C++: Add a few more test cases.

2026-04-28 18:25:24 +02:00 · 2020-09-02 17:44:55 +01:00
parent 1ad404c605
commit 1ac0aa169d
6 changed files with 102 additions and 8 deletions
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
@@ -461,12 +461,12 @@
 | standalone_iterators.cpp:51:37:51:43 | source1 | standalone_iterators.cpp:53:12:53:18 | source1 |  |
 | standalone_iterators.cpp:51:37:51:43 | source1 | standalone_iterators.cpp:54:14:54:20 | source1 |  |
 | standalone_iterators.cpp:53:12:53:18 | ref arg source1 | standalone_iterators.cpp:54:14:54:20 | source1 |  |
-| stl.h:171:30:171:40 | call to allocator | stl.h:171:21:171:41 | noexcept(...) | TAINT |
-| stl.h:171:30:171:40 | call to allocator | stl.h:171:21:171:41 | noexcept(...) | TAINT |
-| stl.h:171:30:171:40 | call to allocator | stl.h:171:21:171:41 | noexcept(...) | TAINT |
-| stl.h:171:30:171:40 | call to allocator | stl.h:171:21:171:41 | noexcept(...) | TAINT |
-| stl.h:171:30:171:40 | call to allocator | stl.h:171:21:171:41 | noexcept(...) | TAINT |
-| stl.h:171:53:171:63 | 0 | stl.h:171:46:171:64 | (no string representation) | TAINT |
+| stl.h:172:30:172:40 | call to allocator | stl.h:172:21:172:41 | noexcept(...) | TAINT |
+| stl.h:172:30:172:40 | call to allocator | stl.h:172:21:172:41 | noexcept(...) | TAINT |
+| stl.h:172:30:172:40 | call to allocator | stl.h:172:21:172:41 | noexcept(...) | TAINT |
+| stl.h:172:30:172:40 | call to allocator | stl.h:172:21:172:41 | noexcept(...) | TAINT |
+| stl.h:172:30:172:40 | call to allocator | stl.h:172:21:172:41 | noexcept(...) | TAINT |
+| stl.h:172:53:172:63 | 0 | stl.h:172:46:172:64 | (no string representation) | TAINT |
 | string.cpp:24:12:24:17 | call to source | string.cpp:28:7:28:7 | a |  |
 | string.cpp:25:16:25:20 | 123 | string.cpp:25:16:25:21 | call to basic_string | TAINT |
 | string.cpp:25:16:25:21 | call to basic_string | string.cpp:29:7:29:7 | b |  |
@@ -1211,6 +1211,28 @@
 | string.cpp:490:31:490:32 | s5 | string.cpp:490:34:490:37 | call to cend | TAINT |
 | string.cpp:490:34:490:37 | call to cend | string.cpp:490:8:490:9 | ref arg s6 | TAINT |
 | string.cpp:490:34:490:37 | call to cend | string.cpp:490:11:490:16 | call to assign | TAINT |
+| string.cpp:496:14:496:18 | abc | string.cpp:498:17:498:19 | cs1 |  |
+| string.cpp:497:14:497:19 | call to source | string.cpp:499:17:499:19 | cs2 |  |
+| string.cpp:498:17:498:19 | cs1 | string.cpp:498:17:498:20 | call to basic_string | TAINT |
+| string.cpp:498:17:498:20 | call to basic_string | string.cpp:500:17:500:18 | s1 |  |
+| string.cpp:498:17:498:20 | call to basic_string | string.cpp:500:29:500:30 | s1 |  |
+| string.cpp:498:17:498:20 | call to basic_string | string.cpp:503:7:503:8 | s1 |  |
+| string.cpp:499:17:499:19 | cs2 | string.cpp:499:17:499:20 | call to basic_string | TAINT |
+| string.cpp:499:17:499:20 | call to basic_string | string.cpp:501:17:501:18 | s2 |  |
