace;;false;namespaceLocalMadSource;;;ReturnValue;local",
|
||||
"MyNamespace;;false;namespaceLocalMadSourceVar;;;;local",
|
||||
"MyNamespace::MyNamespace2;;false;namespace2LocalMadSource;;;ReturnValue;local",
|
||||
";MyClass;true;memberRemoteMadSource;;;ReturnValue;remote",
|
||||
";MyClass;true;memberRemoteMadSourceArg0;;;Argument[0];remote",
|
||||
";MyClass;true;memberRemoteMadSourceVar;;;;remote",
|
||||
";MyClass;true;subtypeRemoteMadSource1;;;ReturnValue;remote",
|
||||
";MyClass;false;subtypeNonSource;;;ReturnValue;remote", // the tests define this in MyDerivedClass, so it should *not* be recongized as a source
|
||||
";MyDerivedClass;false;subtypeRemoteMadSource2;;;ReturnValue;remote",
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Models-as-data sink models for this test.
|
||||
*/
|
||||
private class TestSinks extends SinkModelCsv {
|
||||
override predicate row(string row) {
|
||||
row =
|
||||
[
|
||||
";;false;madSinkArg0;;;Argument[0];test-sink",
|
||||
";;false;madSinkArg1;;;Argument[1];test-sink",
|
||||
";;false;madSinkArg01;;;Argument[0..1];test-sink",
|
||||
";;false;madSinkArg02;;;Argument[0,2];test-sink",
|
||||
// TODO: madSinkIndirectArg0
|
||||
";;false;madSinkVar;;;;test-sink", ";;false;madSinkParam0;;;Parameter[0];test-sink",
|
||||
";MyClass;true;memberMadSinkArg0;;;Argument[0];test-sink",
|
||||
";MyClass;true;memberMadSinkVar;;;;test-sink",
|
||||
"MyNamespace;MyClass;true;namespaceMemberMadSinkArg0;;;Argument[0];test-sink",
|
||||
"MyNamespace;MyClass;true;namespaceStaticMemberMadSinkArg0;;;Argument[0];test-sink",
|
||||
"MyNamespace;MyClass;true;namespaceMemberMadSinkVar;;;;test-sink",
|
||||
"MyNamespace;MyClass;true;namespaceStaticMemberMadSinkVar;;;;test-sink",
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Models-as-data summary models for this test.
|
||||
*/
|
||||
private class TestSummaries extends SummaryModelCsv {
|
||||
override predicate row(string row) {
|
||||
row =
|
||||
[
|
||||
";;false;madArg0ToReturn;;;Argument[0];ReturnValue;taint",
|
||||
";;false;madArg0ToReturnValueFlow;;;Argument[0];ReturnValue;value",
|
||||
// TODO: madArg0IndirectToReturn
|
||||
";;false;madArg0ToArg1;;;Argument[0];Argument[1];taint",
|
||||
// TODO: madArg0IndirectToArg1
|
||||
";;false;madArg0FieldToReturn;;;Argument[0].value;ReturnValue;taint",
|
||||
// TODO: madArg0IndirectFieldToReturn
|
||||
";;false;madArg0ToReturnField;;;Argument[0];ReturnValue.value;taint",
|
||||
";MyClass;true;madArg0ToSelf;;;Argument[0];Argument[-1];taint",
|
||||
";MyClass;true;madSelfToReturn;;;Argument[-1];ReturnValue;taint",
|
||||
";MyClass;true;madArg0ToField;;;Argument[0];Argument[-1].val;taint",
|
||||
";MyClass;true;madFieldToReturn;;;Argument[-1].val;ReturnValue;taint",
|
||||
"MyNamespace;MyClass;true;namespaceMadSelfToReturn;;;Argument[-1];ReturnValue;taint",
|
||||
]
|
||||
}
|
||||
}
|
||||
@@ -5,23 +5,22 @@ void sink(int val);
|
||||
|
||||
// --- global MAD sources ---
|
||||
|
||||
int localMadSource();
|
||||
int remoteMadSource();
|
||||
int localMadSource(); // $ interpretElement
|
||||
int remoteMadSource(); // $ interpretElement
|
||||
int notASource();
|
||||
int localMadSourceVoid(void);
|
||||
int localMadSourceHasBody() { return 0; }
|
||||
int *remoteMadSourceIndirect();
|
||||
void remoteMadSourceArg0(int *x, int *y);
|
||||
void remoteMadSourceArg1(int &x, int &y);
|
||||
int remoteMadSourceVar;
|
||||
void remoteMadSourceParam0(int x);
|
||||
int localMadSourceVoid(void); // $ interpretElement
|
||||
int localMadSourceHasBody() { return 0; } // $ interpretElement
|
||||
int *remoteMadSourceIndirect(); // $ MISSING: interpretElement
|
||||
void remoteMadSourceArg0(int *x, int *y); // $ interpretElement
|
||||
void remoteMadSourceArg1(int &x, int &y); // $ interpretElement
|
||||
int remoteMadSourceVar; // $ interpretElement
|
||||
|
||||
namespace MyNamespace {
|
||||
int namespaceLocalMadSource();
|
||||
int namespaceLocalMadSourceVar;
|
||||
int namespaceLocalMadSource(); // $ interpretElement
|
||||
int namespaceLocalMadSourceVar; // $ interpretElement
|
||||
|
||||
namespace MyNamespace2 {
|
||||
int namespace2LocalMadSource();
|
||||
int namespace2LocalMadSource(); // $ interpretElement
|
||||
}
|
||||
|
||||
int localMadSource(); // (not a source)
|
||||
@@ -62,20 +61,20 @@ void test_sources() {
|
||||
sink(namespaceLocalMadSource()); // (the global namespace version of this function is not a source)
|
||||
}
