From 34314d0cb63d93d45da24cfef635f3124e077aff Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 13 May 2020 15:16:02 +0200 Subject: [PATCH] C++: Annotation field flow tests with [IR] and [AST] --- .../test/library-tests/dataflow/fields/A.cpp | 26 +++++++++---------- .../test/library-tests/dataflow/fields/B.cpp | 4 +-- .../test/library-tests/dataflow/fields/C.cpp | 4 +-- .../test/library-tests/dataflow/fields/D.cpp | 4 +-- .../test/library-tests/dataflow/fields/E.cpp | 6 ++--- .../dataflow/fields/aliasing.cpp | 8 +++--- .../dataflow/fields/by_reference.cpp | 10 +++---- .../library-tests/dataflow/fields/complex.cpp | 4 +-- .../dataflow/fields/constructors.cpp | 4 +-- .../library-tests/dataflow/fields/simple.cpp | 4 +-- .../dataflow/fields/struct_init.c | 10 +++---- 11 files changed, 42 insertions(+), 42 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/fields/A.cpp b/cpp/ql/test/library-tests/dataflow/fields/A.cpp index fd49e1e85ee..2b016b73de2 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/A.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/A.cpp @@ -40,21 +40,21 @@ public: cc.insert(nullptr); ct.insert(new C()); sink(&cc); // no flow - sink(&ct); // flow + sink(&ct); // flow [NOT DETECTED by IR] } void f1() { C *c = new C(); B *b = B::make(c); - sink(b->c); // flow + sink(b->c); // flow [NOT DETECTED by IR] } void f2() { B *b = new B(); b->set(new C1()); - sink(b->get()); // flow - sink((new B(new C()))->get()); // flow + sink(b->get()); // flow [NOT DETECTED by IR] + sink((new B(new C()))->get()); // flow [NOT DETECTED by IR] } void f3() @@ -63,7 +63,7 @@ public: B *b2; b2 = setOnB(b1, new C2()); sink(b1->c); // no flow - sink(b2->c); // flow + sink(b2->c); // flow [NOT DETECTED by IR] } void f4() @@ -72,7 +72,7 @@ public: B *b2; b2 = setOnBWrap(b1, new C2()); sink(b1->c); // no flow - sink(b2->c); // flow + sink(b2->c); // flow [NOT DETECTED by IR] } B *setOnBWrap(B *b1, C *c) @@ -104,7 +104,7 @@ public: { if (C1 *c1 = dynamic_cast(c)) { - sink(c1->a); // flow + sink(c1->a); // flow [NOT DETECTED by IR] } C *cc; if (C2 *c2 = dynamic_cast(c)) @@ -117,7 +117,7 @@ public: } if (C1 *c1 = dynamic_cast(cc)) { - sink(c1->a); // no flow, stopped by cast to C2 [FALSE POSITIVE] + sink(c1->a); // no flow, stopped by cast to C2 [FALSE POSITIVE in AST] } } @@ -129,7 +129,7 @@ public: { B *b = new B(); f7(b); - sink(b->c); // flow + sink(b->c); // flow [NOT DETECTED by IR] } class D @@ -149,8 +149,8 @@ public: { B *b = new B(); D *d = new D(b, r()); - sink(d->b); // flow x2 - sink(d->b->c); // flow + sink(d->b); // flow x2 [NOT DETECTED by IR] + sink(d->b->c); // flow [NOT DETECTED by IR] sink(b->c); // flow } @@ -162,11 +162,11 @@ public: MyList *l3 = new MyList(nullptr, l2); sink(l3->head); // no flow, b is nested beneath at least one ->next sink(l3->next->head); // no flow - sink(l3->next->next->head); // flow + sink(l3->next->next->head); // flow [NOT DETECTED by IR] sink(l3->next->next->next->head); // no flow for (MyList *l = l3; l != nullptr; l = l->next) { - sink(l->head); // flow + sink(l->head); // flow [NOT DETECTED by IR] } } diff --git a/cpp/ql/test/library-tests/dataflow/fields/B.cpp b/cpp/ql/test/library-tests/dataflow/fields/B.cpp index d1e74175c8d..33d45caaa2d 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/B.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/B.cpp @@ -6,7 +6,7 @@ class B Elem *e = new Elem(); Box1 *b1 = new Box1(e, nullptr); Box2 *b2 = new Box2(b1); - sink(b2->box1->elem1); // flow + sink(b2->box1->elem1); // flow [NOT DETECTED by IR] sink(b2->box1->elem2); // no flow } @@ -16,7 +16,7 @@ class B Box1 *b1 = new B::Box1(nullptr, e); Box2 *b2 = new Box2(b1); sink(b2->box1->elem1); // no flow - sink(b2->box1->elem2); // flow + sink(b2->box1->elem2); // flow [NOT DETECTED by IR] } static void sink(void *o) {} diff --git a/cpp/ql/test/library-tests/dataflow/fields/C.cpp b/cpp/ql/test/library-tests/dataflow/fields/C.cpp index 7c054279851..44ab81e9cd3 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/C.