hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Model std::vector::data.

Browse Source
This commit is contained in:
Geoffrey White
2020-08-26 14:48:10 +01:00
parent 2235c19593
commit 6ae96baaf6
5 changed files with 26 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
View File

@@ -1864,6 +1864,7 @@
| vector.cpp:74:2:74:3 | ref arg v6 | vector.cpp:75:7:75:8 | v6 | |
| vector.cpp:74:2:74:3 | ref arg v6 | vector.cpp:76:7:76:8 | v6 | |
| vector.cpp:74:2:74:3 | ref arg v6 | vector.cpp:101:1:101:1 | v6 | |
| vector.cpp:74:2:74:3 | v6 | vector.cpp:74:5:74:8 | call to data | TAINT |
| vector.cpp:74:2:74:13 | access to array [post update] | vector.cpp:74:5:74:8 | call to data [inner post update] | |
| vector.cpp:74:2:74:24 | ... = ... | vector.cpp:74:2:74:13 | access to array [post update] | |
| vector.cpp:74:5:74:8 | call to data | vector.cpp:74:2:74:13 | access to array | TAINT |
@@ -1872,6 +1873,7 @@
| vector.cpp:75:7:75:8 | ref arg v6 | vector.cpp:76:7:76:8 | v6 | |
| vector.cpp:75:7:75:8 | ref arg v6 | vector.cpp:101:1:101:1 | v6 | |
| vector.cpp:76:7:76:8 | ref arg v6 | vector.cpp:101:1:101:1 | v6 | |
| vector.cpp:76:7:76:8 | v6 | vector.cpp:76:10:76:13 | call to data | TAINT |
| vector.cpp:76:10:76:13 | call to data | vector.cpp:76:7:76:18 | access to array | TAINT |
| vector.cpp:76:17:76:17 | 2 | vector.cpp:76:7:76:18 | access to array | TAINT |
| vector.cpp:79:33:79:34 | v7 | vector.cpp:80:41:80:43 | v7c | |
@@ -2317,7 +2319,9 @@
| vector.cpp:255:7:255:8 | ref arg v1 | vector.cpp:263:1:263:1 | v1 | |
| vector.cpp:256:7:256:8 | ref arg v1 | vector.cpp:257:7:257:8 | v1 | |
| vector.cpp:256:7:256:8 | ref arg v1 | vector.cpp:263:1:263:1 | v1 | |
| vector.cpp:256:7:256:8 | v1 | vector.cpp:256:10:256:13 | call to data | TAINT |
| vector.cpp:257:7:257:8 | ref arg v1 | vector.cpp:263:1:263:1 | v1 | |
| vector.cpp:257:7:257:8 | v1 | vector.cpp:257:10:257:13 | call to data | TAINT |
| vector.cpp:257:10:257:13 | call to data | vector.cpp:257:7:257:18 | access to array | TAINT |
| vector.cpp:257:17:257:17 | 2 | vector.cpp:257:7:257:18 | access to array | TAINT |
| vector.cpp:259:2:259:13 | * ... [post update] | vector.cpp:259:7:259:10 | call to data [inner post update] | |
@@ -2326,6 +2330,7 @@
| vector.cpp:259:4:259:5 | ref arg v2 | vector.cpp:261:7:261:8 | v2 | |
| vector.cpp:259:4:259:5 | ref arg v2 | vector.cpp:262:7:262:8 | v2 | |
| vector.cpp:259:4:259:5 | ref arg v2 | vector.cpp:263:1:263:1 | v2 | |
| vector.cpp:259:4:259:5 | v2 | vector.cpp:259:7:259:10 | call to data | TAINT |
| vector.cpp:259:7:259:10 | call to data | vector.cpp:259:2:259:13 | * ... | TAINT |
| vector.cpp:259:17:259:30 | call to source | vector.cpp:259:2:259:32 | ... = ... | |
| vector.cpp:260:7:260:8 | ref arg v2 | vector.cpp:261:7:261:8 | v2 | |
@@ -2333,6 +2338,8 @@
| vector.cpp:260:7:260:8 | ref arg v2 | vector.cpp:263:1:263:1 | v2 | |
| vector.cpp:261:7:261:8 | ref arg v2 | vector.cpp:262:7:262:8 | v2 | |
| vector.cpp:261:7:261:8 | ref arg v2 | vector.cpp:263:1:263:1 | v2 | |
| vector.cpp:261:7:261:8 | v2 | vector.cpp:261:10:261:13 | call to data | TAINT |
| vector.cpp:262:7:262:8 | ref arg v2 | vector.cpp:263:1:263:1 | v2 | |
| vector.cpp:262:7:262:8 | v2 | vector.cpp:262:10:262:13 | call to data | TAINT |
| vector.cpp:262:10:262:13 | call to data | vector.cpp:262:7:262:18 | access to array | TAINT |
| vector.cpp:262:17:262:17 | 2 | vector.cpp:262:7:262:18 | access to array | TAINT |

2
cpp/ql/test/library-tests/dataflow/taint-tests/taint.expected
View File

@@ -239,3 +239,5 @@
| vector.cpp:201:13:201:13 | call to operator[] | vector.cpp:200:14:200:19 | call to source |
| vector.cpp:227:7:227:8 | v3 | vector.cpp:223:15:223:20 | call to source |
| vector.cpp:255:7:255:8 | v1 | vector.cpp:254:15:254:20 | call to source |
| vector.cpp:256:10:256:13 | call to data | vector.cpp:254:15:254:20 | call to source |
| vector.cpp:257:7:257:18 | access to array | vector.cpp:254:15:254:20 | call to source |

2
cpp/ql/test/library-tests/dataflow/taint-tests/test_diff.expected
View File

@@ -175,3 +175,5 @@
| vector.cpp:201:13:201:13 | vector.cpp:200:14:200:19 | AST only |
| vector.cpp:227:7:227:8 | vector.cpp:223:15:223:20 | AST only |
| vector.cpp:255:7:255:8 | vector.cpp:254:15:254:20 | AST only |
| vector.cpp:256:10:256:13 | vector.cpp:254:15:254:20 | AST only |
| vector.cpp:257:7:257:18 | vector.cpp:254:15:254:20 | AST only |

4
cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp
View File

@@ -253,8 +253,8 @@ void test_data_more() {
v1.push_back(source());
sink(v1); // tainted
sink(v1.data()); // tainted [NOT DETECTED]
sink(v1.data()[2]); // tainted [NOT DETECTED]
sink(v1.data()); // tainted
sink(v1.data()[2]); // tainted
*(v2.data()) = ns_int::source();
sink(v2); // tainted [NOT DETECTED]