|
||||
|
||||
void remoteMadSourceParam0(int x)
|
||||
void remoteMadSourceParam0(int x) // $ interpretElement
|
||||
{
|
||||
sink(x); // $ ir
|
||||
}
|
||||
|
||||
// --- global MAD sinks ---
|
||||
|
||||
void madSinkArg0(int x);
|
||||
void madSinkArg0(int x); // $ interpretElement
|
||||
void notASink(int x);
|
||||
void madSinkArg1(int x, int y);
|
||||
void madSinkArg01(int x, int y, int z);
|
||||
void madSinkArg02(int x, int y, int z);
|
||||
void madSinkIndirectArg0(int *x);
|
||||
int madSinkVar;
|
||||
void madSinkArg1(int x, int y); // $ interpretElement
|
||||
void madSinkArg01(int x, int y, int z); // $ interpretElement
|
||||
void madSinkArg02(int x, int y, int z); // $ interpretElement
|
||||
void madSinkIndirectArg0(int *x); // $ MISSING: interpretElement
|
||||
int madSinkVar; // $ interpretElement
|
||||
|
||||
void test_sinks() {
|
||||
// test sinks
|
||||
@@ -103,7 +102,7 @@ void test_sinks() {
|
||||
madSinkVar = remoteMadSourceVar; // $ ir
|
||||
}
|
||||
|
||||
void madSinkParam0(int x) {
|
||||
void madSinkParam0(int x) { // $ interpretElement
|
||||
x = source(); // $ MISSING: ir
|
||||
}
|
||||
|
||||
@@ -113,16 +112,16 @@ struct MyContainer {
|
||||
int value;
|
||||
};
|
||||
|
||||
int madArg0ToReturn(int x);
|
||||
int madArg0ToReturn(int x); // $ interpretElement
|
||||
int notASummary(int x);
|
||||
int madArg0ToReturnValueFlow(int x);
|
||||
int madArg0IndirectToReturn(int *x);
|
||||
void madArg0ToArg1(int x, int &y);
|
||||
void madArg0IndirectToArg1(const int *x, int *y);
|
||||
int madArg0ToReturnValueFlow(int x); // $ interpretElement
|
||||
int madArg0IndirectToReturn(int *x); // $ MISSING: interpretElement
|
||||
void madArg0ToArg1(int x, int &y); // $ interpretElement
|
||||
void madArg0IndirectToArg1(const int *x, int *y); // $ MISSING: interpretElement
|
||||
|
||||
int madArg0FieldToReturn(MyContainer mc);
|
||||
int madArg0IndirectFieldToReturn(MyContainer *mc);
|
||||
MyContainer madArg0ToReturnField(int x);
|
||||
int madArg0FieldToReturn(MyContainer mc); // $ interpretElement
|
||||
int madArg0IndirectFieldToReturn(MyContainer *mc); // $ MISSING: interpretElement
|
||||
MyContainer madArg0ToReturnField(int x); // $ interpretElement
|
||||
|
||||
void test_summaries() {
|
||||
// test summaries
|
||||
@@ -169,29 +168,29 @@ void test_summaries() {
|
||||
class MyClass {
|
||||
public:
|
||||
// sources
|
||||
int memberRemoteMadSource();
|
||||
void memberRemoteMadSourceArg0(int *x);
|
||||
int memberRemoteMadSourceVar;
|
||||
int memberRemoteMadSource(); // $ interpretElement
|
||||
void memberRemoteMadSourceArg0(int *x); // $ interpretElement
|
||||
int memberRemoteMadSourceVar; // $ interpretElement
|
||||
|
||||
// sinks
|
||||
void memberMadSinkArg0(int x);
|
||||
int memberMadSinkVar;
|
||||
void memberMadSinkArg0(int x); // $ interpretElement
|
||||
int memberMadSinkVar; // $ interpretElement
|
||||
|
||||
// summaries
|
||||
void madArg0ToSelf(int x);
|
||||
int madSelfToReturn();
|
||||
void madArg0ToSelf(int x); // $ interpretElement
|
||||
int madSelfToReturn(); // $ interpretElement
|
||||
int notASummary();
|
||||
void madArg0ToField(int x);
|
||||
int madFieldToReturn();
|
||||
void madArg0ToField(int x); // $ interpretElement
|
||||
int madFieldToReturn(); // $ interpretElement
|
||||
|
||||
int val;
|
||||
};
|
||||
|
||||
class MyDerivedClass : public MyClass {
|
||||
public:
|
||||
int subtypeRemoteMadSource1();
|
||||
int subtypeRemoteMadSource1(); // $ interpretElement
|
||||
int subtypeNonSource();
|
||||
int subtypeRemoteMadSource2();
|
||||
int subtypeRemoteMadSource2(); // $ interpretElement
|
||||
};
|
||||
|
||||
MyClass source2();
|
||||
@@ -201,13 +200,13 @@ namespace MyNamespace {
|
||||
class MyClass {
|
||||
public:
|
||||
// sinks
|
||||
void namespaceMemberMadSinkArg0(int x);
|
||||
static void namespaceStaticMemberMadSinkArg0(int x);
|
||||
int namespaceMemberMadSinkVar;
|
||||
static int namespaceStaticMemberMadSinkVar;
|
||||
void namespaceMemberMadSinkArg0(int x); // $ interpretElement
|
||||
static void namespaceStaticMemberMadSinkArg0(int x); // $ interpretElement
|
||||
int namespaceMemberMadSinkVar; // $ interpretElement
|
||||
static int namespaceStaticMemberMadSinkVar; // $ interpretElement
|
||||
|
||||
// summaries
|
||||
int namespaceMadSelfToReturn();
|
||||
int namespaceMadSelfToReturn(); // $ interpretElement
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user