hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Add FP test.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2024-10-07 18:52:44 +01:00
parent 823d5acd69
commit 6ca978e1cc
2 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
View File

@@ -13,6 +13,8 @@ edges
| test1.c:42:16:42:16 | i | test1.c:43:11:43:11 | i | provenance | |
| test1.c:50:16:50:16 | i | test1.c:53:3:53:7 | ... = ... | provenance | |
| test1.c:53:3:53:7 | ... = ... | test1.c:55:15:55:15 | j | provenance | |
| test1.c:76:11:76:23 | ... = ... | test1.c:77:20:77:21 | ch | provenance | |
| test1.c:76:16:76:19 | call to getc | test1.c:76:11:76:23 | ... = ... | provenance | |
nodes
| test1.c:7:26:7:29 | **argv | semmle.label | **argv |
| test1.c:8:11:8:14 | call to atoi | semmle.label | call to atoi |
@@ -29,9 +31,13 @@ nodes
| test1.c:50:16:50:16 | i | semmle.label | i |
| test1.c:53:3:53:7 | ... = ... | semmle.label | ... = ... |
| test1.c:55:15:55:15 | j | semmle.label | j |
| test1.c:76:11:76:23 | ... = ... | semmle.label | ... = ... |
| test1.c:76:16:76:19 | call to getc | semmle.label | call to getc |
| test1.c:77:20:77:21 | ch | semmle.label | ch |
subpaths
#select
| test1.c:20:16:20:16 | i | test1.c:7:26:7:29 | **argv | test1.c:20:16:20:16 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | **argv | a command-line argument |
| test1.c:35:11:35:11 | i | test1.c:7:26:7:29 | **argv | test1.c:35:11:35:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | **argv | a command-line argument |
| test1.c:43:11:43:11 | i | test1.c:7:26:7:29 | **argv | test1.c:43:11:43:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | **argv | a command-line argument |
| test1.c:55:15:55:15 | j | test1.c:7:26:7:29 | **argv | test1.c:55:15:55:15 | j | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | **argv | a command-line argument |
| test1.c:77:20:77:21 | ch | test1.c:76:16:76:19 | call to getc | test1.c:77:20:77:21 | ch | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:76:16:76:19 | call to getc | external |

15
cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/test1.c
View File

@@ -63,4 +63,17 @@ void test6(int i) {
myTable[s] = 0; // GOOD: Input is small [FALSE POSITIVE]
}
void test7(char *s) { }
typedef void FILE;
#define EOF (-1)
int getc(FILE*);
extern int myMaxCharTable[256];
void test7(FILE* fp) {
int ch;
while ((ch = getc(fp)) != EOF) {
myMaxCharTable[ch] = 0; // GOOD [FALSE POSITIVE]
}
}