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/C.cpp @@ -26,9 +26,9 @@ public: void func() { - sink(s1); // flow + sink(s1); // flow [NOT DETECTED by IR] sink(s2); // flow [NOT DETECTED] - sink(s3); // flow + sink(s3); // flow [NOT DETECTED by IR] sink(s4); // flow [NOT DETECTED] } diff --git a/cpp/ql/test/library-tests/dataflow/fields/D.cpp b/cpp/ql/test/library-tests/dataflow/fields/D.cpp index be77fe3bed9..bd4df85e377 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/D.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/D.cpp @@ -19,7 +19,7 @@ public: }; static void sinkWrap(Box2* b2) { - sink(b2->getBox1()->getElem()); + sink(b2->getBox1()->getElem()); // flow from f1, f2, f3, f9 [NOT DETECTED by IR] } Box2* boxfield; @@ -61,6 +61,6 @@ public: private: void f5b() { - sink(boxfield->box->elem); + sink(boxfield->box->elem); // flow [NOT DETECTED by IR] } }; diff --git a/cpp/ql/test/library-tests/dataflow/fields/E.cpp b/cpp/ql/test/library-tests/dataflow/fields/E.cpp index fc745a9facc..6e98dada48d 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/E.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/E.cpp @@ -18,7 +18,7 @@ void sink(char *b); void handlePacket(packet *p) { - sink(p->data.buffer); + sink(p->data.buffer); // flow [NOT DETECTED by IR] } void f(buf* b) @@ -28,7 +28,7 @@ void f(buf* b) argument_source(raw); argument_source(b->buffer); argument_source(p.data.buffer); - sink(raw); - sink(b->buffer); + sink(raw); // flow [NOT DETECTED by IR] + sink(b->buffer); // flow [NOT DETECTED by IR] handlePacket(&p); } \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/fields/aliasing.cpp b/cpp/ql/test/library-tests/dataflow/fields/aliasing.cpp index 8a5dcc0e509..c22706d4d27 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/aliasing.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/aliasing.cpp @@ -35,12 +35,12 @@ void assignAfterAlias() { S s1 = { 0, 0 }; S &ref1 = s1; ref1.m1 = user_input(); - sink(s1.m1); // flow [FALSE NEGATIVE] + sink(s1.m1); // flow [NOT DETECTED by AST] S s2 = { 0, 0 }; S &ref2 = s2; s2.m1 = user_input(); - sink(ref2.m1); // flow [FALSE NEGATIVE] + sink(ref2.m1); // flow [NOT DETECTED by AST] } void assignAfterCopy() { @@ -77,14 +77,14 @@ void pointerIntermediate() { Wrapper w = { { 0, 0 } }; S *s = &w.s; s->m1 = user_input(); - sink(w.s.m1); // flow [FALSE NEGATIVE] + sink(w.s.m1); // flow [NOT DETECTED by AST] } void referenceIntermediate() { Wrapper w = { { 0, 0 } }; S &s = w.s; s.m1 = user_input(); - sink(w.s.m1); // flow [FALSE NEGATIVE] + sink(w.s.m1); // flow [NOT DETECTED by AST] } void nestedAssign() { diff --git a/cpp/ql/test/library-tests/dataflow/fields/by_reference.cpp b/cpp/ql/test/library-tests/dataflow/fields/by_reference.cpp index da9e53723ab..653530ea5cb 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/by_reference.