hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 20:26:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

C++: Fix queries. Since there's no longer indirect -> direct flow in

Browse Source 
taint-tracking we need to make sure the affected sink definitions also
handle indirect flow.
This commit is contained in:
Mathias Vorreiter Pedersen
2023-02-26 17:58:45 +00:00
parent 1db24dd28d
commit 354a12c906
17 changed files with 443 additions and 377 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cpp/ql/src/Critical/OverflowDestination.ql
View File

@@ -71,7 +71,7 @@ class OverflowDestinationConfig extends TaintTracking::Configuration {
override predicate isSource(DataFlow::Node source) { source instanceof FlowSource }
override predicate isSink(DataFlow::Node sink) { sourceSized(_, sink.asConvertedExpr()) }
override predicate isSink(DataFlow::Node sink) { sourceSized(_, sink.asIndirectConvertedExpr()) }
override predicate isSanitizer(DataFlow::Node node) {
exists(Variable checkedVar |
@@ -91,6 +91,6 @@ from
DataFlow::PathNode sink
where
conf.hasFlowPath(source, sink) and
sourceSized(fc, sink.getNode().asConvertedExpr())
sourceSized(fc, sink.getNode().asIndirectConvertedExpr())
select fc, source, sink,
"To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size."

20
cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql
View File

@@ -57,9 +57,12 @@ predicate underscoreMacro(Expr e) {
*/
predicate cannotContainString(Type t, boolean isIndirect) {
isIndirect = false and
(
t.getUnspecifiedType() instanceof BuiltInType or
t.getUnspecifiedType() instanceof IntegralOrEnumType
exists(Type unspecified |
unspecified = t.getUnspecifiedType() and
not unspecified instanceof UnknownType
|
unspecified instanceof BuiltInType or
unspecified instanceof IntegralOrEnumType
)
}
@@ -124,6 +127,11 @@ predicate isSanitizerNode(DataFlow::Node node) {
cannotContainString(node.getType(), false)
}
predicate isSinkImpl(DataFlow::Node sink, Expr formatString) {
[sink.asExpr(), sink.asIndirectExpr()] = formatString and
exists(FormattingFunctionCall fc | formatString = fc.getArgument(fc.getFormatParameterIndex()))
}
class NonConstFlow extends TaintTracking::Configuration {
NonConstFlow() { this = "NonConstFlow" }
@@ -135,9 +143,7 @@ class NonConstFlow extends TaintTracking::Configuration {
)
}
override predicate isSink(DataFlow::Node sink) {
exists(FormattingFunctionCall fc | sink.asExpr() = fc.getArgument(fc.getFormatParameterIndex()))
}
override predicate isSink(DataFlow::Node sink) { isSinkImpl(sink, _) }
override predicate isSanitizer(DataFlow::Node node) { isSanitizerNode(node) }
}
@@ -147,7 +153,7 @@ where
call.getArgument(call.getFormatParameterIndex()) = formatString and
exists(NonConstFlow cf, DataFlow::Node sink |
cf.hasFlowTo(sink) and
sink.asExpr() = formatString
isSinkImpl(sink, formatString)
)
select formatString,
"The format string argument to " + call.getTarget().getName() +

10
cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql
View File

@@ -48,9 +48,11 @@ class ToBufferConfiguration extends TaintTracking::Configuration {
node.asExpr().getUnspecifiedType() instanceof IntegralType
}
override predicate isSink(DataFlow::Node sink) {
exists(SensitiveBufferWrite w | w.getASource() = sink.asExpr())
}
override predicate isSink(DataFlow::Node sink) { isSinkImpl(sink, _) }
}
predicate isSinkImpl(DataFlow::Node sink, SensitiveBufferWrite w) {
w.getASource() = sink.asIndirectExpr()
}
from
@@ -59,7 +61,7 @@ from
where
config.hasFlowPath(sourceNode, sinkNode) and
sourceNode.getNode() = source and
w.getASource() = sinkNode.getNode().asExpr()
isSinkImpl(sinkNode.getNode(), w)
select w, sourceNode, sinkNode,
"This write into buffer '" + w.getDest().toString() + "' may contain unencrypted data from $@.",
source, "user input (" + source.getSourceType() + ")"

32
cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql
View File

@@ -26,15 +26,32 @@ import DataFlow::PathGraph
class FromSensitiveConfiguration extends TaintTracking::Configuration {
FromSensitiveConfiguration() { this = "FromSensitiveConfiguration" }
override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof SensitiveExpr }
override predicate isSource(DataFlow::Node source) { isSourceImpl(source, _) }
override predicate isSink(DataFlow::Node sink) { any(FileWrite w).getASource() = sink.asExpr() }
override predicate isSink(DataFlow::Node sink) { isSinkImpl(sink, _, _) }
override predicate isSanitizer(DataFlow::Node node) {
node.asExpr().getUnspecifiedType() instanceof IntegralType
}
}
predicate isSinkImpl(DataFlow::Node sink, FileWrite w, Expr dest) {
exists(Expr e |
e = [sink.asExpr(), sink.asIndirectExpr()] and
w.getASource() = e and
dest = w.getDest() and
// ignore things written with other conversion characters
not exists(string convChar | convChar = w.getSourceConvChar(e) | not convChar = ["s", "S"]) and
// exclude calls with standard streams
not dest.(VariableAccess).getTarget().getName() = ["stdin", "stdout", "stderr"]
)
}
predicate isSourceImpl(DataFlow::Node source, SensitiveExpr sensitive) {
not isFileName(globalValueNumber(sensitive)) and // file names are not passwords
source.asExpr() = sensitive
}
/**
* An operation on a filename.
*/
@@ -61,17 +78,12 @@ predicate isFileName(GVN gvn) {
}
from
FromSensitiveConfiguration config, SensitiveExpr source, DataFlow::PathNode sourceNode, Expr mid,
FromSensitiveConfiguration config, SensitiveExpr source, DataFlow::PathNode sourceNode,
DataFlow::PathNode midNode, FileWrite w, Expr dest
where
config.hasFlowPath(sourceNode, midNode) and
sourceNode.getNode().asExpr() = source and
midNode.getNode().asExpr() = mid and
mid = w.getASource() and
dest = w.getDest() and
not dest.(VariableAccess).getTarget().getName() = ["stdin", "stdout", "stderr"] and // exclude calls with standard streams
not isFileName(globalValueNumber(source)) and // file names are not passwords
not exists(string convChar | convChar = w.getSourceConvChar(mid) | not convChar = ["s", "S"]) // ignore things written with other conversion characters
isSourceImpl(sourceNode.getNode(), source) and
isSinkImpl(midNode.getNode(), w, dest)
select w, sourceNode, midNode,
"This write into file '" + dest.toString() + "' may contain unencrypted data from $@.", source,
"this source."

2
cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
View File

@@ -208,7 +208,7 @@ class Encrypted extends Expr {
* operation `nsr`.
*/
predicate isSinkSendRecv(DataFlow::Node sink, NetworkSendRecv nsr) {
sink.asConvertedExpr() = nsr.getDataExpr().getFullyConverted()
[sink.asIndirectConvertedExpr(), sink.asConvertedExpr()] = nsr.getDataExpr().getFullyConverted()
}
/**

14
cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql
View File

@@ -59,11 +59,11 @@ class HttpStringToUrlOpenConfig extends TaintTracking::Configuration {
override predicate isSource(DataFlow::Node src) {
// Sources are strings containing an HTTP URL not in a private domain.
src.asExpr() instanceof HttpStringLiteral and
src.asIndirectExpr() instanceof HttpStringLiteral and
// block taint starting at `strstr`, which is likely testing an existing URL, rather than constructing an HTTP URL.
not exists(FunctionCall fc |
fc.getTarget().getName() = ["strstr", "strcasestr"] and
fc.getArgument(1) = globalValueNumber(src.asExpr()).getAnExpr()
fc.getArgument(1) = globalValueNumber(src.asIndirectExpr()).getAnExpr()
)
}
@@ -77,16 +77,16 @@ class HttpStringToUrlOpenConfig extends TaintTracking::Configuration {
"system", "gethostbyname", "gethostbyname2", "gethostbyname_r", "getaddrinfo",
"X509_load_http", "X509_CRL_load_http"
]) and
sink.asExpr() = fc.getArgument(0)
sink.asIndirectExpr() = fc.getArgument(0)
or
fc.getTarget().hasGlobalOrStdName(["send", "URLDownloadToFile", "URLDownloadToCacheFile"]) and
sink.asExpr() = fc.getArgument(1)
sink.asIndirectExpr() = fc.getArgument(1)
or
fc.getTarget().hasGlobalOrStdName(["curl_easy_setopt", "getnameinfo"]) and
sink.asExpr() = fc.getArgument(2)
sink.asIndirectExpr() = fc.getArgument(2)
or
fc.getTarget().hasGlobalOrStdName(["ShellExecute", "ShellExecuteA", "ShellExecuteW"]) and
sink.asExpr() = fc.getArgument(3)
sink.asIndirectExpr() = fc.getArgument(3)
)
}
}
@@ -96,5 +96,5 @@ from
HttpStringLiteral str
where
config.hasFlowPath(source, sink) and
str = source.getNode().asExpr()
str = source.getNode().asIndirectExpr()
select str, source, sink, "This URL may be constructed with the HTTP protocol."

4
cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql
View File

@@ -27,7 +27,7 @@ class ExposedSystemDataConfiguration extends TaintTracking::Configuration {
exists(FunctionCall fc, FunctionInput input, int arg |
fc.getTarget().(RemoteFlowSinkFunction).hasRemoteFlowSink(input, _) and
input.isParameterDeref(arg) and
fc.getArgument(arg).getAChild*() = sink.asExpr()
fc.getArgument(arg).getAChild*() = sink.asIndirectExpr()
)
}
}
@@ -39,7 +39,7 @@ where
DataFlow::Node alt // remove duplicate results on conversions
|
config.hasFlow(source.getNode(), alt) and
alt.asConvertedExpr() = sink.getNode().asExpr() and
alt.asConvertedExpr() = sink.getNode().asIndirectExpr() and
alt != sink.getNode()
)
select sink, source, sink, "This operation exposes system data from $@.", source,

2
cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql
View File

@@ -39,7 +39,7 @@ class PotentiallyExposedSystemDataConfiguration extends TaintTracking::Configura
}
override predicate isSink(DataFlow::Node sink) {
exists(OutputWrite ow | ow.getASource().getAChild*() = sink.asExpr())
exists(OutputWrite ow | ow.getASource().getAChild*() = sink.asIndirectExpr())
}
}

18
cpp/ql/src/Security/CWE/CWE-497/SystemData.qll
View File

@@ -34,7 +34,7 @@ class EnvData extends SystemData {
.regexpMatch(".*(user|host|admin|root|home|path|http|ssl|snmp|sock|port|proxy|pass|token|crypt|key).*")
}
override DataFlow::Node getAnExpr() { result.asConvertedExpr() = this }
override DataFlow::Node getAnExpr() { result.asIndirectConvertedExpr() = this }
override predicate isSensitive() {
this.(EnvironmentRead)
@@ -50,7 +50,7 @@ class EnvData extends SystemData {
class SqlClientInfo extends SystemData {
SqlClientInfo() { this.(FunctionCall).getTarget().hasName("mysql_get_client_info") }
override DataFlow::Node getAnExpr() { result.asConvertedExpr() = this }
override DataFlow::Node getAnExpr() { result.asIndirectConvertedExpr() = this }
override predicate isSensitive() { any() }
}
@@ -72,7 +72,7 @@ private predicate sqlConnectInfo(FunctionCall source, Expr use) {
class SqlConnectInfo extends SystemData {
SqlConnectInfo() { sqlConnectInfo(this, _) }
override DataFlow::Node getAnExpr() { sqlConnectInfo(this, result.asConvertedExpr()) }
override DataFlow::Node getAnExpr() { sqlConnectInfo(this, result.asExpr()) }
override predicate isSensitive() { any() }
}
@@ -114,7 +114,7 @@ private predicate posixPWInfo(FunctionCall source, DataFlow::Node use) {
source
.getTarget()
.hasName(["getpwnam", "getpwuid", "getpwent", "getgrnam", "getgrgid", "getgrent"]) and
use.asConvertedExpr() = source
use.asIndirectExpr() = source
or
// int getpwnam_r(const char *name, struct passwd *pwd,
// char *buf, size_t buflen, struct passwd **result);
@@ -126,7 +126,7 @@ private predicate posixPWInfo(FunctionCall source, DataFlow::Node use) {
// char *buf, size_t buflen, struct group **result);
source.getTarget().hasName(["getpwnam_r", "getpwuid_r", "getgrgid_r", "getgrnam_r"]) and
(
use.asConvertedExpr() = source.getArgument([1, 2]) or
use.asExpr() = source.getArgument([1, 2]) or
use.asDefiningArgument() = source.getArgument(4)
)
or
@@ -136,7 +136,7 @@ private predicate posixPWInfo(FunctionCall source, DataFlow::Node use) {
// size_t buflen, struct group **gbufp);
source.getTarget().hasName(["getpwent_r", "getgrent_r"]) and
(
use.asConvertedExpr() = source.getArgument([0, 1]) or
use.asExpr() = source.getArgument([0, 1]) or
use.asDefiningArgument() = source.getArgument(3)
)
}
@@ -155,7 +155,7 @@ class PosixPWInfo extends SystemData {
private predicate windowsSystemInfo(FunctionCall source, DataFlow::Node use) {
// DWORD WINAPI GetVersion(void);
source.getTarget().hasGlobalName("GetVersion") and
use.asConvertedExpr() = source
use.asExpr() = source
or
// BOOL WINAPI GetVersionEx(_Inout_ LPOSVERSIONINFO lpVersionInfo);
// void WINAPI GetSystemInfo(_Out_ LPSYSTEM_INFO lpSystemInfo);
@@ -236,7 +236,7 @@ class WindowsFolderPath extends SystemData {
override DataFlow::Node getAnExpr() { windowsFolderPath(this, result.asDefiningArgument()) }
}
private predicate logonUser(FunctionCall source, VariableAccess use) {
private predicate logonUser(FunctionCall source, Expr use) {
source.getTarget().hasGlobalName(["LogonUser", "LogonUserW", "LogonUserA"]) and
use = source.getAnArgument()
}
@@ -247,7 +247,7 @@ private predicate logonUser(FunctionCall source, VariableAccess use) {
class LogonUser extends SystemData {
LogonUser() { logonUser(this, _) }
override DataFlow::Node getAnExpr() { logonUser(this, result.asConvertedExpr()) }
override DataFlow::Node getAnExpr() { logonUser(this, result.asIndirectExpr()) }
override predicate isSensitive() { any() }
}