+| string.cpp:499:17:499:20 | call to basic_string | string.cpp:501:29:501:30 | s2 |  |
+| string.cpp:499:17:499:20 | call to basic_string | string.cpp:504:7:504:8 | s2 |  |
+| string.cpp:500:17:500:18 | ref arg s1 | string.cpp:500:29:500:30 | s1 |  |
+| string.cpp:500:17:500:18 | ref arg s1 | string.cpp:503:7:503:8 | s1 |  |
+| string.cpp:500:17:500:18 | s1 | string.cpp:500:20:500:24 | call to begin | TAINT |
+| string.cpp:500:17:500:37 | call to basic_string | string.cpp:505:7:505:8 | s3 |  |
+| string.cpp:500:29:500:30 | ref arg s1 | string.cpp:503:7:503:8 | s1 |  |
+| string.cpp:500:29:500:30 | s1 | string.cpp:500:32:500:34 | call to end | TAINT |
+| string.cpp:501:17:501:18 | ref arg s2 | string.cpp:501:29:501:30 | s2 |  |
+| string.cpp:501:17:501:18 | ref arg s2 | string.cpp:504:7:504:8 | s2 |  |
+| string.cpp:501:17:501:18 | s2 | string.cpp:501:20:501:24 | call to begin | TAINT |
+| string.cpp:501:17:501:37 | call to basic_string | string.cpp:506:7:506:8 | s4 |  |
+| string.cpp:501:29:501:30 | ref arg s2 | string.cpp:504:7:504:8 | s2 |  |
+| string.cpp:501:29:501:30 | s2 | string.cpp:501:32:501:34 | call to end | TAINT |
 | stringstream.cpp:13:20:13:22 | call to basic_stringstream | stringstream.cpp:16:2:16:4 | ss1 |  |
 | stringstream.cpp:13:20:13:22 | call to basic_stringstream | stringstream.cpp:22:7:22:9 | ss1 |  |
 | stringstream.cpp:13:20:13:22 | call to basic_stringstream | stringstream.cpp:27:7:27:9 | ss1 |  |
@@ -2988,3 +3010,39 @@
 | vector.cpp:311:38:311:40 | call to end | vector.cpp:311:7:311:7 | ref arg d | TAINT |
 | vector.cpp:311:38:311:40 | call to end | vector.cpp:311:9:311:14 | call to insert | TAINT |
 | vector.cpp:312:7:312:7 | ref arg d | vector.cpp:313:1:313:1 | d |  |
+| vector.cpp:316:19:316:20 | call to vector | vector.cpp:320:22:320:23 | v1 |  |
+| vector.cpp:316:19:316:20 | call to vector | vector.cpp:320:34:320:35 | v1 |  |
+| vector.cpp:316:19:316:20 | call to vector | vector.cpp:323:7:323:8 | v1 |  |
+| vector.cpp:316:19:316:20 | call to vector | vector.cpp:327:1:327:1 | v1 |  |
+| vector.cpp:317:19:317:20 | call to vector | vector.cpp:318:2:318:3 | v2 |  |
+| vector.cpp:317:19:317:20 | call to vector | vector.cpp:321:22:321:23 | v2 |  |
+| vector.cpp:317:19:317:20 | call to vector | vector.cpp:321:34:321:35 | v2 |  |
+| vector.cpp:317:19:317:20 | call to vector | vector.cpp:324:7:324:8 | v2 |  |
+| vector.cpp:317:19:317:20 | call to vector | vector.cpp:327:1:327:1 | v2 |  |
+| vector.cpp:318:2:318:3 | ref arg v2 | vector.cpp:321:22:321:23 | v2 |  |
+| vector.cpp:318:2:318:3 | ref arg v2 | vector.cpp:321:34:321:35 | v2 |  |
+| vector.cpp:318:2:318:3 | ref arg v2 | vector.cpp:324:7:324:8 | v2 |  |
+| vector.cpp:318:2:318:3 | ref arg v2 | vector.cpp:327:1:327:1 | v2 |  |
+| vector.cpp:318:15:318:20 | call to source | vector.cpp:318:2:318:3 | ref arg v2 | TAINT |
