C++: Add failing tests with U_STRINGorID.

cpp/ql/test/library-tests/dataflow/external-models/flow.expected

@@ -11,14 +11,14 @@ edges
 | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 |
 | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance |  |
 | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 |
-| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:644 |
-| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:642  |
-| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:643 |
+| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:819 |
+| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:817  |
+| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:818 |
 | test.cpp:7:10:7:18 | call to ymlSource | test.cpp:13:18:13:18 | x | provenance |  |
 | test.cpp:13:10:13:16 | call to ymlStep | test.cpp:13:10:13:16 | call to ymlStep | provenance |  |
-| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:643 |
+| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:818 |
 | test.cpp:13:18:13:18 | x | test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | provenance |  |
-| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:644 |
+| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:819 |
 nodes
 | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer |
 | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer |

cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected

@@ -1,8 +1,27 @@
+| Dubious member name "operator +=" in summary model. |
+| Dubious member name "operator BSTR" in summary model. |
+| Dubious member name "operator LPCSTR" in summary model. |
+| Dubious member name "operator LPSAFEARRAY" in summary model. |
+| Dubious member name "operator LPSTR" in summary model. |
+| Dubious member name "operator LPWSTR" in summary model. |
+| Dubious member name "operator PCXSTR" in summary model. |
+| Dubious member name "operator StringType&" in summary model. |
+| Dubious member name "operator T*" in summary model. |
+| Dubious member name "operator const StringType&" in summary model. |
+| Dubious member name "operator&" in summary model. |
 | Dubious member name "operator*" in summary model. |
+| Dubious member name "operator+=" in summary model. |
 | Dubious member name "operator->" in summary model. |
 | Dubious member name "operator=" in summary model. |
 | Dubious member name "operator[]" in summary model. |
+| Dubious signature "(CRegKey&)" in summary model. |
+| Dubious signature "(DWORD&,LPCTSTR)" in summary model. |
 | Dubious signature "(InputIterator,InputIterator,const Allocator &)" in summary model. |
+| Dubious signature "(const CComBSTR&)" in summary model. |
+| Dubious signature "(const CComSafeArray&)" in summary model. |
+| Dubious signature "(const SAFEARRAY&)" in summary model. |
+| Dubious signature "(const SAFEARRAY*)" in summary model. |
+| Dubious signature "(const SAFEARRAYBOUND*, UINT)" in summary model. |
 | Dubious signature "(const deque &)" in summary model. |
 | Dubious signature "(const deque &,const Allocator &)" in summary model. |
 | Dubious signature "(const forward_list &)" in summary model. |
@@ -25,3 +44,5 @@
 | Dubious signature "(size_type,const T &,const Allocator &)" in summary model. |
 | Dubious signature "(vector &&)" in summary model. |
 | Dubious signature "(vector &&,const Allocator &)" in summary model. |
+| Dubious signature "operator HKEY" in summary model. |
+| Dubious signature "operator=" in summary model. |

cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp

@@ -63,3 +63,24 @@ typedef struct tagSAFEARRAY {
   PVOID          pvData;
   SAFEARRAYBOUND rgsabound[1];
 } SAFEARRAY, *LPSAFEARRAY;
+
+struct _U_STRINGorID {
+  _U_STRINGorID(UINT nID);
+  _U_STRINGorID(LPCTSTR lpString);
+
+  LPCTSTR m_lpstr;
+};
+
+void test__U_STRINGorID() {
+  {
+    UINT x = source<UINT>();
+    _U_STRINGorID u(x);
+    sink(u.m_lpstr); // $ MISSING: ir
+  }
+
+  {
+    LPCTSTR y = indirect_source<const char>();
+    _U_STRINGorID u(y);
+    sink(u.m_lpstr); // $ MISSING: ir
+  }
+}

cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected

@@ -140,6 +140,13 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future
 | arrayassignment.cpp:145:12:145:12 | 5 | arrayassignment.cpp:145:7:145:13 | access to array | TAINT |
 | arrayassignment.cpp:146:7:146:10 | arr3 | arrayassignment.cpp:146:7:146:13 | access to array |  |
 | arrayassignment.cpp:146:12:146:12 | 5 | arrayassignment.cpp:146:7:146:13 | access to array | TAINT |
+| atl.cpp:32:30:32:30 | 1 | atl.cpp:32:29:32:30 | - ... | TAINT |
+| atl.cpp:76:14:76:25 | call to source | atl.cpp:77:21:77:21 | x |  |
+| atl.cpp:77:21:77:21 | x | atl.cpp:77:21:77:22 | call to _U_STRINGorID | TAINT |
+| atl.cpp:77:21:77:22 | call to _U_STRINGorID | atl.cpp:78:10:78:10 | u |  |
+| atl.cpp:82:17:82:43 | call to indirect_source | atl.cpp:83:21:83:21 | y |  |
+| atl.cpp:83:21:83:21 | y | atl.cpp:83:21:83:22 | call to _U_STRINGorID | TAINT |
+| atl.cpp:83:21:83:22 | call to _U_STRINGorID | atl.cpp:84:10:84:10 | u |  |
 | bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s |  |
 | bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr |  |
 | bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr |  |