71
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
View File

@@ -1,70 +1,49 @@
edges
| main.cpp:6:27:6:30 | argv | main.cpp:7:33:7:36 | argv |
| main.cpp:6:27:6:30 | argv indirection | main.cpp:7:33:7:36 | argv |
| main.cpp:6:27:6:30 | argv indirection | main.cpp:7:33:7:36 | argv |
| main.cpp:6:27:6:30 | argv indirection | main.cpp:7:33:7:36 | argv indirection |
| main.cpp:6:27:6:30 | argv indirection | main.cpp:7:33:7:36 | argv indirection |
| main.cpp:6:27:6:30 | argv indirection | main.cpp:7:33:7:36 | argv indirection |
| main.cpp:7:33:7:36 | argv | overflowdestination.cpp:23:45:23:48 | argv |
| main.cpp:7:33:7:36 | argv indirection | overflowdestination.cpp:23:45:23:48 | argv indirection |
| main.cpp:7:33:7:36 | argv indirection | overflowdestination.cpp:23:45:23:48 | argv indirection |
| overflowdestination.cpp:23:45:23:48 | argv | overflowdestination.cpp:30:17:30:20 | arg1 |
| overflowdestination.cpp:23:45:23:48 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 |
| overflowdestination.cpp:23:45:23:48 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 |
| overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | src |
| overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:53:9:53:12 | memcpy output argument |
| overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:53:15:53:17 | src |
| overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:54:9:54:12 | memcpy output argument |
| overflowdestination.cpp:50:52:50:54 | src indirection | overflowdestination.cpp:53:15:53:17 | src |
| overflowdestination.cpp:53:9:53:12 | memcpy output argument | overflowdestination.cpp:54:9:54:12 | memcpy output argument |
| overflowdestination.cpp:54:9:54:12 | memcpy output argument | overflowdestination.cpp:54:9:54:12 | memcpy output argument |
| overflowdestination.cpp:57:52:57:54 | src | overflowdestination.cpp:64:16:64:19 | src2 |
| overflowdestination.cpp:57:52:57:54 | src indirection | overflowdestination.cpp:64:16:64:19 | src2 |
| overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:75:30:75:32 | src |
| overflowdestination.cpp:23:45:23:48 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 indirection |
| overflowdestination.cpp:23:45:23:48 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 indirection |
| overflowdestination.cpp:23:45:23:48 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 indirection |
| overflowdestination.cpp:23:45:23:48 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 indirection |
| overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | src indirection |
| overflowdestination.cpp:50:52:50:54 | src indirection | overflowdestination.cpp:53:15:53:17 | src indirection |
| overflowdestination.cpp:50:52:50:54 | src indirection | overflowdestination.cpp:53:15:53:17 | src indirection |
| overflowdestination.cpp:57:52:57:54 | src indirection | overflowdestination.cpp:64:16:64:19 | src2 indirection |
| overflowdestination.cpp:57:52:57:54 | src indirection | overflowdestination.cpp:64:16:64:19 | src2 indirection |
| overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:75:30:75:32 | src indirection |
| overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:76:30:76:32 | src |
| overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:76:30:76:32 | src indirection |
| overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | overflowdestination.cpp:76:30:76:32 | src |
| overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | overflowdestination.cpp:76:30:76:32 | src indirection |
| overflowdestination.cpp:75:30:75:32 | src | overflowdestination.cpp:50:52:50:54 | src |
| overflowdestination.cpp:75:30:75:32 | src | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument |
| overflowdestination.cpp:75:30:75:32 | src indirection | overflowdestination.cpp:50:52:50:54 | src indirection |
| overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:57:52:57:54 | src |
| overflowdestination.cpp:76:30:76:32 | src indirection | overflowdestination.cpp:57:52:57:54 | src indirection |
nodes
| main.cpp:6:27:6:30 | argv | semmle.label | argv |
| main.cpp:6:27:6:30 | argv indirection | semmle.label | argv indirection |
| main.cpp:6:27:6:30 | argv indirection | semmle.label | argv indirection |
| main.cpp:7:33:7:36 | argv | semmle.label | argv |
| main.cpp:7:33:7:36 | argv indirection | semmle.label | argv indirection |
| main.cpp:7:33:7:36 | argv indirection | semmle.label | argv indirection |
| overflowdestination.cpp:23:45:23:48 | argv | semmle.label | argv |
| overflowdestination.cpp:23:45:23:48 | argv indirection | semmle.label | argv indirection |
| overflowdestination.cpp:23:45:23:48 | argv indirection | semmle.label | argv indirection |
| overflowdestination.cpp:30:17:30:20 | arg1 | semmle.label | arg1 |
| overflowdestination.cpp:30:17:30:20 | arg1 indirection | semmle.label | arg1 indirection |
| overflowdestination.cpp:30:17:30:20 | arg1 indirection | semmle.label | arg1 indirection |
| overflowdestination.cpp:43:8:43:10 | fgets output argument | semmle.label | fgets output argument |
| overflowdestination.cpp:46:15:46:17 | src | semmle.label | src |
| overflowdestination.cpp:50:52:50:54 | src | semmle.label | src |
| overflowdestination.cpp:46:15:46:17 | src indirection | semmle.label | src indirection |
| overflowdestination.cpp:50:52:50:54 | src indirection | semmle.label | src indirection |
| overflowdestination.cpp:53:9:53:12 | memcpy output argument | semmle.label | memcpy output argument |
| overflowdestination.cpp:53:15:53:17 | src | semmle.label | src |
| overflowdestination.cpp:54:9:54:12 | memcpy output argument | semmle.label | memcpy output argument |
| overflowdestination.cpp:57:52:57:54 | src | semmle.label | src |
| overflowdestination.cpp:53:15:53:17 | src indirection | semmle.label | src indirection |
| overflowdestination.cpp:53:15:53:17 | src indirection | semmle.label | src indirection |
| overflowdestination.cpp:57:52:57:54 | src indirection | semmle.label | src indirection |
| overflowdestination.cpp:64:16:64:19 | src2 | semmle.label | src2 |
| overflowdestination.cpp:64:16:64:19 | src2 indirection | semmle.label | src2 indirection |
| overflowdestination.cpp:64:16:64:19 | src2 indirection | semmle.label | src2 indirection |
| overflowdestination.cpp:73:8:73:10 | fgets output argument | semmle.label | fgets output argument |
| overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | semmle.label | overflowdest_test2 output argument |
| overflowdestination.cpp:75:30:75:32 | src | semmle.label | src |
| overflowdestination.cpp:75:30:75:32 | src indirection | semmle.label | src indirection |
| overflowdestination.cpp:76:30:76:32 | src | semmle.label | src |
| overflowdestination.cpp:76:30:76:32 | src indirection | semmle.label | src indirection |
subpaths
| overflowdestination.cpp:75:30:75:32 | src | overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:53:9:53:12 | memcpy output argument | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument |
| overflowdestination.cpp:75:30:75:32 | src | overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:54:9:54:12 | memcpy output argument | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument |
#select
| overflowdestination.cpp:30:2:30:8 | call to strncpy | main.cpp:6:27:6:30 | argv | overflowdestination.cpp:30:17:30:20 | arg1 | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
| overflowdestination.cpp:30:2:30:8 | call to strncpy | main.cpp:6:27:6:30 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
| overflowdestination.cpp:30:2:30:8 | call to strncpy | main.cpp:6:27:6:30 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
| overflowdestination.cpp:46:2:46:7 | call to memcpy | overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | src | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
| overflowdestination.cpp:53:2:53:7 | call to memcpy | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:53:15:53:17 | src | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
| overflowdestination.cpp:64:2:64:7 | call to memcpy | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:64:16:64:19 | src2 | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
| overflowdestination.cpp:30:2:30:8 | call to strncpy | main.cpp:6:27:6:30 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 indirection | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
| overflowdestination.cpp:30:2:30:8 | call to strncpy | main.cpp:6:27:6:30 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 indirection | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
| overflowdestination.cpp:30:2:30:8 | call to strncpy | main.cpp:6:27:6:30 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 indirection | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
| overflowdestination.cpp:30:2:30:8 | call to strncpy | main.cpp:6:27:6:30 | argv indirection | overflowdestination.cpp:30:17:30:20 | arg1 indirection | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
| overflowdestination.cpp:46:2:46:7 | call to memcpy | overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | src indirection | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
| overflowdestination.cpp:53:2:53:7 | call to memcpy | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:53:15:53:17 | src indirection | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
| overflowdestination.cpp:53:2:53:7 | call to memcpy | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:53:15:53:17 | src indirection | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
| overflowdestination.cpp:64:2:64:7 | call to memcpy | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:64:16:64:19 | src2 indirection | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
| overflowdestination.cpp:64:2:64:7 | call to memcpy | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:64:16:64:19 | src2 indirection | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |

24
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextBufferWrite.expected
View File

@@ -1,16 +1,22 @@
edges
| test.cpp:53:27:53:30 | argv | test.cpp:58:25:58:29 | input |
| test.cpp:53:27:53:30 | argv indirection | test.cpp:58:25:58:29 | input |
| test.cpp:53:27:53:30 | argv indirection | test.cpp:58:25:58:29 | input |
| test.cpp:53:27:53:30 | argv | test.cpp:58:25:58:29 | input indirection |
| test.cpp:53:27:53:30 | argv indirection | test.cpp:58:25:58:29 | input indirection |
| test.cpp:53:27:53:30 | argv indirection | test.cpp:58:25:58:29 | input indirection |
| test.cpp:53:27:53:30 | argv indirection | test.cpp:58:25:58:29 | input indirection |
| test.cpp:53:27:53:30 | argv indirection | test.cpp:58:25:58:29 | input indirection |
| test.cpp:53:27:53:30 | argv indirection | test.cpp:58:25:58:29 | input indirection |
nodes
| test2.cpp:110:3:110:6 | call to gets | semmle.label | call to gets |
| test.cpp:53:27:53:30 | argv | semmle.label | argv |
| test.cpp:53:27:53:30 | argv indirection | semmle.label | argv indirection |
| test.cpp:53:27:53:30 | argv indirection | semmle.label | argv indirection |
| test.cpp:58:25:58:29 | input | semmle.label | input |
| test.cpp:58:25:58:29 | input indirection | semmle.label | input indirection |
| test.cpp:58:25:58:29 | input indirection | semmle.label | input indirection |
| test.cpp:58:25:58:29 | input indirection | semmle.label | input indirection |
subpaths
#select
| test2.cpp:110:3:110:6 | call to gets | test2.cpp:110:3:110:6 | call to gets | test2.cpp:110:3:110:6 | call to gets | This write into buffer 'password' may contain unencrypted data from $@. | test2.cpp:110:3:110:6 | call to gets | user input (string read by gets) |
| test.cpp:58:3:58:9 | call to sprintf | test.cpp:53:27:53:30 | argv | test.cpp:58:25:58:29 | input | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:53:27:53:30 | argv | user input (a command-line argument) |
| test.cpp:58:3:58:9 | call to sprintf | test.cpp:53:27:53:30 | argv indirection | test.cpp:58:25:58:29 | input | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:53:27:53:30 | argv indirection | user input (a command-line argument) |
| test.cpp:58:3:58:9 | call to sprintf | test.cpp:53:27:53:30 | argv indirection | test.cpp:58:25:58:29 | input | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:53:27:53:30 | argv indirection | user input (a command-line argument) |
| test.cpp:58:3:58:9 | call to sprintf | test.cpp:53:27:53:30 | argv | test.cpp:58:25:58:29 | input indirection | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:53:27:53:30 | argv | user input (a command-line argument) |
| test.cpp:58:3:58:9 | call to sprintf | test.cpp:53:27:53:30 | argv indirection | test.cpp:58:25:58:29 | input indirection | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:53:27:53:30 | argv indirection | user input (a command-line argument) |
| test.cpp:58:3:58:9 | call to sprintf | test.cpp:53:27:53:30 | argv indirection | test.cpp:58:25:58:29 | input indirection | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:53:27:53:30 | argv indirection | user input (a command-line argument) |
| test.cpp:58:3:58:9 | call to sprintf | test.cpp:53:27:53:30 | argv indirection | test.cpp:58:25:58:29 | input indirection | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:53:27:53:30 | argv indirection | user input (a command-line argument) |
| test.cpp:58:3:58:9 | call to sprintf | test.cpp:53:27:53:30 | argv indirection | test.cpp:58:25:58:29 | input indirection | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:53:27:53:30 | argv indirection | user input (a command-line argument) |
| test.cpp:58:3:58:9 | call to sprintf | test.cpp:53:27:53:30 | argv indirection | test.cpp:58:25:58:29 | input indirection | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:53:27:53:30 | argv indirection | user input (a command-line argument) |

40
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextFileWrite.expected
View File