+| vector.cpp:320:22:320:23 | ref arg v1 | vector.cpp:320:34:320:35 | v1 |  |
+| vector.cpp:320:22:320:23 | ref arg v1 | vector.cpp:323:7:323:8 | v1 |  |
+| vector.cpp:320:22:320:23 | ref arg v1 | vector.cpp:327:1:327:1 | v1 |  |
+| vector.cpp:320:22:320:23 | v1 | vector.cpp:320:25:320:29 | call to begin | TAINT |
+| vector.cpp:320:22:320:42 | call to vector | vector.cpp:325:7:325:8 | v3 |  |
+| vector.cpp:320:22:320:42 | call to vector | vector.cpp:327:1:327:1 | v3 |  |
+| vector.cpp:320:34:320:35 | ref arg v1 | vector.cpp:323:7:323:8 | v1 |  |
+| vector.cpp:320:34:320:35 | ref arg v1 | vector.cpp:327:1:327:1 | v1 |  |
+| vector.cpp:320:34:320:35 | v1 | vector.cpp:320:37:320:39 | call to end | TAINT |
+| vector.cpp:321:22:321:23 | ref arg v2 | vector.cpp:321:34:321:35 | v2 |  |
+| vector.cpp:321:22:321:23 | ref arg v2 | vector.cpp:324:7:324:8 | v2 |  |
+| vector.cpp:321:22:321:23 | ref arg v2 | vector.cpp:327:1:327:1 | v2 |  |
+| vector.cpp:321:22:321:23 | v2 | vector.cpp:321:25:321:29 | call to begin | TAINT |
+| vector.cpp:321:22:321:42 | call to vector | vector.cpp:326:7:326:8 | v4 |  |
+| vector.cpp:321:22:321:42 | call to vector | vector.cpp:327:1:327:1 | v4 |  |
+| vector.cpp:321:34:321:35 | ref arg v2 | vector.cpp:324:7:324:8 | v2 |  |
+| vector.cpp:321:34:321:35 | ref arg v2 | vector.cpp:327:1:327:1 | v2 |  |
+| vector.cpp:321:34:321:35 | v2 | vector.cpp:321:37:321:39 | call to end | TAINT |
+| vector.cpp:323:7:323:8 | ref arg v1 | vector.cpp:327:1:327:1 | v1 |  |
+| vector.cpp:324:7:324:8 | ref arg v2 | vector.cpp:327:1:327:1 | v2 |  |
+| vector.cpp:325:7:325:8 | ref arg v3 | vector.cpp:327:1:327:1 | v3 |  |
+| vector.cpp:326:7:326:8 | ref arg v4 | vector.cpp:327:1:327:1 | v4 |  |
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/stl.h
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/stl.h
@@ -75,6 +75,7 @@ namespace std

 		explicit basic_string(const Allocator& a = Allocator());
 		basic_string(const charT* s, const Allocator& a = Allocator());
+		template<class InputIterator> basic_string(InputIterator begin, InputIterator end, const Allocator& a = Allocator());

 		const charT* c_str() const;
 		charT* data() noexcept;
@@ -171,7 +172,10 @@ namespace std {
 		vector() noexcept(noexcept(Allocator())) : vector(Allocator()) { }
 		explicit vector(const Allocator&) noexcept;
 		explicit vector(size_type n, const Allocator& = Allocator());
-		vector(size_type n, const T& value, const Allocator& = Allocator()); 
+		vector(size_type n, const T& value, const Allocator& = Allocator());
+		template<class InputIterator, class IteratorCategory = typename InputIterator::iterator_category> vector(InputIterator first, InputIterator last, const Allocator& = Allocator());
+			// use of `iterator_category` makes sure InputIterator is (probably) an iterator, and not an `int` or
+			// similar that should match a different overload (SFINAE).