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/by_reference.cpp @@ -48,25 +48,25 @@ struct S { void test_setDirectly() { S s; s.setDirectly(user_input()); - sink(s.getDirectly()); // flow + sink(s.getDirectly()); // flow [NOT DETECTED by IR] } void test_setIndirectly() { S s; s.setIndirectly(user_input()); - sink(s.getIndirectly()); // flow + sink(s.getIndirectly()); // flow [NOT DETECTED by IR] } void test_setThroughNonMember() { S s; s.setThroughNonMember(user_input()); - sink(s.getThroughNonMember()); // flow + sink(s.getThroughNonMember()); // flow [NOT DETECTED by IR] } void test_nonMemberSetA() { S s; nonMemberSetA(&s, user_input()); - sink(nonMemberGetA(&s)); // flow + sink(nonMemberGetA(&s)); // flow [NOT DETECTED by IR] } //////////////////// @@ -127,7 +127,7 @@ void test_outer_with_ref(Outer *pouter) { taint_inner_a_ref(*pouter->inner_ptr); taint_a_ref(pouter->a); - sink(outer.inner_nested.a); // flow + sink(outer.inner_nested.a); // flow [IR] sink(outer.inner_ptr->a); // flow [NOT DETECTED by IR] sink(outer.a); // flow [NOT DETECTED by IR] diff --git a/cpp/ql/test/library-tests/dataflow/fields/complex.cpp b/cpp/ql/test/library-tests/dataflow/fields/complex.cpp index 31ed50283be..3d1714d0038 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/complex.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/complex.cpp @@ -41,8 +41,8 @@ void bar(Bar &b) // then it tracks that both `a_` and `b_` have followed `f` in _some_ access // path somewhere in the search. That makes the library conclude that there // could be flow to `b.f.a_` even when the flow was actually to `b.f.b_`. - sink(b.f.a()); // flow [FALSE POSITIVE through `b2.f.setB` and `b3.f.setB`] - sink(b.f.b()); // flow [FALSE POSITIVE through `b1.f.setA` and `b3.f.setA`] + sink(b.f.a()); // flow [FALSE POSITIVE through `b2.f.setB` and `b3.f.setB` in AST, NOT DETECTED by IR] + sink(b.f.b()); // flow [FALSE POSITIVE through `b1.f.setA` (AST) and `b3.f.setA` in AST, NOT DETECTED by IR] } void foo() diff --git a/cpp/ql/test/library-tests/dataflow/fields/constructors.cpp b/cpp/ql/test/library-tests/dataflow/fields/constructors.cpp index d9b55c0d4ba..aa24e5cff21 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/constructors.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/constructors.cpp @@ -25,8 +25,8 @@ public: void bar(Foo &f) { - sink(f.a()); // flow (through `f` and `h`) - sink(f.b()); // flow (through `g` and `h`) + sink(f.a()); // flow (through `f` and `h`) [NOT DETECTED by IR] + sink(f.b()); // flow (through `g` and `h`) [NOT DETECTED by IR] } void foo() diff --git a/cpp/ql/test/library-tests/dataflow/fields/simple.cpp b/cpp/ql/test/library-tests/dataflow/fields/simple.cpp index e286fda9350..11d23d515ab 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/simple.cpp +++ b/cpp/ql/test/library-tests/dataflow/fields/simple.cpp @@ -64,7 +64,7 @@ void single_field_test() A a; a.i = user_input(); A a2 = a; - sink(a2.i); + sink(a2.i); // flow } struct C { @@ -81,7 +81,7 @@ struct C2 void m() { f2.f1 = user_input(); - sink(getf2f1()); // flow + sink(getf2f1()); // flow [NOT DETECTED by IR] } }; diff --git a/cpp/ql/test/library-tests/dataflow/fields/struct_init.c b/cpp/ql/test/library-tests/dataflow/fields/struct_init.c index 2d044cf79d8..5302078996f 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/struct_init.c +++ b/cpp/ql/test/library-tests/dataflow/fields/struct_init.c @@ -12,32 +12,32 @@ struct Outer { }; void absink(struct AB *ab) { - sink(ab->a); // flow (three sources) + sink(ab->a); // flow from (1), (2), (3) [NOT DETECTED by IR] sink(ab->b); // no flow } int struct_init(void) { - struct AB ab = { user_input(), 0 }; + struct AB ab = { user_input(), 0 }; // (1) sink(ab.a); // flow sink(ab.b); // no flow absink(&ab); struct Outer outer = { - { user_input(), 0 }, + { user_input(), 0 }, // (2) &ab, }; sink(outer.nestedAB.a); // flow sink(outer.nestedAB.b); // no flow - sink(outer.pointerAB->a); // flow + sink(outer.pointerAB->a); // flow [NOT DETECTED by IR] sink(outer.pointerAB->b); // no flow absink(&outer.nestedAB); } int struct_init2(void) { - struct AB ab = { user_input(), 0 }; + struct AB ab = { user_input(), 0 }; // (3) struct Outer outer = { { user_input(), 0 }, &ab,