@@ -1,17 +1,14 @@
edges
| test2.cpp:62:18:62:25 | password | test2.cpp:65:31:65:34 | cpy1 |
| test2.cpp:72:15:72:24 | password | test2.cpp:73:30:73:32 | buf |
| test2.cpp:72:15:72:24 | password | test2.cpp:76:30:76:32 | buf |
| test2.cpp:72:17:72:24 | password | test2.cpp:73:30:73:32 | buf |
| test2.cpp:72:17:72:24 | password | test2.cpp:76:30:76:32 | buf |
| test2.cpp:98:45:98:52 | password | test2.cpp:99:27:99:32 | buffer |
| test.cpp:45:9:45:19 | thePassword | test.cpp:45:9:45:19 | thePassword |
| test.cpp:45:9:45:19 | thePassword | test.cpp:45:9:45:19 | thePassword |
| test2.cpp:62:18:62:25 | password | test2.cpp:65:31:65:34 | cpy1 indirection |
| test2.cpp:72:15:72:24 | password | test2.cpp:73:30:73:32 | buf indirection |
| test2.cpp:72:15:72:24 | password | test2.cpp:76:30:76:32 | buf indirection |
| test2.cpp:72:17:72:24 | password | test2.cpp:73:30:73:32 | buf indirection |
| test2.cpp:72:17:72:24 | password | test2.cpp:76:30:76:32 | buf indirection |
| test2.cpp:98:45:98:52 | password | test2.cpp:99:27:99:32 | buffer indirection |
| test.cpp:45:9:45:19 | thePassword | test.cpp:45:9:45:19 | thePassword |
| test.cpp:70:38:70:48 | thePassword | test.cpp:70:38:70:48 | thePassword |
| test.cpp:70:38:70:48 | thePassword | test.cpp:70:38:70:48 | thePassword |
| test.cpp:70:38:70:48 | thePassword | test.cpp:70:38:70:48 | thePassword |
| test.cpp:70:38:70:48 | thePassword | test.cpp:70:38:70:48 | thePassword |
| test.cpp:70:38:70:48 | thePassword | test.cpp:73:43:73:53 | thePassword |
| test.cpp:70:38:70:48 | thePassword | test.cpp:73:43:73:53 | thePassword |
| test.cpp:70:38:70:48 | thePassword | test.cpp:73:43:73:53 | thePassword |
@@ -19,8 +16,6 @@ edges
| test.cpp:70:38:70:48 | thePassword | test.cpp:73:43:73:53 | thePassword |
| test.cpp:70:38:70:48 | thePassword | test.cpp:73:43:73:53 | thePassword |
| test.cpp:73:43:73:53 | thePassword | test.cpp:73:43:73:53 | thePassword |
| test.cpp:73:43:73:53 | thePassword | test.cpp:73:43:73:53 | thePassword |
| test.cpp:73:43:73:53 | thePassword | test.cpp:73:43:73:53 | thePassword |
| test.cpp:73:63:73:73 | thePassword | test.cpp:73:43:73:53 | thePassword |
| test.cpp:73:63:73:73 | thePassword | test.cpp:73:43:73:53 | thePassword |
nodes
@@ -33,14 +28,13 @@ nodes
| test2.cpp:57:39:57:49 | call to getPassword | semmle.label | call to getPassword |
| test2.cpp:62:18:62:25 | password | semmle.label | password |
| test2.cpp:65:31:65:34 | cpy1 | semmle.label | cpy1 |
| test2.cpp:65:31:65:34 | cpy1 indirection | semmle.label | cpy1 indirection |
| test2.cpp:72:15:72:24 | password | semmle.label | password |
| test2.cpp:72:17:72:24 | password | semmle.label | password |
| test2.cpp:73:30:73:32 | buf | semmle.label | buf |
| test2.cpp:76:30:76:32 | buf | semmle.label | buf |
| test2.cpp:86:36:86:43 | password | semmle.label | password |
| test2.cpp:91:50:91:63 | passwd_config2 | semmle.label | passwd_config2 |
| test2.cpp:73:30:73:32 | buf indirection | semmle.label | buf indirection |
| test2.cpp:76:30:76:32 | buf indirection | semmle.label | buf indirection |
| test2.cpp:98:45:98:52 | password | semmle.label | password |
| test2.cpp:99:27:99:32 | buffer | semmle.label | buffer |
| test2.cpp:99:27:99:32 | buffer indirection | semmle.label | buffer indirection |
| test.cpp:45:9:45:19 | thePassword | semmle.label | thePassword |
| test.cpp:45:9:45:19 | thePassword | semmle.label | thePassword |
| test.cpp:45:9:45:19 | thePassword | semmle.label | thePassword |
@@ -63,16 +57,15 @@ subpaths
| test2.cpp:55:2:55:8 | call to fprintf | test2.cpp:55:40:55:51 | widepassword | test2.cpp:55:40:55:51 | widepassword | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:55:40:55:51 | widepassword | this source. |
| test2.cpp:57:2:57:8 | call to fprintf | test2.cpp:57:39:57:49 | call to getPassword | test2.cpp:57:39:57:49 | call to getPassword | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:57:39:57:49 | call to getPassword | this source. |
| test2.cpp:65:3:65:9 | call to fprintf | test2.cpp:62:18:62:25 | password | test2.cpp:65:31:65:34 | cpy1 | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:62:18:62:25 | password | this source. |
| test2.cpp:73:3:73:9 | call to fprintf | test2.cpp:72:15:72:24 | password | test2.cpp:73:30:73:32 | buf | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:72:17:72:24 | password | this source. |
| test2.cpp:73:3:73:9 | call to fprintf | test2.cpp:72:17:72:24 | password | test2.cpp:73:30:73:32 | buf | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:72:17:72:24 | password | this source. |
| test2.cpp:76:3:76:9 | call to fprintf | test2.cpp:72:15:72:24 | password | test2.cpp:76:30:76:32 | buf | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:72:17:72:24 | password | this source. |
| test2.cpp:76:3:76:9 | call to fprintf | test2.cpp:72:17:72:24 | password | test2.cpp:76:30:76:32 | buf | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:72:17:72:24 | password | this source. |
| test2.cpp:99:3:99:9 | call to fprintf | test2.cpp:98:45:98:52 | password | test2.cpp:99:27:99:32 | buffer | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:98:45:98:52 | password | this source. |
| test2.cpp:65:3:65:9 | call to fprintf | test2.cpp:62:18:62:25 | password | test2.cpp:65:31:65:34 | cpy1 indirection | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:62:18:62:25 | password | this source. |
| test2.cpp:73:3:73:9 | call to fprintf | test2.cpp:72:15:72:24 | password | test2.cpp:73:30:73:32 | buf indirection | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:72:17:72:24 | password | this source. |
| test2.cpp:73:3:73:9 | call to fprintf | test2.cpp:72:17:72:24 | password | test2.cpp:73:30:73:32 | buf indirection | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:72:17:72:24 | password | this source. |
| test2.cpp:76:3:76:9 | call to fprintf | test2.cpp:72:15:72:24 | password | test2.cpp:76:30:76:32 | buf indirection | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:72:17:72:24 | password | this source. |
| test2.cpp:76:3:76:9 | call to fprintf | test2.cpp:72:17:72:24 | password | test2.cpp:76:30:76:32 | buf indirection | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:72:17:72:24 | password | this source. |
| test2.cpp:99:3:99:9 | call to fprintf | test2.cpp:98:45:98:52 | password | test2.cpp:99:27:99:32 | buffer indirection | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:98:45:98:52 | password | this source. |
| test.cpp:45:3:45:7 | call to fputs | test.cpp:45:9:45:19 | thePassword | test.cpp:45:9:45:19 | thePassword | This write into file 'file' may contain unencrypted data from $@. | test.cpp:45:9:45:19 | thePassword | this source. |
| test.cpp:45:3:45:7 | call to fputs | test.cpp:45:9:45:19 | thePassword | test.cpp:45:9:45:19 | thePassword | This write into file 'file' may contain unencrypted data from $@. | test.cpp:45:9:45:19 | thePassword | this source. |
| test.cpp:45:3:45:7 | call to fputs | test.cpp:45:9:45:19 | thePassword | test.cpp:45:9:45:19 | thePassword | This write into file 'file' may contain unencrypted data from $@. | test.cpp:45:9:45:19 | thePassword | this source. |
| test.cpp:45:3:45:7 | call to fputs | test.cpp:45:9:45:19 | thePassword | test.cpp:45:9:45:19 | thePassword | This write into file 'file' may contain unencrypted data from $@. | test.cpp:45:9:45:19 | thePassword | this source. |
| test.cpp:70:35:70:35 | call to operator<< | test.cpp:70:38:70:48 | thePassword | test.cpp:70:38:70:48 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:70:38:70:48 | thePassword | this source. |
| test.cpp:70:35:70:35 | call to operator<< | test.cpp:70:38:70:48 | thePassword | test.cpp:70:38:70:48 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:70:38:70:48 | thePassword | this source. |
| test.cpp:70:35:70:35 | call to operator<< | test.cpp:70:38:70:48 | thePassword | test.cpp:70:38:70:48 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:70:38:70:48 | thePassword | this source. |
| test.cpp:70:35:70:35 | call to operator<< | test.cpp:70:38:70:48 | thePassword | test.cpp:70:38:70:48 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:70:38:70:48 | thePassword | this source. |
@@ -83,6 +76,5 @@ subpaths
| test.cpp:73:37:73:41 | call to write | test.cpp:73:43:73:53 | thePassword | test.cpp:73:43:73:53 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:73:43:73:53 | thePassword | this source. |
| test.cpp:73:37:73:41 | call to write | test.cpp:73:43:73:53 | thePassword | test.cpp:73:43:73:53 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:73:43:73:53 | thePassword | this source. |
| test.cpp:73:37:73:41 | call to write | test.cpp:73:43:73:53 | thePassword | test.cpp:73:43:73:53 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:73:43:73:53 | thePassword | this source. |
| test.cpp:73:37:73:41 | call to write | test.cpp:73:43:73:53 | thePassword | test.cpp:73:43:73:53 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:73:43:73:53 | thePassword | this source. |
| test.cpp:73:37:73:41 | call to write | test.cpp:73:63:73:73 | thePassword | test.cpp:73:43:73:53 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:73:63:73:73 | thePassword | this source. |
| test.cpp:73:37:73:41 | call to write | test.cpp:73:63:73:73 | thePassword | test.cpp:73:43:73:53 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:73:63:73:73 | thePassword | this source. |

36
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
View File

@@ -10,8 +10,8 @@ edges
| test3.cpp:138:24:138:32 | password1 | test3.cpp:117:28:117:33 | buffer |
| test3.cpp:138:24:138:32 | password1 | test3.cpp:138:21:138:22 | call to id |
| test3.cpp:144:16:144:29 | call to get_global_str | test3.cpp:146:15:146:18 | data |
| test3.cpp:157:19:157:26 | password | test3.cpp:159:15:159:20 | buffer |
| test3.cpp:270:16:270:23 | password | test3.cpp:272:15:272:18 | data |
| test3.cpp:157:19:157:26 | password | test3.cpp:159:15:159:20 | buffer indirection |
| test3.cpp:270:16:270:23 | password | test3.cpp:272:15:272:18 | data indirection |
| test3.cpp:278:20:278:23 | data | test3.cpp:280:14:280:17 | data |
| test3.cpp:283:20:283:23 | data | test3.cpp:285:14:285:17 | data |
| test3.cpp:288:20:288:23 | data | test3.cpp:290:14:290:17 | data |
@@ -26,10 +26,10 @@ edges
| test3.cpp:324:11:324:14 | data | test3.cpp:293:20:293:23 | data |
| test3.cpp:325:11:325:14 | data | test3.cpp:298:20:298:23 | data |
| test3.cpp:400:16:400:23 | password | test3.cpp:400:15:400:23 | & ... |
| test3.cpp:526:44:526:54 | my_latitude | test3.cpp:527:15:527:20 | buffer |
| test3.cpp:532:45:532:58 | home_longitude | test3.cpp:533:15:533:20 | buffer |
| test3.cpp:551:47:551:58 | salaryString | test3.cpp:552:15:552:20 | buffer |
| test3.cpp:556:19:556:30 | salaryString | test3.cpp:559:15:559:20 | buffer |
| test3.cpp:526:44:526:54 | my_latitude | test3.cpp:527:15:527:20 | buffer indirection |
| test3.cpp:532:45:532:58 | home_longitude | test3.cpp:533:15:533:20 | buffer indirection |
| test3.cpp:551:47:551:58 | salaryString | test3.cpp:552:15:552:20 | buffer indirection |
| test3.cpp:556:19:556:30 | salaryString | test3.cpp:559:15:559:20 | buffer indirection |
| test3.cpp:571:8:571:21 | call to get_home_phone | test3.cpp:572:14:572:16 | str |
| test3.cpp:577:8:577:23 | call to get_home_address | test3.cpp:578:14:578:16 | str |
nodes
@@ -55,7 +55,7 @@ nodes
| test3.cpp:144:16:144:29 | call to get_global_str | semmle.label | call to get_global_str |
| test3.cpp:146:15:146:18 | data | semmle.label | data |
| test3.cpp:157:19:157:26 | password | semmle.label | password |
| test3.cpp:159:15:159:20 | buffer | semmle.label | buffer |
| test3.cpp:159:15:159:20 | buffer indirection | semmle.label | buffer indirection |
| test3.cpp:173:15:173:22 | password | semmle.label | password |
| test3.cpp:181:15:181:22 | password | semmle.label | password |
| test3.cpp:191:15:191:22 | password | semmle.label | password |
@@ -67,7 +67,7 @@ nodes
| test3.cpp:254:15:254:23 | password1 | semmle.label | password1 |
| test3.cpp:264:15:264:23 | password2 | semmle.label | password2 |
| test3.cpp:270:16:270:23 | password | semmle.label | password |
| test3.cpp:272:15:272:18 | data | semmle.label | data |
| test3.cpp:272:15:272:18 | data indirection | semmle.label | data indirection |
| test3.cpp:278:20:278:23 | data | semmle.label | data |
| test3.cpp:280:14:280:17 | data | semmle.label | data |
| test3.cpp:283:20:283:23 | data | semmle.label | data |
@@ -107,13 +107,13 @@ nodes
| test3.cpp:517:14:517:29 | medical_info | semmle.label | medical_info |
| test3.cpp:518:14:518:28 | license_key | semmle.label | license_key |
| test3.cpp:526:44:526:54 | my_latitude | semmle.label | my_latitude |
| test3.cpp:527:15:527:20 | buffer | semmle.label | buffer |
| test3.cpp:527:15:527:20 | buffer indirection | semmle.label | buffer indirection |
| test3.cpp:532:45:532:58 | home_longitude | semmle.label | home_longitude |
| test3.cpp:533:15:533:20 | buffer | semmle.label | buffer |
| test3.cpp:533:15:533:20 | buffer indirection | semmle.label | buffer indirection |
| test3.cpp:551:47:551:58 | salaryString | semmle.label | salaryString |
| test3.cpp:552:15:552:20 | buffer | semmle.label | buffer |
| test3.cpp:552:15:552:20 | buffer indirection | semmle.label | buffer indirection |
| test3.cpp:556:19:556:30 | salaryString | semmle.label | salaryString |
| test3.cpp:559:15:559:20 | buffer | semmle.label | buffer |
| test3.cpp:559:15:559:20 | buffer indirection | semmle.label | buffer indirection |
| test3.cpp:571:8:571:21 | call to get_home_phone | semmle.label | call to get_home_phone |
| test3.cpp:572:14:572:16 | str | semmle.label | str |
| test3.cpp:577:8:577:23 | call to get_home_address | semmle.label | call to get_home_address |
@@ -131,10 +131,10 @@ subpaths
| test3.cpp:114:2:114:5 | call to recv | test3.cpp:134:11:134:18 | password | test3.cpp:114:14:114:19 | buffer | This operation receives into 'buffer', which may put unencrypted sensitive data into $@. | test3.cpp:134:11:134:18 | password | password |
| test3.cpp:140:3:140:6 | call to send | test3.cpp:138:24:138:32 | password1 | test3.cpp:140:15:140:17 | ptr | This operation transmits 'ptr', which may contain unencrypted sensitive data from $@. | test3.cpp:138:24:138:32 | password1 | password1 |
| test3.cpp:146:3:146:6 | call to send | test3.cpp:126:9:126:23 | global_password | test3.cpp:146:15:146:18 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:126:9:126:23 | global_password | global_password |
| test3.cpp:159:3:159:6 | call to send | test3.cpp:157:19:157:26 | password | test3.cpp:159:15:159:20 | buffer | This operation transmits 'buffer', which may contain unencrypted sensitive data from $@. | test3.cpp:157:19:157:26 | password | password |
| test3.cpp:159:3:159:6 | call to send | test3.cpp:157:19:157:26 | password | test3.cpp:159:15:159:20 | buffer indirection | This operation transmits 'buffer indirection', which may contain unencrypted sensitive data from $@. | test3.cpp:157:19:157:26 | password | password |
| test3.cpp:228:2:228:5 | call to send | test3.cpp:228:26:228:33 | password | test3.cpp:228:26:228:33 | password | This operation transmits 'password', which may contain unencrypted sensitive data from $@. | test3.cpp:228:26:228:33 | password | password |
| test3.cpp:241:2:241:6 | call to fgets | test3.cpp:241:8:241:15 | password | test3.cpp:241:8:241:15 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:241:8:241:15 | password | password |
| test3.cpp:272:3:272:6 | call to send | test3.cpp:270:16:270:23 | password | test3.cpp:272:15:272:18 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:270:16:270:23 | password | password |
| test3.cpp:272:3:272:6 | call to send | test3.cpp:270:16:270:23 | password | test3.cpp:272:15:272:18 | data indirection | This operation transmits 'data indirection', which may contain unencrypted sensitive data from $@. | test3.cpp:270:16:270:23 | password | password |
| test3.cpp:290:2:290:5 | call to send | test3.cpp:317:11:317:19 | password1 | test3.cpp:290:14:290:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:317:11:317:19 | password1 | password1 |
| test3.cpp:295:2:295:5 | call to send | test3.cpp:322:16:322:24 | password2 | test3.cpp:295:14:295:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:322:16:322:24 | password2 | password2 |
| test3.cpp:300:2:300:5 | call to send | test3.cpp:322:16:322:24 | password2 | test3.cpp:300:14:300:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:322:16:322:24 | password2 | password2 |
@@ -155,9 +155,9 @@ subpaths
| test3.cpp:516:2:516:5 | call to send | test3.cpp:516:14:516:29 | employerName | test3.cpp:516:14:516:29 | employerName | This operation transmits 'employerName', which may contain unencrypted sensitive data from $@. | test3.cpp:516:14:516:29 | employerName | employerName |
| test3.cpp:517:2:517:5 | call to send | test3.cpp:517:14:517:29 | medical_info | test3.cpp:517:14:517:29 | medical_info | This operation transmits 'medical_info', which may contain unencrypted sensitive data from $@. | test3.cpp:517:14:517:29 | medical_info | medical_info |
| test3.cpp:518:2:518:5 | call to send | test3.cpp:518:14:518:28 | license_key | test3.cpp:518:14:518:28 | license_key | This operation transmits 'license_key', which may contain unencrypted sensitive data from $@. | test3.cpp:518:14:518:28 | license_key | license_key |
| test3.cpp:527:3:527:6 | call to send | test3.cpp:526:44:526:54 | my_latitude | test3.cpp:527:15:527:20 | buffer | This operation transmits 'buffer', which may contain unencrypted sensitive data from $@. | test3.cpp:526:44:526:54 | my_latitude | my_latitude |
| test3.cpp:533:3:533:6 | call to send | test3.cpp:532:45:532:58 | home_longitude | test3.cpp:533:15:533:20 | buffer | This operation transmits 'buffer', which may contain unencrypted sensitive data from $@. | test3.cpp:532:45:532:58 | home_longitude | home_longitude |
| test3.cpp:552:3:552:6 | call to send | test3.cpp:551:47:551:58 | salaryString | test3.cpp:552:15:552:20 | buffer | This operation transmits 'buffer', which may contain unencrypted sensitive data from $@. | test3.cpp:551:47:551:58 | salaryString | salaryString |
| test3.cpp:559:3:559:6 | call to send | test3.cpp:556:19:556:30 | salaryString | test3.cpp:559:15:559:20 | buffer | This operation transmits 'buffer', which may contain unencrypted sensitive data from $@. | test3.cpp:556:19:556:30 | salaryString | salaryString |
| test3.cpp:527:3:527:6 | call to send | test3.cpp:526:44:526:54 | my_latitude | test3.cpp:527:15:527:20 | buffer indirection | This operation transmits 'buffer indirection', which may contain unencrypted sensitive data from $@. | test3.cpp:526:44:526:54 | my_latitude | my_latitude |
| test3.cpp:533:3:533:6 | call to send | test3.cpp:532:45:532:58 | home_longitude | test3.cpp:533:15:533:20 | buffer indirection | This operation transmits 'buffer indirection', which may contain unencrypted sensitive data from $@. | test3.cpp:532:45:532:58 | home_longitude | home_longitude |
| test3.cpp:552:3:552:6 | call to send | test3.cpp:551:47:551:58 | salaryString | test3.cpp:552:15:552:20 | buffer indirection | This operation transmits 'buffer indirection', which may contain unencrypted sensitive data from $@. | test3.cpp:551:47:551:58 | salaryString | salaryString |
| test3.cpp:559:3:559:6 | call to send | test3.cpp:556:19:556:30 | salaryString | test3.cpp:559:15:559:20 | buffer indirection | This operation transmits 'buffer indirection', which may contain unencrypted sensitive data from $@. | test3.cpp:556:19:556:30 | salaryString | salaryString |
| test3.cpp:572:2:572:5 | call to send | test3.cpp:571:8:571:21 | call to get_home_phone | test3.cpp:572:14:572:16 | str | This operation transmits 'str', which may contain unencrypted sensitive data from $@. | test3.cpp:571:8:571:21 | call to get_home_phone | call to get_home_phone |
| test3.cpp:578:2:578:5 | call to send | test3.cpp:577:8:577:23 | call to get_home_address | test3.cpp:578:14:578:16 | str | This operation transmits 'str', which may contain unencrypted sensitive data from $@. | test3.cpp:577:8:577:23 | call to get_home_address | call to get_home_address |

