C++: exclude int/string conversion in ExecTainted

2026-05-04 21:25:44 +02:00 · 2021-07-19 23:06:59 +00:00
parent 5e265f45e1
commit 37c92178a5
2 changed files with 7 additions and 11 deletions
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
@@ -130,7 +130,6 @@ edges
 | test.cpp:160:9:160:12 | fread output argument | test.cpp:165:24:165:24 | x |
 | test.cpp:160:9:160:12 | fread output argument | test.cpp:166:44:166:48 | array to pointer conversion |
 | test.cpp:160:9:160:12 | fread output argument | test.cpp:166:44:166:48 | temp2 indirection |
-| test.cpp:160:9:160:12 | fread output argument | test.cpp:166:44:166:48 | temp2 indirection |
 | test.cpp:160:9:160:12 | fread output argument | test.cpp:168:10:168:16 | (const char *)... |
 | test.cpp:160:9:160:12 | fread output argument | test.cpp:168:10:168:16 | command indirection |
 | test.cpp:162:11:162:14 | call to atoi | test.cpp:162:11:162:14 | Store |
@@ -140,8 +139,6 @@ edges
 | test.cpp:162:11:162:14 | call to atoi | test.cpp:168:10:168:16 | (const char *)... |
 | test.cpp:162:11:162:14 | call to atoi | test.cpp:168:10:168:16 | command indirection |
 | test.cpp:166:13:166:19 | sprintf output argument | test.cpp:168:10:168:16 | command indirection |
-| test.cpp:166:44:166:48 | temp2 indirection | test.cpp:166:13:166:19 | sprintf output argument |
-| test.cpp:166:44:166:48 | temp2 indirection | test.cpp:166:13:166:19 | sprintf output argument |
 #select
 | test.cpp:23:12:23:19 | command1 | test.cpp:16:20:16:23 | argv | test.cpp:23:12:23:19 | command1 indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string) | test.cpp:16:20:16:23 | argv | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument |
 | test.cpp:51:10:51:16 | command | test.cpp:47:21:47:26 | call to getenv | test.cpp:51:10:51:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string) | test.cpp:47:21:47:26 | call to getenv | user input (an environment variable) | test.cpp:50:11:50:17 | sprintf output argument | sprintf output argument |
@@ -149,7 +146,6 @@ edges
 | test.cpp:85:32:85:38 | command | test.cpp:82:9:82:16 | fread output argument | test.cpp:85:32:85:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl | test.cpp:82:9:82:16 | fread output argument | user input (String read by fread) | test.cpp:84:11:84:17 | strncat output argument | strncat output argument |
 | test.cpp:94:45:94:48 | path | test.cpp:91:9:91:16 | fread output argument | test.cpp:94:45:94:48 | path indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl | test.cpp:91:9:91:16 | fread output argument | user input (String read by fread) | test.cpp:93:11:93:14 | strncat output argument | strncat output argument |
 | test.cpp:143:10:143:16 | command | test.cpp:140:9:140:11 | fread output argument | test.cpp:143:10:143:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string) | test.cpp:140:9:140:11 | fread output argument | user input (String read by fread) | test.cpp:142:11:142:17 | sprintf output argument | sprintf output argument |
-| test.cpp:168:10:168:16 | command | test.cpp:160:9:160:12 | fread output argument | test.cpp:168:10:168:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string) | test.cpp:160:9:160:12 | fread output argument | user input (String read by fread) | test.cpp:166:13:166:19 | sprintf output argument | sprintf output argument |
 nodes
 | test.cpp:16:20:16:23 | argv | semmle.label | argv |
 | test.cpp:16:20:16:23 | argv | semmle.label | argv |
@@ -327,7 +323,6 @@ nodes
 | test.cpp:160:9:160:12 | (void *)... | semmle.label | (void *)... |
 | test.cpp:160:9:160:12 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:160:9:160:12 | fread output argument | semmle.label | fread output argument |
-| test.cpp:160:9:160:12 | fread output argument | semmle.label | fread output argument |
 | test.cpp:160:9:160:12 | temp | semmle.label | temp |
 | test.cpp:160:9:160:12 | temp indirection | semmle.label | temp indirection |
 | test.cpp:162:11:162:14 | Store | semmle.label | Store |
@@ -339,7 +334,6 @@ nodes
 | test.cpp:166:13:166:19 | sprintf output argument | semmle.label | sprintf output argument |
 | test.cpp:166:44:166:48 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:166:44:166:48 | temp2 indirection | semmle.label | temp2 indirection |
-| test.cpp:166:44:166:48 | temp2 indirection | semmle.label | temp2 indirection |
 | test.cpp:168:10:168:16 | (const char *)... | semmle.label | (const char *)... |
 | test.cpp:168:10:168:16 | command indirection | semmle.label | command indirection |
 | test.cpp:168:10:168:16 | command indirection | semmle.label | command indirection |