 		~vector();

 		vector& operator=(const vector& x);
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/string.cpp
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/string.cpp
@@ -491,3 +491,17 @@ void test_string_iterator_methods()
 		sink(s6); // [FALSE POSITIVE]
 	}
 }
+
+void test_constructors_more() {
+	char *cs1 = "abc";
+	char *cs2 = source();
+	std::string s1(cs1);
+	std::string s2(cs2);
+	std::string s3(s1.begin(), s1.end());
+	std::string s4(s2.begin(), s2.end());
+
+	sink(s1);
+	sink(s2); // tainted
+	sink(s3);
+	sink(s4); // tainted [NOT DETECTED]
+}
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.expected
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.expected
@@ -136,6 +136,7 @@
 | string.cpp:487:10:487:15 | call to assign | string.cpp:482:18:482:23 | call to source |
 | string.cpp:488:8:488:8 | h | string.cpp:482:18:482:23 | call to source |
 | string.cpp:491:8:491:9 | s6 | string.cpp:482:18:482:23 | call to source |
+| string.cpp:504:7:504:8 | s2 | string.cpp:497:14:497:19 | call to source |
 | structlikeclass.cpp:35:8:35:9 | s1 | structlikeclass.cpp:29:22:29:27 | call to source |
 | structlikeclass.cpp:36:8:36:9 | s2 | structlikeclass.cpp:30:24:30:29 | call to source |
 | structlikeclass.cpp:37:8:37:9 | s3 | structlikeclass.cpp:29:22:29:27 | call to source |
@@ -304,3 +305,4 @@
 | vector.cpp:309:7:309:7 | c | vector.cpp:303:14:303:19 | call to source |
 | vector.cpp:311:9:311:14 | call to insert | vector.cpp:303:14:303:19 | call to source |
 | vector.cpp:312:7:312:7 | d | vector.cpp:303:14:303:19 | call to source |
+| vector.cpp:324:7:324:8 | v2 | vector.cpp:318:15:318:20 | call to source |
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_diff.expected
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_diff.expected
@@ -146,6 +146,7 @@
 | string.cpp:487:10:487:15 | string.cpp:482:18:482:23 | AST only |
 | string.cpp:488:8:488:8 | string.cpp:482:18:482:23 | AST only |
 | string.cpp:491:8:491:9 | string.cpp:482:18:482:23 | AST only |
+| string.cpp:504:7:504:8 | string.cpp:497:14:497:19 | AST only |
 | structlikeclass.cpp:35:8:35:9 | structlikeclass.cpp:29:22:29:27 | AST only |
 | structlikeclass.cpp:36:8:36:9 | structlikeclass.cpp:30:24:30:29 | AST only |
 | structlikeclass.cpp:37:8:37:9 | structlikeclass.cpp:29:22:29:27 | AST only |
@@ -253,3 +254,4 @@
 | vector.cpp:309:7:309:7 | vector.cpp:303:14:303:19 | AST only |
 | vector.cpp:311:9:311:14 | vector.cpp:303:14:303:19 | AST only |
 | vector.cpp:312:7:312:7 | vector.cpp:303:14:303:19 | AST only |
+| vector.cpp:324:7:324:8 | vector.cpp:318:15:318:20 | AST only |
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp
@@ -310,4 +310,18 @@ void test_vector_insert() {

 	sink(d.insert(d.end(), a.begin(), a.end())); // tainted
 	sink(d); // tainted
-}
+}
+
+void test_constructors_more() {
+	std::vector<int> v1;
+	std::vector<int> v2;
+	v2.push_back(source());
+
+	std::vector<int> v3(v1.begin(), v1.end());
+	std::vector<int> v4(v2.begin(), v2.end());
+
+	sink(v1);
+	sink(v2); // tainted
+	sink(v3);
+	sink(v4); // tainted [NOT DETECTED]
+}