129
cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/UseOfHttp.expected
View File

@@ -1,73 +1,84 @@
edges
| test.cpp:11:26:11:28 | url | test.cpp:15:30:15:32 | url |
| test.cpp:11:26:11:28 | url indirection | test.cpp:15:30:15:32 | url |
| test.cpp:24:13:24:17 | url_g | test.cpp:38:11:38:15 | url_g |
| test.cpp:24:21:24:40 | http://example.com | test.cpp:24:13:24:17 | url_g |
| test.cpp:24:21:24:40 | http://example.com | test.cpp:24:13:24:17 | url_g |
| test.cpp:28:10:28:29 | http://example.com | test.cpp:11:26:11:28 | url |
| test.cpp:28:10:28:29 | http://example.com | test.cpp:28:10:28:29 | http://example.com |
| test.cpp:35:23:35:42 | http://example.com | test.cpp:39:11:39:15 | url_l |
| test.cpp:35:23:35:42 | http://example.com | test.cpp:39:11:39:15 | url_l |
| test.cpp:36:26:36:45 | http://example.com | test.cpp:40:11:40:17 | access to array |
| test.cpp:36:26:36:45 | http://example.com | test.cpp:40:11:40:17 | access to array |
| test.cpp:36:26:36:45 | http://example.com | test.cpp:40:11:40:17 | access to array indirection |
| test.cpp:36:26:36:45 | http://example.com | test.cpp:40:11:40:17 | access to array indirection |
| test.cpp:38:11:38:15 | url_g | test.cpp:11:26:11:28 | url |
| test.cpp:39:11:39:15 | url_l | test.cpp:11:26:11:28 | url |
| test.cpp:40:11:40:17 | access to array | test.cpp:11:26:11:28 | url |
| test.cpp:11:26:11:28 | url | test.cpp:15:30:15:32 | url indirection |
| test.cpp:11:26:11:28 | url indirection | test.cpp:15:30:15:32 | url indirection |
| test.cpp:11:26:11:28 | url indirection | test.cpp:15:30:15:32 | url indirection |
| test.cpp:24:13:24:17 | url_g indirection | test.cpp:38:11:38:15 | url_g indirection |
| test.cpp:24:21:24:40 | http://example.com indirection | test.cpp:24:13:24:17 | url_g indirection |
| test.cpp:24:21:24:40 | http://example.com indirection | test.cpp:24:13:24:17 | url_g indirection |
| test.cpp:28:10:28:29 | http://example.com indirection | test.cpp:11:26:11:28 | url indirection |
| test.cpp:28:10:28:29 | http://example.com indirection | test.cpp:28:10:28:29 | http://example.com indirection |
| test.cpp:35:23:35:42 | http://example.com indirection | test.cpp:39:11:39:15 | url_l indirection |
| test.cpp:35:23:35:42 | http://example.com indirection | test.cpp:39:11:39:15 | url_l indirection |
| test.cpp:36:26:36:45 | http://example.com indirection | test.cpp:40:11:40:17 | access to array indirection |
| test.cpp:36:26:36:45 | http://example.com indirection | test.cpp:40:11:40:17 | access to array indirection |
| test.cpp:38:11:38:15 | url_g indirection | test.cpp:11:26:11:28 | url indirection |
| test.cpp:39:11:39:15 | url_l indirection | test.cpp:11:26:11:28 | url indirection |
| test.cpp:40:11:40:17 | access to array indirection | test.cpp:11:26:11:28 | url indirection |
| test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | buffer |
| test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | buffer |
| test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | buffer indirection |
| test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | buffer indirection |
| test.cpp:49:11:49:16 | buffer | test.cpp:11:26:11:28 | url |
| test.cpp:46:18:46:26 | http:// indirection | test.cpp:49:11:49:16 | buffer indirection |
| test.cpp:46:18:46:26 | http:// indirection | test.cpp:49:11:49:16 | buffer indirection |
| test.cpp:49:11:49:16 | buffer indirection | test.cpp:11:26:11:28 | url indirection |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr indirection |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr indirection |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr indirection |
| test.cpp:110:21:110:40 | http://example.com indirection | test.cpp:121:11:121:13 | ptr |
| test.cpp:110:21:110:40 | http://example.com indirection | test.cpp:121:11:121:13 | ptr |
| test.cpp:110:21:110:40 | http://example.com indirection | test.cpp:121:11:121:13 | ptr |
| test.cpp:110:21:110:40 | http://example.com indirection | test.cpp:121:11:121:13 | ptr indirection |
| test.cpp:110:21:110:40 | http://example.com indirection | test.cpp:121:11:121:13 | ptr indirection |
| test.cpp:110:21:110:40 | http://example.com indirection | test.cpp:121:11:121:13 | ptr indirection |
| test.cpp:121:11:121:13 | ptr | test.cpp:11:26:11:28 | url |
| test.cpp:121:11:121:13 | ptr indirection | test.cpp:11:26:11:28 | url indirection |
nodes
| test.cpp:11:26:11:28 | url | semmle.label | url |
| test.cpp:11:26:11:28 | url indirection | semmle.label | url indirection |
| test.cpp:15:30:15:32 | url | semmle.label | url |
| test.cpp:24:13:24:17 | url_g | semmle.label | url_g |
| test.cpp:24:21:24:40 | http://example.com | semmle.label | http://example.com |
| test.cpp:24:21:24:40 | http://example.com | semmle.label | http://example.com |
| test.cpp:28:10:28:29 | http://example.com | semmle.label | http://example.com |
| test.cpp:28:10:28:29 | http://example.com | semmle.label | http://example.com |
| test.cpp:35:23:35:42 | http://example.com | semmle.label | http://example.com |
| test.cpp:35:23:35:42 | http://example.com | semmle.label | http://example.com |
| test.cpp:36:26:36:45 | http://example.com | semmle.label | http://example.com |
| test.cpp:36:26:36:45 | http://example.com | semmle.label | http://example.com |
| test.cpp:38:11:38:15 | url_g | semmle.label | url_g |
| test.cpp:39:11:39:15 | url_l | semmle.label | url_l |
| test.cpp:40:11:40:17 | access to array | semmle.label | access to array |
| test.cpp:15:30:15:32 | url indirection | semmle.label | url indirection |
| test.cpp:15:30:15:32 | url indirection | semmle.label | url indirection |
| test.cpp:15:30:15:32 | url indirection | semmle.label | url indirection |
| test.cpp:24:13:24:17 | url_g indirection | semmle.label | url_g indirection |
| test.cpp:24:21:24:40 | http://example.com indirection | semmle.label | http://example.com indirection |
| test.cpp:24:21:24:40 | http://example.com indirection | semmle.label | http://example.com indirection |
| test.cpp:28:10:28:29 | http://example.com indirection | semmle.label | http://example.com indirection |
| test.cpp:28:10:28:29 | http://example.com indirection | semmle.label | http://example.com indirection |
| test.cpp:35:23:35:42 | http://example.com indirection | semmle.label | http://example.com indirection |
| test.cpp:35:23:35:42 | http://example.com indirection | semmle.label | http://example.com indirection |
| test.cpp:36:26:36:45 | http://example.com indirection | semmle.label | http://example.com indirection |
| test.cpp:36:26:36:45 | http://example.com indirection | semmle.label | http://example.com indirection |
| test.cpp:38:11:38:15 | url_g indirection | semmle.label | url_g indirection |
| test.cpp:39:11:39:15 | url_l indirection | semmle.label | url_l indirection |
| test.cpp:40:11:40:17 | access to array indirection | semmle.label | access to array indirection |
| test.cpp:46:18:46:26 | http:// | semmle.label | http:// |
| test.cpp:46:18:46:26 | http:// | semmle.label | http:// |
| test.cpp:49:11:49:16 | buffer | semmle.label | buffer |
| test.cpp:46:18:46:26 | http:// indirection | semmle.label | http:// indirection |
| test.cpp:46:18:46:26 | http:// indirection | semmle.label | http:// indirection |
| test.cpp:49:11:49:16 | buffer indirection | semmle.label | buffer indirection |
| test.cpp:110:21:110:40 | http://example.com | semmle.label | http://example.com |
| test.cpp:110:21:110:40 | http://example.com | semmle.label | http://example.com |
| test.cpp:110:21:110:40 | http://example.com | semmle.label | http://example.com |
| test.cpp:110:21:110:40 | http://example.com indirection | semmle.label | http://example.com indirection |
| test.cpp:110:21:110:40 | http://example.com indirection | semmle.label | http://example.com indirection |
| test.cpp:110:21:110:40 | http://example.com indirection | semmle.label | http://example.com indirection |
| test.cpp:121:11:121:13 | ptr | semmle.label | ptr |
| test.cpp:121:11:121:13 | ptr indirection | semmle.label | ptr indirection |
subpaths
#select
| test.cpp:24:21:24:40 | http://example.com | test.cpp:24:21:24:40 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
| test.cpp:24:21:24:40 | http://example.com | test.cpp:24:21:24:40 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
| test.cpp:28:10:28:29 | http://example.com | test.cpp:28:10:28:29 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
| test.cpp:28:10:28:29 | http://example.com | test.cpp:28:10:28:29 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
| test.cpp:35:23:35:42 | http://example.com | test.cpp:35:23:35:42 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
| test.cpp:35:23:35:42 | http://example.com | test.cpp:35:23:35:42 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
| test.cpp:36:26:36:45 | http://example.com | test.cpp:36:26:36:45 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
| test.cpp:36:26:36:45 | http://example.com | test.cpp:36:26:36:45 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
| test.cpp:46:18:46:26 | http:// | test.cpp:46:18:46:26 | http:// | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
| test.cpp:46:18:46:26 | http:// | test.cpp:46:18:46:26 | http:// | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
| test.cpp:24:21:24:40 | http://example.com | test.cpp:24:21:24:40 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:24:21:24:40 | http://example.com | test.cpp:24:21:24:40 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:24:21:24:40 | http://example.com | test.cpp:24:21:24:40 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:24:21:24:40 | http://example.com | test.cpp:24:21:24:40 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:28:10:28:29 | http://example.com | test.cpp:28:10:28:29 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:28:10:28:29 | http://example.com | test.cpp:28:10:28:29 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:28:10:28:29 | http://example.com | test.cpp:28:10:28:29 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:28:10:28:29 | http://example.com | test.cpp:28:10:28:29 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:35:23:35:42 | http://example.com | test.cpp:35:23:35:42 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:35:23:35:42 | http://example.com | test.cpp:35:23:35:42 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:35:23:35:42 | http://example.com | test.cpp:35:23:35:42 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:35:23:35:42 | http://example.com | test.cpp:35:23:35:42 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:36:26:36:45 | http://example.com | test.cpp:36:26:36:45 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:36:26:36:45 | http://example.com | test.cpp:36:26:36:45 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:36:26:36:45 | http://example.com | test.cpp:36:26:36:45 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:36:26:36:45 | http://example.com | test.cpp:36:26:36:45 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:46:18:46:26 | http:// | test.cpp:46:18:46:26 | http:// indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:46:18:46:26 | http:// | test.cpp:46:18:46:26 | http:// indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:46:18:46:26 | http:// | test.cpp:46:18:46:26 | http:// indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:46:18:46:26 | http:// | test.cpp:46:18:46:26 | http:// indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |
| test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | http://example.com indirection | test.cpp:15:30:15:32 | url indirection | This URL may be constructed with the HTTP protocol. |

