C++: Add test case that is no longer detected after latest changes

2026-05-05 13:45:19 +02:00 · 2022-12-06 08:29:27 +01:00
parent 6dbc59d5b5
commit 5637d573c1
2 changed files with 11 additions and 2 deletions
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/stdlib.h
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/stdlib.h
@@ -6,7 +6,6 @@
 typedef struct {} FILE;
 #define FILENAME_MAX 1000
 typedef unsigned long size_t;
-#define NULL ((void*)0)

 FILE *fopen(const char *filename, const char *mode);
 int sprintf(char *s, const char *format, ...);
@@ -15,3 +14,4 @@ char *strncat(char *s1, const char *s2, size_t n);
 int scanf(const char *format, ...);
 void *malloc(size_t size);
 double strtod(const char *ptr, char **endptr);
+char *getenv(const char *name);
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/test.c
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/test.c
@@ -39,7 +39,7 @@ int main(int argc, char** argv) {
  }

  {
-    char *fileName = malloc(20 * sizeof(char));
+    char *fileName = (char*)malloc(20 * sizeof(char));
    scanf("%s", fileName);
    fopen(fileName, "wb+"); // BAD
  }
@@ -51,4 +51,13 @@ int main(int argc, char** argv) {
    sprintf(fileName, "/foo/%f", number);
    fopen(fileName, "wb+"); // GOOD
  }
+
+  {
+    void read(const char *fileName);
+    read(argv[1]); // BAD [NOT DETECTED]
+  }
+}
+
+void read(char *fileName) {
+  fopen(fileName, "wb+");
 }