14
cpp/ql/test/query-tests/Security/CWE/CWE-497/SAMATE/PotentiallyExposedSystemData.expected
View File

@@ -1,8 +1,14 @@
edges
| tests.c:57:21:57:28 | password | tests.c:70:70:70:77 | password |
| tests.c:57:21:57:28 | password indirection | tests.c:70:70:70:77 | password indirection |
| tests.c:57:21:57:28 | password indirection | tests.c:70:70:70:77 | password indirection |
| tests.c:57:21:57:28 | password indirection | tests.c:70:70:70:77 | password indirection |
nodes
| tests.c:57:21:57:28 | password | semmle.label | password |
| tests.c:70:70:70:77 | password | semmle.label | password |
| tests.c:57:21:57:28 | password indirection | semmle.label | password indirection |
| tests.c:57:21:57:28 | password indirection | semmle.label | password indirection |
| tests.c:57:21:57:28 | password indirection | semmle.label | password indirection |
| tests.c:70:70:70:77 | password indirection | semmle.label | password indirection |
subpaths
#select
| tests.c:70:70:70:77 | password | tests.c:57:21:57:28 | password | tests.c:70:70:70:77 | password | This operation potentially exposes sensitive system data from $@. | tests.c:57:21:57:28 | password | password |
| tests.c:70:70:70:77 | password indirection | tests.c:57:21:57:28 | password indirection | tests.c:70:70:70:77 | password indirection | This operation potentially exposes sensitive system data from $@. | tests.c:57:21:57:28 | password indirection | password indirection |
| tests.c:70:70:70:77 | password indirection | tests.c:57:21:57:28 | password indirection | tests.c:70:70:70:77 | password indirection | This operation potentially exposes sensitive system data from $@. | tests.c:57:21:57:28 | password indirection | password indirection |
| tests.c:70:70:70:77 | password indirection | tests.c:57:21:57:28 | password indirection | tests.c:70:70:70:77 | password indirection | This operation potentially exposes sensitive system data from $@. | tests.c:57:21:57:28 | password indirection | password indirection |

191
cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.expected
View File

@@ -1,87 +1,118 @@
edges
| tests2.cpp:50:13:50:19 | global1 | tests2.cpp:82:14:82:20 | global1 |
| tests2.cpp:50:23:50:43 | call to mysql_get_client_info | tests2.cpp:50:13:50:19 | global1 |
| tests2.cpp:63:13:63:18 | call to getenv | tests2.cpp:63:13:63:26 | call to getenv |
| tests2.cpp:64:13:64:18 | call to getenv | tests2.cpp:64:13:64:26 | call to getenv |
| tests2.cpp:65:13:65:18 | call to getenv | tests2.cpp:65:13:65:30 | call to getenv |
| tests2.cpp:66:13:66:18 | call to getenv | tests2.cpp:66:13:66:34 | call to getenv |
| tests2.cpp:78:18:78:38 | call to mysql_get_client_info | tests2.cpp:81:14:81:19 | buffer |
| tests2.cpp:91:42:91:45 | str1 | tests2.cpp:93:14:93:17 | str1 |
| tests2.cpp:101:8:101:15 | call to getpwuid | tests2.cpp:102:14:102:15 | pw |
| tests2.cpp:109:3:109:36 | ... = ... | tests2.cpp:109:6:109:8 | c1 indirection [post update] [ptr] |
| tests2.cpp:109:6:109:8 | c1 indirection [post update] [ptr] | tests2.cpp:111:14:111:15 | c1 indirection [ptr] |
| tests2.cpp:109:12:109:17 | call to getenv | tests2.cpp:109:3:109:36 | ... = ... |
| tests2.cpp:111:14:111:15 | c1 indirection [ptr] | tests2.cpp:111:14:111:19 | ptr |
| tests2.cpp:111:14:111:15 | c1 indirection [ptr] | tests2.cpp:111:17:111:19 | ptr indirection |
| tests2.cpp:111:17:111:19 | ptr indirection | tests2.cpp:111:14:111:19 | ptr |
| tests2.cpp:111:17:111:19 | ptr indirection | tests2.cpp:111:17:111:19 | ptr |
| tests_sockets.cpp:26:15:26:20 | call to getenv | tests_sockets.cpp:39:19:39:22 | path |
| tests_sockets.cpp:26:15:26:20 | call to getenv | tests_sockets.cpp:39:19:39:22 | path |
| tests_sockets.cpp:26:15:26:20 | call to getenv | tests_sockets.cpp:43:20:43:23 | path |
| tests_sockets.cpp:26:15:26:20 | call to getenv | tests_sockets.cpp:43:20:43:23 | path |
| tests_sockets.cpp:63:15:63:20 | call to getenv | tests_sockets.cpp:76:19:76:22 | path |
| tests_sockets.cpp:63:15:63:20 | call to getenv | tests_sockets.cpp:76:19:76:22 | path |
| tests_sockets.cpp:63:15:63:20 | call to getenv | tests_sockets.cpp:80:20:80:23 | path |
| tests_sockets.cpp:63:15:63:20 | call to getenv | tests_sockets.cpp:80:20:80:23 | path |
| tests_sysconf.cpp:36:21:36:27 | confstr output argument | tests_sysconf.cpp:39:19:39:25 | pathbuf |
| tests_sysconf.cpp:36:21:36:27 | confstr output argument | tests_sysconf.cpp:39:19:39:25 | pathbuf |
| tests2.cpp:50:13:50:19 | global1 indirection | tests2.cpp:82:14:82:20 | global1 indirection |
| tests2.cpp:50:13:50:19 | global1 indirection | tests2.cpp:82:14:82:20 | global1 indirection |
| tests2.cpp:50:23:50:43 | call to mysql_get_client_info indirection | tests2.cpp:50:13:50:19 | global1 indirection |
| tests2.cpp:63:13:63:18 | call to getenv indirection | tests2.cpp:63:13:63:26 | call to getenv indirection |
| tests2.cpp:64:13:64:18 | call to getenv indirection | tests2.cpp:64:13:64:26 | call to getenv indirection |
| tests2.cpp:65:13:65:18 | call to getenv indirection | tests2.cpp:65:13:65:30 | call to getenv indirection |
| tests2.cpp:66:13:66:18 | call to getenv indirection | tests2.cpp:66:13:66:34 | call to getenv indirection |
| tests2.cpp:78:18:78:38 | call to mysql_get_client_info indirection | tests2.cpp:81:14:81:19 | buffer indirection |
| tests2.cpp:91:42:91:45 | str1 | tests2.cpp:93:14:93:17 | str1 indirection |
| tests2.cpp:101:8:101:15 | call to getpwuid indirection | tests2.cpp:102:14:102:15 | pw indirection |
| tests2.cpp:101:8:101:15 | call to getpwuid indirection | tests2.cpp:102:14:102:15 | pw indirection |
| tests2.cpp:109:3:109:36 | ... = ... indirection | tests2.cpp:109:6:109:8 | c1 indirection [post update] [ptr indirection] |
| tests2.cpp:109:6:109:8 | c1 indirection [post update] [ptr indirection] | tests2.cpp:111:14:111:15 | c1 indirection [ptr indirection] |
| tests2.cpp:109:12:109:17 | call to getenv indirection | tests2.cpp:109:3:109:36 | ... = ... indirection |
| tests2.cpp:111:14:111:15 | c1 indirection [ptr indirection] | tests2.cpp:111:14:111:19 | ptr indirection |
| tests2.cpp:111:14:111:15 | c1 indirection [ptr indirection] | tests2.cpp:111:17:111:19 | ptr indirection |
| tests2.cpp:111:17:111:19 | ptr indirection | tests2.cpp:111:14:111:19 | ptr indirection |
| tests2.cpp:111:17:111:19 | ptr indirection | tests2.cpp:111:17:111:19 | ptr indirection |
| tests_sockets.cpp:26:15:26:20 | call to getenv indirection | tests_sockets.cpp:39:19:39:22 | path indirection |
| tests_sockets.cpp:26:15:26:20 | call to getenv indirection | tests_sockets.cpp:39:19:39:22 | path indirection |
| tests_sockets.cpp:26:15:26:20 | call to getenv indirection | tests_sockets.cpp:39:19:39:22 | path indirection |
| tests_sockets.cpp:26:15:26:20 | call to getenv indirection | tests_sockets.cpp:43:20:43:23 | path indirection |
| tests_sockets.cpp:26:15:26:20 | call to getenv indirection | tests_sockets.cpp:43:20:43:23 | path indirection |
| tests_sockets.cpp:26:15:26:20 | call to getenv indirection | tests_sockets.cpp:43:20:43:23 | path indirection |
| tests_sockets.cpp:63:15:63:20 | call to getenv indirection | tests_sockets.cpp:76:19:76:22 | path indirection |
| tests_sockets.cpp:63:15:63:20 | call to getenv indirection | tests_sockets.cpp:76:19:76:22 | path indirection |
| tests_sockets.cpp:63:15:63:20 | call to getenv indirection | tests_sockets.cpp:76:19:76:22 | path indirection |
| tests_sockets.cpp:63:15:63:20 | call to getenv indirection | tests_sockets.cpp:80:20:80:23 | path indirection |
| tests_sockets.cpp:63:15:63:20 | call to getenv indirection | tests_sockets.cpp:80:20:80:23 | path indirection |
| tests_sockets.cpp:63:15:63:20 | call to getenv indirection | tests_sockets.cpp:80:20:80:23 | path indirection |
| tests_sysconf.cpp:36:21:36:27 | confstr output argument | tests_sysconf.cpp:39:19:39:25 | pathbuf indirection |
| tests_sysconf.cpp:36:21:36:27 | confstr output argument | tests_sysconf.cpp:39:19:39:25 | pathbuf indirection |
| tests_sysconf.cpp:36:21:36:27 | confstr output argument | tests_sysconf.cpp:39:19:39:25 | pathbuf indirection |
nodes
| tests2.cpp:50:13:50:19 | global1 | semmle.label | global1 |
| tests2.cpp:50:23:50:43 | call to mysql_get_client_info | semmle.label | call to mysql_get_client_info |
| tests2.cpp:63:13:63:18 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:63:13:63:18 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:63:13:63:26 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:64:13:64:18 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:64:13:64:18 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:64:13:64:26 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:65:13:65:18 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:65:13:65:18 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:65:13:65:30 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:66:13:66:18 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:66:13:66:18 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:66:13:66:34 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:78:18:78:38 | call to mysql_get_client_info | semmle.label | call to mysql_get_client_info |
| tests2.cpp:80:14:80:34 | call to mysql_get_client_info | semmle.label | call to mysql_get_client_info |
| tests2.cpp:81:14:81:19 | buffer | semmle.label | buffer |
| tests2.cpp:82:14:82:20 | global1 | semmle.label | global1 |
| tests2.cpp:50:13:50:19 | global1 indirection | semmle.label | global1 indirection |
| tests2.cpp:50:23:50:43 | call to mysql_get_client_info indirection | semmle.label | call to mysql_get_client_info indirection |
| tests2.cpp:63:13:63:18 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests2.cpp:63:13:63:18 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests2.cpp:63:13:63:26 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests2.cpp:64:13:64:18 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests2.cpp:64:13:64:18 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests2.cpp:64:13:64:26 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests2.cpp:65:13:65:18 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests2.cpp:65:13:65:18 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests2.cpp:65:13:65:30 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests2.cpp:66:13:66:18 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests2.cpp:66:13:66:18 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests2.cpp:66:13:66:34 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests2.cpp:78:18:78:38 | call to mysql_get_client_info indirection | semmle.label | call to mysql_get_client_info indirection |
| tests2.cpp:80:14:80:34 | call to mysql_get_client_info indirection | semmle.label | call to mysql_get_client_info indirection |
| tests2.cpp:81:14:81:19 | buffer indirection | semmle.label | buffer indirection |
| tests2.cpp:82:14:82:20 | global1 indirection | semmle.label | global1 indirection |
| tests2.cpp:82:14:82:20 | global1 indirection | semmle.label | global1 indirection |
| tests2.cpp:91:42:91:45 | str1 | semmle.label | str1 |
| tests2.cpp:93:14:93:17 | str1 | semmle.label | str1 |
| tests2.cpp:101:8:101:15 | call to getpwuid | semmle.label | call to getpwuid |
| tests2.cpp:102:14:102:15 | pw | semmle.label | pw |
| tests2.cpp:109:3:109:36 | ... = ... | semmle.label | ... = ... |
| tests2.cpp:109:6:109:8 | c1 indirection [post update] [ptr] | semmle.label | c1 indirection [post update] [ptr] |
| tests2.cpp:109:12:109:17 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:111:14:111:15 | c1 indirection [ptr] | semmle.label | c1 indirection [ptr] |
| tests2.cpp:111:14:111:19 | ptr | semmle.label | ptr |
| tests2.cpp:111:17:111:19 | ptr | semmle.label | ptr |
| tests2.cpp:93:14:93:17 | str1 indirection | semmle.label | str1 indirection |
| tests2.cpp:101:8:101:15 | call to getpwuid indirection | semmle.label | call to getpwuid indirection |
| tests2.cpp:102:14:102:15 | pw indirection | semmle.label | pw indirection |
| tests2.cpp:102:14:102:15 | pw indirection | semmle.label | pw indirection |
| tests2.cpp:109:3:109:36 | ... = ... indirection | semmle.label | ... = ... indirection |
| tests2.cpp:109:6:109:8 | c1 indirection [post update] [ptr indirection] | semmle.label | c1 indirection [post update] [ptr indirection] |
| tests2.cpp:109:12:109:17 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests2.cpp:111:14:111:15 | c1 indirection [ptr indirection] | semmle.label | c1 indirection [ptr indirection] |
| tests2.cpp:111:14:111:19 | ptr indirection | semmle.label | ptr indirection |
| tests2.cpp:111:17:111:19 | ptr indirection | semmle.label | ptr indirection |
| tests_sockets.cpp:26:15:26:20 | call to getenv | semmle.label | call to getenv |
| tests_sockets.cpp:39:19:39:22 | path | semmle.label | path |
| tests_sockets.cpp:39:19:39:22 | path | semmle.label | path |
| tests_sockets.cpp:43:20:43:23 | path | semmle.label | path |
| tests_sockets.cpp:43:20:43:23 | path | semmle.label | path |
| tests_sockets.cpp:63:15:63:20 | call to getenv | semmle.label | call to getenv |
| tests_sockets.cpp:76:19:76:22 | path | semmle.label | path |
| tests_sockets.cpp:76:19:76:22 | path | semmle.label | path |
| tests_sockets.cpp:80:20:80:23 | path | semmle.label | path |
| tests_sockets.cpp:80:20:80:23 | path | semmle.label | path |
| tests2.cpp:111:17:111:19 | ptr indirection | semmle.label | ptr indirection |
| tests_sockets.cpp:26:15:26:20 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests_sockets.cpp:39:19:39:22 | path indirection | semmle.label | path indirection |
| tests_sockets.cpp:39:19:39:22 | path indirection | semmle.label | path indirection |
| tests_sockets.cpp:39:19:39:22 | path indirection | semmle.label | path indirection |
| tests_sockets.cpp:43:20:43:23 | path indirection | semmle.label | path indirection |
| tests_sockets.cpp:43:20:43:23 | path indirection | semmle.label | path indirection |
| tests_sockets.cpp:43:20:43:23 | path indirection | semmle.label | path indirection |
| tests_sockets.cpp:63:15:63:20 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests_sockets.cpp:76:19:76:22 | path indirection | semmle.label | path indirection |
| tests_sockets.cpp:76:19:76:22 | path indirection | semmle.label | path indirection |
| tests_sockets.cpp:76:19:76:22 | path indirection | semmle.label | path indirection |
| tests_sockets.cpp:80:20:80:23 | path indirection | semmle.label | path indirection |
| tests_sockets.cpp:80:20:80:23 | path indirection | semmle.label | path indirection |
| tests_sockets.cpp:80:20:80:23 | path indirection | semmle.label | path indirection |
| tests_sysconf.cpp:36:21:36:27 | confstr output argument | semmle.label | confstr output argument |
| tests_sysconf.cpp:39:19:39:25 | pathbuf | semmle.label | pathbuf |
| tests_sysconf.cpp:39:19:39:25 | pathbuf | semmle.label | pathbuf |
| tests_sysconf.cpp:39:19:39:25 | pathbuf indirection | semmle.label | pathbuf indirection |
| tests_sysconf.cpp:39:19:39:25 | pathbuf indirection | semmle.label | pathbuf indirection |
| tests_sysconf.cpp:39:19:39:25 | pathbuf indirection | semmle.label | pathbuf indirection |
subpaths
#select
| tests2.cpp:63:13:63:18 | call to getenv | tests2.cpp:63:13:63:18 | call to getenv | tests2.cpp:63:13:63:18 | call to getenv | This operation exposes system data from $@. | tests2.cpp:63:13:63:18 | call to getenv | call to getenv |
| tests2.cpp:64:13:64:18 | call to getenv | tests2.cpp:64:13:64:18 | call to getenv | tests2.cpp:64:13:64:18 | call to getenv | This operation exposes system data from $@. | tests2.cpp:64:13:64:18 | call to getenv | call to getenv |
| tests2.cpp:65:13:65:18 | call to getenv | tests2.cpp:65:13:65:18 | call to getenv | tests2.cpp:65:13:65:18 | call to getenv | This operation exposes system data from $@. | tests2.cpp:65:13:65:18 | call to getenv | call to getenv |
| tests2.cpp:66:13:66:18 | call to getenv | tests2.cpp:66:13:66:18 | call to getenv | tests2.cpp:66:13:66:18 | call to getenv | This operation exposes system data from $@. | tests2.cpp:66:13:66:18 | call to getenv | call to getenv |
| tests2.cpp:80:14:80:34 | call to mysql_get_client_info | tests2.cpp:80:14:80:34 | call to mysql_get_client_info | tests2.cpp:80:14:80:34 | call to mysql_get_client_info | This operation exposes system data from $@. | tests2.cpp:80:14:80:34 | call to mysql_get_client_info | call to mysql_get_client_info |
| tests2.cpp:81:14:81:19 | buffer | tests2.cpp:78:18:78:38 | call to mysql_get_client_info | tests2.cpp:81:14:81:19 | buffer | This operation exposes system data from $@. | tests2.cpp:78:18:78:38 | call to mysql_get_client_info | call to mysql_get_client_info |
| tests2.cpp:82:14:82:20 | global1 | tests2.cpp:50:23:50:43 | call to mysql_get_client_info | tests2.cpp:82:14:82:20 | global1 | This operation exposes system data from $@. | tests2.cpp:50:23:50:43 | call to mysql_get_client_info | call to mysql_get_client_info |
| tests2.cpp:93:14:93:17 | str1 | tests2.cpp:91:42:91:45 | str1 | tests2.cpp:93:14:93:17 | str1 | This operation exposes system data from $@. | tests2.cpp:91:42:91:45 | str1 | str1 |
| tests2.cpp:102:14:102:15 | pw | tests2.cpp:101:8:101:15 | call to getpwuid | tests2.cpp:102:14:102:15 | pw | This operation exposes system data from $@. | tests2.cpp:101:8:101:15 | call to getpwuid | call to getpwuid |
| tests2.cpp:111:17:111:19 | ptr | tests2.cpp:109:12:109:17 | call to getenv | tests2.cpp:111:17:111:19 | ptr | This operation exposes system data from $@. | tests2.cpp:109:12:109:17 | call to getenv | call to getenv |
| tests_sockets.cpp:39:19:39:22 | path | tests_sockets.cpp:26:15:26:20 | call to getenv | tests_sockets.cpp:39:19:39:22 | path | This operation exposes system data from $@. | tests_sockets.cpp:26:15:26:20 | call to getenv | call to getenv |
| tests_sockets.cpp:43:20:43:23 | path | tests_sockets.cpp:26:15:26:20 | call to getenv | tests_sockets.cpp:43:20:43:23 | path | This operation exposes system data from $@. | tests_sockets.cpp:26:15:26:20 | call to getenv | call to getenv |
| tests_sockets.cpp:76:19:76:22 | path | tests_sockets.cpp:63:15:63:20 | call to getenv | tests_sockets.cpp:76:19:76:22 | path | This operation exposes system data from $@. | tests_sockets.cpp:63:15:63:20 | call to getenv | call to getenv |
| tests_sockets.cpp:80:20:80:23 | path | tests_sockets.cpp:63:15:63:20 | call to getenv | tests_sockets.cpp:80:20:80:23 | path | This operation exposes system data from $@. | tests_sockets.cpp:63:15:63:20 | call to getenv | call to getenv |
| tests_sysconf.cpp:39:19:39:25 | pathbuf | tests_sysconf.cpp:36:21:36:27 | confstr output argument | tests_sysconf.cpp:39:19:39:25 | pathbuf | This operation exposes system data from $@. | tests_sysconf.cpp:36:21:36:27 | confstr output argument | confstr output argument |
| tests2.cpp:63:13:63:18 | call to getenv indirection | tests2.cpp:63:13:63:18 | call to getenv indirection | tests2.cpp:63:13:63:18 | call to getenv indirection | This operation exposes system data from $@. | tests2.cpp:63:13:63:18 | call to getenv indirection | call to getenv indirection |
| tests2.cpp:63:13:63:26 | call to getenv indirection | tests2.cpp:63:13:63:18 | call to getenv indirection | tests2.cpp:63:13:63:26 | call to getenv indirection | This operation exposes system data from $@. | tests2.cpp:63:13:63:18 | call to getenv indirection | call to getenv indirection |
| tests2.cpp:64:13:64:18 | call to getenv indirection | tests2.cpp:64:13:64:18 | call to getenv indirection | tests2.cpp:64:13:64:18 | call to getenv indirection | This operation exposes system data from $@. | tests2.cpp:64:13:64:18 | call to getenv indirection | call to getenv indirection |
| tests2.cpp:64:13:64:26 | call to getenv indirection | tests2.cpp:64:13:64:18 | call to getenv indirection | tests2.cpp:64:13:64:26 | call to getenv indirection | This operation exposes system data from $@. | tests2.cpp:64:13:64:18 | call to getenv indirection | call to getenv indirection |
| tests2.cpp:65:13:65:18 | call to getenv indirection | tests2.cpp:65:13:65:18 | call to getenv indirection | tests2.cpp:65:13:65:18 | call to getenv indirection | This operation exposes system data from $@. | tests2.cpp:65:13:65:18 | call to getenv indirection | call to getenv indirection |
| tests2.cpp:65:13:65:30 | call to getenv indirection | tests2.cpp:65:13:65:18 | call to getenv indirection | tests2.cpp:65:13:65:30 | call to getenv indirection | This operation exposes system data from $@. | tests2.cpp:65:13:65:18 | call to getenv indirection | call to getenv indirection |
| tests2.cpp:66:13:66:18 | call to getenv indirection | tests2.cpp:66:13:66:18 | call to getenv indirection | tests2.cpp:66:13:66:18 | call to getenv indirection | This operation exposes system data from $@. | tests2.cpp:66:13:66:18 | call to getenv indirection | call to getenv indirection |
| tests2.cpp:66:13:66:34 | call to getenv indirection | tests2.cpp:66:13:66:18 | call to getenv indirection | tests2.cpp:66:13:66:34 | call to getenv indirection | This operation exposes system data from $@. | tests2.cpp:66:13:66:18 | call to getenv indirection | call to getenv indirection |
| tests2.cpp:80:14:80:34 | call to mysql_get_client_info indirection | tests2.cpp:80:14:80:34 | call to mysql_get_client_info indirection | tests2.cpp:80:14:80:34 | call to mysql_get_client_info indirection | This operation exposes system data from $@. | tests2.cpp:80:14:80:34 | call to mysql_get_client_info indirection | call to mysql_get_client_info indirection |
| tests2.cpp:81:14:81:19 | buffer indirection | tests2.cpp:78:18:78:38 | call to mysql_get_client_info indirection | tests2.cpp:81:14:81:19 | buffer indirection | This operation exposes system data from $@. | tests2.cpp:78:18:78:38 | call to mysql_get_client_info indirection | call to mysql_get_client_info indirection |
| tests2.cpp:82:14:82:20 | global1 indirection | tests2.cpp:50:23:50:43 | call to mysql_get_client_info indirection | tests2.cpp:82:14:82:20 | global1 indirection | This operation exposes system data from $@. | tests2.cpp:50:23:50:43 | call to mysql_get_client_info indirection | call to mysql_get_client_info indirection |
| tests2.cpp:82:14:82:20 | global1 indirection | tests2.cpp:50:23:50:43 | call to mysql_get_client_info indirection | tests2.cpp:82:14:82:20 | global1 indirection | This operation exposes system data from $@. | tests2.cpp:50:23:50:43 | call to mysql_get_client_info indirection | call to mysql_get_client_info indirection |
| tests2.cpp:93:14:93:17 | str1 indirection | tests2.cpp:91:42:91:45 | str1 | tests2.cpp:93:14:93:17 | str1 indirection | This operation exposes system data from $@. | tests2.cpp:91:42:91:45 | str1 | str1 |
| tests2.cpp:102:14:102:15 | pw indirection | tests2.cpp:101:8:101:15 | call to getpwuid indirection | tests2.cpp:102:14:102:15 | pw indirection | This operation exposes system data from $@. | tests2.cpp:101:8:101:15 | call to getpwuid indirection | call to getpwuid indirection |
| tests2.cpp:102:14:102:15 | pw indirection | tests2.cpp:101:8:101:15 | call to getpwuid indirection | tests2.cpp:102:14:102:15 | pw indirection | This operation exposes system data from $@. | tests2.cpp:101:8:101:15 | call to getpwuid indirection | call to getpwuid indirection |
| tests2.cpp:111:14:111:19 | ptr indirection | tests2.cpp:109:12:109:17 | call to getenv indirection | tests2.cpp:111:14:111:19 | ptr indirection | This operation exposes system data from $@. | tests2.cpp:109:12:109:17 | call to getenv indirection | call to getenv indirection |
| tests2.cpp:111:17:111:19 | ptr indirection | tests2.cpp:109:12:109:17 | call to getenv indirection | tests2.cpp:111:17:111:19 | ptr indirection | This operation exposes system data from $@. | tests2.cpp:109:12:109:17 | call to getenv indirection | call to getenv indirection |
| tests_sockets.cpp:39:19:39:22 | path indirection | tests_sockets.cpp:26:15:26:20 | call to getenv indirection | tests_sockets.cpp:39:19:39:22 | path indirection | This operation exposes system data from $@. | tests_sockets.cpp:26:15:26:20 | call to getenv indirection | call to getenv indirection |
| tests_sockets.cpp:39:19:39:22 | path indirection | tests_sockets.cpp:26:15:26:20 | call to getenv indirection | tests_sockets.cpp:39:19:39:22 | path indirection | This operation exposes system data from $@. | tests_sockets.cpp:26:15:26:20 | call to getenv indirection | call to getenv indirection |
| tests_sockets.cpp:39:19:39:22 | path indirection | tests_sockets.cpp:26:15:26:20 | call to getenv indirection | tests_sockets.cpp:39:19:39:22 | path indirection | This operation exposes system data from $@. | tests_sockets.cpp:26:15:26:20 | call to getenv indirection | call to getenv indirection |
| tests_sockets.cpp:43:20:43:23 | path indirection | tests_sockets.cpp:26:15:26:20 | call to getenv indirection | tests_sockets.cpp:43:20:43:23 | path indirection | This operation exposes system data from $@. | tests_sockets.cpp:26:15:26:20 | call to getenv indirection | call to getenv indirection |
| tests_sockets.cpp:43:20:43:23 | path indirection | tests_sockets.cpp:26:15:26:20 | call to getenv indirection | tests_sockets.cpp:43:20:43:23 | path indirection | This operation exposes system data from $@. | tests_sockets.cpp:26:15:26:20 | call to getenv indirection | call to getenv indirection |
| tests_sockets.cpp:43:20:43:23 | path indirection | tests_sockets.cpp:26:15:26:20 | call to getenv indirection | tests_sockets.cpp:43:20:43:23 | path indirection | This operation exposes system data from $@. | tests_sockets.cpp:26:15:26:20 | call to getenv indirection | call to getenv indirection |
| tests_sockets.cpp:76:19:76:22 | path indirection | tests_sockets.cpp:63:15:63:20 | call to getenv indirection | tests_sockets.cpp:76:19:76:22 | path indirection | This operation exposes system data from $@. | tests_sockets.cpp:63:15:63:20 | call to getenv indirection | call to getenv indirection |
| tests_sockets.cpp:76:19:76:22 | path indirection | tests_sockets.cpp:63:15:63:20 | call to getenv indirection | tests_sockets.cpp:76:19:76:22 | path indirection | This operation exposes system data from $@. | tests_sockets.cpp:63:15:63:20 | call to getenv indirection | call to getenv indirection |
| tests_sockets.cpp:76:19:76:22 | path indirection | tests_sockets.cpp:63:15:63:20 | call to getenv indirection | tests_sockets.cpp:76:19:76:22 | path indirection | This operation exposes system data from $@. | tests_sockets.cpp:63:15:63:20 | call to getenv indirection | call to getenv indirection |
| tests_sockets.cpp:80:20:80:23 | path indirection | tests_sockets.cpp:63:15:63:20 | call to getenv indirection | tests_sockets.cpp:80:20:80:23 | path indirection | This operation exposes system data from $@. | tests_sockets.cpp:63:15:63:20 | call to getenv indirection | call to getenv indirection |
| tests_sockets.cpp:80:20:80:23 | path indirection | tests_sockets.cpp:63:15:63:20 | call to getenv indirection | tests_sockets.cpp:80:20:80:23 | path indirection | This operation exposes system data from $@. | tests_sockets.cpp:63:15:63:20 | call to getenv indirection | call to getenv indirection |
| tests_sockets.cpp:80:20:80:23 | path indirection | tests_sockets.cpp:63:15:63:20 | call to getenv indirection | tests_sockets.cpp:80:20:80:23 | path indirection | This operation exposes system data from $@. | tests_sockets.cpp:63:15:63:20 | call to getenv indirection | call to getenv indirection |
| tests_sysconf.cpp:39:19:39:25 | pathbuf indirection | tests_sysconf.cpp:36:21:36:27 | confstr output argument | tests_sysconf.cpp:39:19:39:25 | pathbuf indirection | This operation exposes system data from $@. | tests_sysconf.cpp:36:21:36:27 | confstr output argument | confstr output argument |
| tests_sysconf.cpp:39:19:39:25 | pathbuf indirection | tests_sysconf.cpp:36:21:36:27 | confstr output argument | tests_sysconf.cpp:39:19:39:25 | pathbuf indirection | This operation exposes system data from $@. | tests_sysconf.cpp:36:21:36:27 | confstr output argument | confstr output argument |
| tests_sysconf.cpp:39:19:39:25 | pathbuf indirection | tests_sysconf.cpp:36:21:36:27 | confstr output argument | tests_sysconf.cpp:39:19:39:25 | pathbuf indirection | This operation exposes system data from $@. | tests_sysconf.cpp:36:21:36:27 | confstr output argument | confstr output argument |

209
cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/PotentiallyExposedSystemData.expected
View File

@@ -1,98 +1,119 @@
edges
| tests.cpp:48:15:48:20 | call to getenv | tests.cpp:48:15:48:36 | call to getenv |
| tests.cpp:49:15:49:20 | call to getenv | tests.cpp:49:15:49:36 | call to getenv |
| tests.cpp:50:15:50:20 | call to getenv | tests.cpp:50:15:50:36 | call to getenv |
| tests.cpp:57:18:57:23 | call to getenv | tests.cpp:57:18:57:39 | call to getenv |
| tests.cpp:58:41:58:46 | call to getenv | tests.cpp:58:41:58:62 | call to getenv |
| tests.cpp:59:43:59:48 | call to getenv | tests.cpp:59:43:59:64 | call to getenv |
| tests.cpp:62:7:62:18 | global_token | tests.cpp:71:27:71:38 | global_token |
| tests.cpp:62:7:62:18 | global_token | tests.cpp:73:27:73:31 | maybe |
| tests.cpp:62:22:62:27 | call to getenv | tests.cpp:62:7:62:18 | global_token |
| tests.cpp:86:29:86:31 | msg | tests.cpp:88:15:88:17 | msg |
| tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:34 | call to getenv |
| tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:34 | call to getenv |
| tests.cpp:97:13:97:34 | call to getenv | tests.cpp:86:29:86:31 | msg |
| tests.cpp:107:30:107:32 | msg | tests.cpp:111:15:111:17 | tmp |
| tests.cpp:114:30:114:32 | msg | tests.cpp:119:7:119:12 | buffer |
| tests.cpp:122:30:122:32 | msg | tests.cpp:124:15:124:17 | msg |
| tests.cpp:131:14:131:19 | call to getenv | tests.cpp:131:14:131:35 | call to getenv |
| tests.cpp:131:14:131:35 | call to getenv | tests.cpp:107:30:107:32 | msg |
| tests.cpp:132:14:132:19 | call to getenv | tests.cpp:132:14:132:35 | call to getenv |
| tests.cpp:132:14:132:35 | call to getenv | tests.cpp:114:30:114:32 | msg |
| tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:35 | call to getenv |
| tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:35 | call to getenv |
| tests.cpp:133:14:133:35 | call to getenv | tests.cpp:122:30:122:32 | msg |
| tests_passwd.cpp:16:8:16:15 | call to getpwnam | tests_passwd.cpp:18:29:18:31 | pwd |
| tests_passwd.cpp:16:8:16:15 | call to getpwnam | tests_passwd.cpp:19:26:19:28 | pwd |
| tests.cpp:48:15:48:20 | call to getenv indirection | tests.cpp:48:15:48:36 | call to getenv indirection |
| tests.cpp:49:15:49:20 | call to getenv indirection | tests.cpp:49:15:49:36 | call to getenv indirection |
| tests.cpp:50:15:50:20 | call to getenv indirection | tests.cpp:50:15:50:36 | call to getenv indirection |
| tests.cpp:57:18:57:23 | call to getenv indirection | tests.cpp:57:18:57:39 | call to getenv indirection |
| tests.cpp:58:41:58:46 | call to getenv indirection | tests.cpp:58:41:58:62 | call to getenv indirection |
| tests.cpp:59:43:59:48 | call to getenv indirection | tests.cpp:59:43:59:64 | call to getenv indirection |
| tests.cpp:62:7:62:18 | global_token indirection | tests.cpp:71:27:71:38 | global_token indirection |
| tests.cpp:62:7:62:18 | global_token indirection | tests.cpp:71:27:71:38 | global_token indirection |
| tests.cpp:62:7:62:18 | global_token indirection | tests.cpp:73:27:73:31 | maybe indirection |
| tests.cpp:62:7:62:18 | global_token indirection | tests.cpp:73:27:73:31 | maybe indirection |
| tests.cpp:62:22:62:27 | call to getenv indirection | tests.cpp:62:7:62:18 | global_token indirection |
| tests.cpp:86:29:86:31 | msg indirection | tests.cpp:88:15:88:17 | msg indirection |
| tests.cpp:86:29:86:31 | msg indirection | tests.cpp:88:15:88:17 | msg indirection |
| tests.cpp:97:13:97:18 | call to getenv indirection | tests.cpp:97:13:97:34 | call to getenv indirection |
| tests.cpp:97:13:97:18 | call to getenv indirection | tests.cpp:97:13:97:34 | call to getenv indirection |
| tests.cpp:97:13:97:34 | call to getenv indirection | tests.cpp:86:29:86:31 | msg indirection |
| tests.cpp:107:30:107:32 | msg indirection | tests.cpp:111:15:111:17 | tmp indirection |
| tests.cpp:107:30:107:32 | msg indirection | tests.cpp:111:15:111:17 | tmp indirection |
| tests.cpp:114:30:114:32 | msg indirection | tests.cpp:119:7:119:12 | buffer indirection |
| tests.cpp:122:30:122:32 | msg indirection | tests.cpp:124:15:124:17 | msg indirection |
| tests.cpp:122:30:122:32 | msg indirection | tests.cpp:124:15:124:17 | msg indirection |
| tests.cpp:131:14:131:19 | call to getenv indirection | tests.cpp:131:14:131:35 | call to getenv indirection |
| tests.cpp:131:14:131:35 | call to getenv indirection | tests.cpp:107:30:107:32 | msg indirection |
| tests.cpp:132:14:132:19 | call to getenv indirection | tests.cpp:132:14:132:35 | call to getenv indirection |
| tests.cpp:132:14:132:35 | call to getenv indirection | tests.cpp:114:30:114:32 | msg indirection |
| tests.cpp:133:14:133:19 | call to getenv indirection | tests.cpp:133:14:133:35 | call to getenv indirection |
| tests.cpp:133:14:133:19 | call to getenv indirection | tests.cpp:133:14:133:35 | call to getenv indirection |
| tests.cpp:133:14:133:35 | call to getenv indirection | tests.cpp:122:30:122:32 | msg indirection |
| tests_passwd.cpp:16:8:16:15 | call to getpwnam indirection | tests_passwd.cpp:18:29:18:31 | pwd indirection |
| tests_passwd.cpp:16:8:16:15 | call to getpwnam indirection | tests_passwd.cpp:18:29:18:31 | pwd indirection |
| tests_passwd.cpp:16:8:16:15 | call to getpwnam indirection | tests_passwd.cpp:19:26:19:28 | pwd indirection |
| tests_passwd.cpp:16:8:16:15 | call to getpwnam indirection | tests_passwd.cpp:19:26:19:28 | pwd indirection |
nodes
| tests.cpp:48:15:48:20 | call to getenv | semmle.label | call to getenv |
| tests.cpp:48:15:48:20 | call to getenv | semmle.label | call to getenv |
| tests.cpp:48:15:48:36 | call to getenv | semmle.label | call to getenv |
| tests.cpp:49:15:49:20 | call to getenv | semmle.label | call to getenv |
| tests.cpp:49:15:49:20 | call to getenv | semmle.label | call to getenv |
| tests.cpp:49:15:49:36 | call to getenv | semmle.label | call to getenv |
| tests.cpp:50:15:50:20 | call to getenv | semmle.label | call to getenv |
| tests.cpp:50:15:50:20 | call to getenv | semmle.label | call to getenv |
| tests.cpp:50:15:50:36 | call to getenv | semmle.label | call to getenv |
| tests.cpp:57:18:57:23 | call to getenv | semmle.label | call to getenv |
| tests.cpp:57:18:57:23 | call to getenv | semmle.label | call to getenv |
| tests.cpp:57:18:57:39 | call to getenv | semmle.label | call to getenv |
| tests.cpp:58:41:58:46 | call to getenv | semmle.label | call to getenv |
| tests.cpp:58:41:58:46 | call to getenv | semmle.label | call to getenv |
| tests.cpp:58:41:58:62 | call to getenv | semmle.label | call to getenv |
| tests.cpp:59:43:59:48 | call to getenv | semmle.label | call to getenv |
| tests.cpp:59:43:59:48 | call to getenv | semmle.label | call to getenv |
| tests.cpp:59:43:59:64 | call to getenv | semmle.label | call to getenv |
| tests.cpp:62:7:62:18 | global_token | semmle.label | global_token |
| tests.cpp:62:22:62:27 | call to getenv | semmle.label | call to getenv |
| tests.cpp:71:27:71:38 | global_token | semmle.label | global_token |
| tests.cpp:73:27:73:31 | maybe | semmle.label | maybe |
| tests.cpp:86:29:86:31 | msg | semmle.label | msg |
| tests.cpp:88:15:88:17 | msg | semmle.label | msg |
| tests.cpp:97:13:97:18 | call to getenv | semmle.label | call to getenv |
| tests.cpp:97:13:97:18 | call to getenv | semmle.label | call to getenv |
| tests.cpp:97:13:97:34 | call to getenv | semmle.label | call to getenv |
| tests.cpp:97:13:97:34 | call to getenv | semmle.label | call to getenv |
| tests.cpp:107:30:107:32 | msg | semmle.label | msg |
| tests.cpp:111:15:111:17 | tmp | semmle.label | tmp |
| tests.cpp:114:30:114:32 | msg | semmle.label | msg |
| tests.cpp:119:7:119:12 | buffer | semmle.label | buffer |
| tests.cpp:122:30:122:32 | msg | semmle.label | msg |
| tests.cpp:124:15:124:17 | msg | semmle.label | msg |
| tests.cpp:131:14:131:19 | call to getenv | semmle.label | call to getenv |
| tests.cpp:131:14:131:35 | call to getenv | semmle.label | call to getenv |
| tests.cpp:132:14:132:19 | call to getenv | semmle.label | call to getenv |
| tests.cpp:132:14:132:35 | call to getenv | semmle.label | call to getenv |
| tests.cpp:133:14:133:19 | call to getenv | semmle.label | call to getenv |
| tests.cpp:133:14:133:19 | call to getenv | semmle.label | call to getenv |
| tests.cpp:133:14:133:35 | call to getenv | semmle.label | call to getenv |
| tests.cpp:133:14:133:35 | call to getenv | semmle.label | call to getenv |
| tests_passwd.cpp:16:8:16:15 | call to getpwnam | semmle.label | call to getpwnam |
| tests_passwd.cpp:18:29:18:31 | pwd | semmle.label | pwd |
| tests_passwd.cpp:19:26:19:28 | pwd | semmle.label | pwd |
| tests.cpp:48:15:48:20 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:48:15:48:20 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:48:15:48:36 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:49:15:49:20 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:49:15:49:20 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:49:15:49:36 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:50:15:50:20 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:50:15:50:20 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:50:15:50:36 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:57:18:57:23 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:57:18:57:23 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:57:18:57:39 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:58:41:58:46 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:58:41:58:46 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:58:41:58:62 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:59:43:59:48 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:59:43:59:48 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:59:43:59:64 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:62:7:62:18 | global_token indirection | semmle.label | global_token indirection |
| tests.cpp:62:22:62:27 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:71:27:71:38 | global_token indirection | semmle.label | global_token indirection |
| tests.cpp:71:27:71:38 | global_token indirection | semmle.label | global_token indirection |
| tests.cpp:73:27:73:31 | maybe indirection | semmle.label | maybe indirection |
| tests.cpp:73:27:73:31 | maybe indirection | semmle.label | maybe indirection |
| tests.cpp:86:29:86:31 | msg indirection | semmle.label | msg indirection |
| tests.cpp:88:15:88:17 | msg indirection | semmle.label | msg indirection |
| tests.cpp:88:15:88:17 | msg indirection | semmle.label | msg indirection |
| tests.cpp:97:13:97:18 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:97:13:97:18 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:97:13:97:34 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:97:13:97:34 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:107:30:107:32 | msg indirection | semmle.label | msg indirection |
| tests.cpp:111:15:111:17 | tmp indirection | semmle.label | tmp indirection |
| tests.cpp:111:15:111:17 | tmp indirection | semmle.label | tmp indirection |
| tests.cpp:114:30:114:32 | msg indirection | semmle.label | msg indirection |
| tests.cpp:119:7:119:12 | buffer indirection | semmle.label | buffer indirection |
| tests.cpp:122:30:122:32 | msg indirection | semmle.label | msg indirection |
| tests.cpp:124:15:124:17 | msg indirection | semmle.label | msg indirection |
| tests.cpp:124:15:124:17 | msg indirection | semmle.label | msg indirection |
| tests.cpp:131:14:131:19 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:131:14:131:35 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:132:14:132:19 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:132:14:132:35 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:133:14:133:19 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:133:14:133:19 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:133:14:133:35 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:133:14:133:35 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests_passwd.cpp:16:8:16:15 | call to getpwnam indirection | semmle.label | call to getpwnam indirection |
| tests_passwd.cpp:18:29:18:31 | pwd indirection | semmle.label | pwd indirection |
| tests_passwd.cpp:18:29:18:31 | pwd indirection | semmle.label | pwd indirection |
| tests_passwd.cpp:19:26:19:28 | pwd indirection | semmle.label | pwd indirection |
| tests_passwd.cpp:19:26:19:28 | pwd indirection | semmle.label | pwd indirection |
subpaths
#select
| tests.cpp:48:15:48:20 | call to getenv | tests.cpp:48:15:48:20 | call to getenv | tests.cpp:48:15:48:20 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:48:15:48:20 | call to getenv | call to getenv |
| tests.cpp:48:15:48:36 | call to getenv | tests.cpp:48:15:48:20 | call to getenv | tests.cpp:48:15:48:36 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:48:15:48:20 | call to getenv | call to getenv |
| tests.cpp:49:15:49:20 | call to getenv | tests.cpp:49:15:49:20 | call to getenv | tests.cpp:49:15:49:20 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:49:15:49:20 | call to getenv | call to getenv |
| tests.cpp:49:15:49:36 | call to getenv | tests.cpp:49:15:49:20 | call to getenv | tests.cpp:49:15:49:36 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:49:15:49:20 | call to getenv | call to getenv |
| tests.cpp:50:15:50:20 | call to getenv | tests.cpp:50:15:50:20 | call to getenv | tests.cpp:50:15:50:20 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:50:15:50:20 | call to getenv | call to getenv |
| tests.cpp:50:15:50:36 | call to getenv | tests.cpp:50:15:50:20 | call to getenv | tests.cpp:50:15:50:36 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:50:15:50:20 | call to getenv | call to getenv |
| tests.cpp:57:18:57:23 | call to getenv | tests.cpp:57:18:57:23 | call to getenv | tests.cpp:57:18:57:23 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:57:18:57:23 | call to getenv | call to getenv |
| tests.cpp:57:18:57:39 | call to getenv | tests.cpp:57:18:57:23 | call to getenv | tests.cpp:57:18:57:39 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:57:18:57:23 | call to getenv | call to getenv |
| tests.cpp:58:41:58:46 | call to getenv | tests.cpp:58:41:58:46 | call to getenv | tests.cpp:58:41:58:46 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:58:41:58:46 | call to getenv | call to getenv |
| tests.cpp:58:41:58:62 | call to getenv | tests.cpp:58:41:58:46 | call to getenv | tests.cpp:58:41:58:62 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:58:41:58:46 | call to getenv | call to getenv |
| tests.cpp:59:43:59:48 | call to getenv | tests.cpp:59:43:59:48 | call to getenv | tests.cpp:59:43:59:48 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:59:43:59:48 | call to getenv | call to getenv |
| tests.cpp:59:43:59:64 | call to getenv | tests.cpp:59:43:59:48 | call to getenv | tests.cpp:59:43:59:64 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:59:43:59:48 | call to getenv | call to getenv |
| tests.cpp:71:27:71:38 | global_token | tests.cpp:62:22:62:27 | call to getenv | tests.cpp:71:27:71:38 | global_token | This operation potentially exposes sensitive system data from $@. | tests.cpp:62:22:62:27 | call to getenv | call to getenv |
| tests.cpp:73:27:73:31 | maybe | tests.cpp:62:22:62:27 | call to getenv | tests.cpp:73:27:73:31 | maybe | This operation potentially exposes sensitive system data from $@. | tests.cpp:62:22:62:27 | call to getenv | call to getenv |
| tests.cpp:88:15:88:17 | msg | tests.cpp:97:13:97:18 | call to getenv | tests.cpp:88:15:88:17 | msg | This operation potentially exposes sensitive system data from $@. | tests.cpp:97:13:97:18 | call to getenv | call to getenv |
| tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:18 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:97:13:97:18 | call to getenv | call to getenv |
| tests.cpp:97:13:97:34 | call to getenv | tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:34 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:97:13:97:18 | call to getenv | call to getenv |
| tests.cpp:111:15:111:17 | tmp | tests.cpp:131:14:131:19 | call to getenv | tests.cpp:111:15:111:17 | tmp | This operation potentially exposes sensitive system data from $@. | tests.cpp:131:14:131:19 | call to getenv | call to getenv |
| tests.cpp:119:7:119:12 | buffer | tests.cpp:132:14:132:19 | call to getenv | tests.cpp:119:7:119:12 | buffer | This operation potentially exposes sensitive system data from $@. | tests.cpp:132:14:132:19 | call to getenv | call to getenv |
| tests.cpp:124:15:124:17 | msg | tests.cpp:133:14:133:19 | call to getenv | tests.cpp:124:15:124:17 | msg | This operation potentially exposes sensitive system data from $@. | tests.cpp:133:14:133:19 | call to getenv | call to getenv |
| tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:19 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:133:14:133:19 | call to getenv | call to getenv |
| tests.cpp:133:14:133:35 | call to getenv | tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:35 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:133:14:133:19 | call to getenv | call to getenv |
| tests_passwd.cpp:18:29:18:31 | pwd | tests_passwd.cpp:16:8:16:15 | call to getpwnam | tests_passwd.cpp:18:29:18:31 | pwd | This operation potentially exposes sensitive system data from $@. | tests_passwd.cpp:16:8:16:15 | call to getpwnam | call to getpwnam |
| tests_passwd.cpp:19:26:19:28 | pwd | tests_passwd.cpp:16:8:16:15 | call to getpwnam | tests_passwd.cpp:19:26:19:28 | pwd | This operation potentially exposes sensitive system data from $@. | tests_passwd.cpp:16:8:16:15 | call to getpwnam | call to getpwnam |
| tests.cpp:48:15:48:20 | call to getenv indirection | tests.cpp:48:15:48:20 | call to getenv indirection | tests.cpp:48:15:48:20 | call to getenv indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:48:15:48:20 | call to getenv indirection | call to getenv indirection |
| tests.cpp:48:15:48:36 | call to getenv indirection | tests.cpp:48:15:48:20 | call to getenv indirection | tests.cpp:48:15:48:36 | call to getenv indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:48:15:48:20 | call to getenv indirection | call to getenv indirection |
| tests.cpp:49:15:49:20 | call to getenv indirection | tests.cpp:49:15:49:20 | call to getenv indirection | tests.cpp:49:15:49:20 | call to getenv indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:49:15:49:20 | call to getenv indirection | call to getenv indirection |
| tests.cpp:49:15:49:36 | call to getenv indirection | tests.cpp:49:15:49:20 | call to getenv indirection | tests.cpp:49:15:49:36 | call to getenv indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:49:15:49:20 | call to getenv indirection | call to getenv indirection |
| tests.cpp:50:15:50:20 | call to getenv indirection | tests.cpp:50:15:50:20 | call to getenv indirection | tests.cpp:50:15:50:20 | call to getenv indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:50:15:50:20 | call to getenv indirection | call to getenv indirection |
| tests.cpp:50:15:50:36 | call to getenv indirection | tests.cpp:50:15:50:20 | call to getenv indirection | tests.cpp:50:15:50:36 | call to getenv indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:50:15:50:20 | call to getenv indirection | call to getenv indirection |
| tests.cpp:57:18:57:23 | call to getenv indirection | tests.cpp:57:18:57:23 | call to getenv indirection | tests.cpp:57:18:57:23 | call to getenv indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:57:18:57:23 | call to getenv indirection | call to getenv indirection |
| tests.cpp:57:18:57:39 | call to getenv indirection | tests.cpp:57:18:57:23 | call to getenv indirection | tests.cpp:57:18:57:39 | call to getenv indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:57:18:57:23 | call to getenv indirection | call to getenv indirection |
| tests.cpp:58:41:58:46 | call to getenv indirection | tests.cpp:58:41:58:46 | call to getenv indirection | tests.cpp:58:41:58:46 | call to getenv indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:58:41:58:46 | call to getenv indirection | call to getenv indirection |
| tests.cpp:58:41:58:62 | call to getenv indirection | tests.cpp:58:41:58:46 | call to getenv indirection | tests.cpp:58:41:58:62 | call to getenv indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:58:41:58:46 | call to getenv indirection | call to getenv indirection |
| tests.cpp:59:43:59:48 | call to getenv indirection | tests.cpp:59:43:59:48 | call to getenv indirection | tests.cpp:59:43:59:48 | call to getenv indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:59:43:59:48 | call to getenv indirection | call to getenv indirection |
| tests.cpp:59:43:59:64 | call to getenv indirection | tests.cpp:59:43:59:48 | call to getenv indirection | tests.cpp:59:43:59:64 | call to getenv indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:59:43:59:48 | call to getenv indirection | call to getenv indirection |
| tests.cpp:71:27:71:38 | global_token indirection | tests.cpp:62:22:62:27 | call to getenv indirection | tests.cpp:71:27:71:38 | global_token indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:62:22:62:27 | call to getenv indirection | call to getenv indirection |
| tests.cpp:71:27:71:38 | global_token indirection | tests.cpp:62:22:62:27 | call to getenv indirection | tests.cpp:71:27:71:38 | global_token indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:62:22:62:27 | call to getenv indirection | call to getenv indirection |
| tests.cpp:73:27:73:31 | maybe indirection | tests.cpp:62:22:62:27 | call to getenv indirection | tests.cpp:73:27:73:31 | maybe indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:62:22:62:27 | call to getenv indirection | call to getenv indirection |
| tests.cpp:73:27:73:31 | maybe indirection | tests.cpp:62:22:62:27 | call to getenv indirection | tests.cpp:73:27:73:31 | maybe indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:62:22:62:27 | call to getenv indirection | call to getenv indirection |
| tests.cpp:88:15:88:17 | msg indirection | tests.cpp:97:13:97:18 | call to getenv indirection | tests.cpp:88:15:88:17 | msg indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:97:13:97:18 | call to getenv indirection | call to getenv indirection |
| tests.cpp:88:15:88:17 | msg indirection | tests.cpp:97:13:97:18 | call to getenv indirection | tests.cpp:88:15:88:17 | msg indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:97:13:97:18 | call to getenv indirection | call to getenv indirection |
| tests.cpp:97:13:97:18 | call to getenv indirection | tests.cpp:97:13:97:18 | call to getenv indirection | tests.cpp:97:13:97:18 | call to getenv indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:97:13:97:18 | call to getenv indirection | call to getenv indirection |
| tests.cpp:97:13:97:34 | call to getenv indirection | tests.cpp:97:13:97:18 | call to getenv indirection | tests.cpp:97:13:97:34 | call to getenv indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:97:13:97:18 | call to getenv indirection | call to getenv indirection |
| tests.cpp:111:15:111:17 | tmp indirection | tests.cpp:131:14:131:19 | call to getenv indirection | tests.cpp:111:15:111:17 | tmp indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:131:14:131:19 | call to getenv indirection | call to getenv indirection |
| tests.cpp:111:15:111:17 | tmp indirection | tests.cpp:131:14:131:19 | call to getenv indirection | tests.cpp:111:15:111:17 | tmp indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:131:14:131:19 | call to getenv indirection | call to getenv indirection |
| tests.cpp:119:7:119:12 | buffer indirection | tests.cpp:132:14:132:19 | call to getenv indirection | tests.cpp:119:7:119:12 | buffer indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:132:14:132:19 | call to getenv indirection | call to getenv indirection |
| tests.cpp:124:15:124:17 | msg indirection | tests.cpp:133:14:133:19 | call to getenv indirection | tests.cpp:124:15:124:17 | msg indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:133:14:133:19 | call to getenv indirection | call to getenv indirection |
| tests.cpp:124:15:124:17 | msg indirection | tests.cpp:133:14:133:19 | call to getenv indirection | tests.cpp:124:15:124:17 | msg indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:133:14:133:19 | call to getenv indirection | call to getenv indirection |
| tests.cpp:133:14:133:19 | call to getenv indirection | tests.cpp:133:14:133:19 | call to getenv indirection | tests.cpp:133:14:133:19 | call to getenv indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:133:14:133:19 | call to getenv indirection | call to getenv indirection |
| tests.cpp:133:14:133:35 | call to getenv indirection | tests.cpp:133:14:133:19 | call to getenv indirection | tests.cpp:133:14:133:35 | call to getenv indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:133:14:133:19 | call to getenv indirection | call to getenv indirection |
| tests_passwd.cpp:18:29:18:31 | pwd indirection | tests_passwd.cpp:16:8:16:15 | call to getpwnam indirection | tests_passwd.cpp:18:29:18:31 | pwd indirection | This operation potentially exposes sensitive system data from $@. | tests_passwd.cpp:16:8:16:15 | call to getpwnam indirection | call to getpwnam indirection |
| tests_passwd.cpp:18:29:18:31 | pwd indirection | tests_passwd.cpp:16:8:16:15 | call to getpwnam indirection | tests_passwd.cpp:18:29:18:31 | pwd indirection | This operation potentially exposes sensitive system data from $@. | tests_passwd.cpp:16:8:16:15 | call to getpwnam indirection | call to getpwnam indirection |
| tests_passwd.cpp:19:26:19:28 | pwd indirection | tests_passwd.cpp:16:8:16:15 | call to getpwnam indirection | tests_passwd.cpp:19:26:19:28 | pwd indirection | This operation potentially exposes sensitive system data from $@. | tests_passwd.cpp:16:8:16:15 | call to getpwnam indirection | call to getpwnam indirection |
| tests_passwd.cpp:19:26:19:28 | pwd indirection | tests_passwd.cpp:16:8:16:15 | call to getpwnam indirection | tests_passwd.cpp:19:26:19:28 | pwd indirection | This operation potentially exposes sensitive system data from $@. | tests_passwd.cpp:16:8:16:15 | call to getpwnam indirection | call to getpwnam indirection |