mirror of
https://github.com/github/codeql.git
synced 2025-12-22 03:36:30 +01:00
C++: Add test cases for MAD sources, sinks and summaries in namespaces.
This commit is contained in:
Geoffrey White
@@ -16,6 +16,9 @@ private class TestSources extends SourceModelCsv {
|
||||
";;false;remoteMadSourceArg0;;;Argument[0];remote",
|
||||
";;false;remoteMadSourceArg1;;;Argument[1];remote", ";;false;remoteMadSourceVar;;;;remote",
|
||||
";;false;remoteMadSourceParam0;;;Parameter[0];remote",
|
||||
"MyNamespace;;false;namespaceLocalMadSource;;;ReturnValue;remote",
|
||||
"MyNamespace;;false;namespaceLocalMadSourceVar;;;;remote",
|
||||
"MyNamespace::MyNamespace2;;false;namespace2LocalMadSource;;;ReturnValue;remote",
|
||||
";MyClass;true;memberRemoteMadSource;;;ReturnValue;remote",
|
||||
";MyClass;true;memberRemoteMadSourceArg0;;;Argument[0];remote",
|
||||
";MyClass;true;memberRemoteMadSourceVar;;;;remote",
|
||||
@@ -41,6 +44,10 @@ private class TestSinks extends SinkModelCsv {
|
||||
";;false;madSinkVar;;;;test-sink", ";;false;madSinkParam0;;;Parameter[0];remote",
|
||||
";MyClass;true;memberMadSinkArg0;;;Argument[0];test-sink",
|
||||
";MyClass;true;memberMadSinkVar;;;;test-sink",
|
||||
"MyNamespace;MyClass;true;namespaceMemberMadSinkArg0;;;Argument[0];test-sink",
|
||||
"MyNamespace;MyClass;true;namespaceStaticMemberMadSinkArg0;;;Argument[0];test-sink",
|
||||
"MyNamespace;MyClass;true;namespaceMemberMadSinkVar;;;;test-sink",
|
||||
"MyNamespace;MyClass;true;namespaceStaticMemberMadSinkVar;;;;test-sink",
|
||||
]
|
||||
}
|
||||
}
|
||||
@@ -64,6 +71,7 @@ private class TestSummaries extends SummaryModelCsv {
|
||||
";MyClass;true;madSelfToReturn;;;Argument[-1];ReturnValue;taint",
|
||||
";MyClass;true;madArg0ToField;;;Argument[0];Argument[-1].val;taint",
|
||||
";MyClass;true;madFieldToReturn;;;Argument[-1].val;ReturnValue;taint",
|
||||
"MyNamespace;MyClass;true;namespaceMadSelfToReturn;;;Argument[-1];ReturnValue;taint",
|
||||
]
|
||||
}
|
||||
}
|
||||
@@ -77,7 +85,7 @@ module IRTest {
|
||||
predicate isSource(DataFlow::Node source) {
|
||||
source instanceof FlowSource
|
||||
or
|
||||
source.asExpr().(FunctionCall).getTarget().getName() = ["source", "source2"]
|
||||
source.asExpr().(FunctionCall).getTarget().getName() = ["source", "source2", "source3"]
|
||||
}
|
||||
|
||||
predicate isSink(DataFlow::Node sink) {
|
||||
|
||||
@@ -16,6 +16,18 @@ void remoteMadSourceArg1(int &x, int &y);
|
||||
int remoteMadSourceVar;
|
||||
void remoteMadSourceParam0(int x);
|
||||
|
||||
namespace MyNamespace {
|
||||
int namespaceLocalMadSource();
|
||||
int namespaceLocalMadSourceVar;
|
||||
|
||||
namespace MyNamespace2 {
|
||||
int namespace2LocalMadSource();
|
||||
}
|
||||
|
||||
int localMadSource(); // (not a source)
|
||||
}
|
||||
int namespaceLocalMadSource(); // (not a source)
|
||||
|
||||
void test_sources() {
|
||||
sink(0);
|
||||
sink(source()); // $ ir
|
||||
@@ -42,6 +54,12 @@ void test_sources() {
|
||||
|
||||
int e = localMadSource();
|
||||
sink(e); // $ ir
|
||||
|
||||
sink(MyNamespace::namespaceLocalMadSource()); // $ MISSING: ir
|
||||
sink(MyNamespace::namespaceLocalMadSourceVar); // $ MISSING: ir
|
||||
sink(MyNamespace::MyNamespace2::namespace2LocalMadSource()); // $ MISSING: ir
|
||||
sink(MyNamespace::localMadSource()); // $ SPURIOUS: ir (the MyNamespace version of this function is not a source)
|
||||
sink(namespaceLocalMadSource()); // (the global namespace version of this function is not a source)
|
||||
}
|
||||
|
||||
void remoteMadSourceParam0(int x)
|
||||
@@ -179,9 +197,26 @@ public:
|
||||
MyClass source2();
|
||||
void sink(MyClass mc);
|
||||
|
||||
namespace MyNamespace {
|
||||
class MyClass {
|
||||
public:
|
||||
// sinks
|
||||
void namespaceMemberMadSinkArg0(int x);
|
||||
static void namespaceStaticMemberMadSinkArg0(int x);
|
||||
int namespaceMemberMadSinkVar;
|
||||
static int namespaceStaticMemberMadSinkVar;
|
||||
|
||||
// summaries
|
||||
int namespaceMadSelfToReturn();
|
||||
};
|
||||
}
|
||||
|
||||
MyNamespace::MyClass source3();
|
||||
|
||||
void test_class_members() {
|
||||
MyClass mc, mc2, mc3, mc4, mc5, mc6;
|
||||
MyDerivedClass mdc;
|
||||
MyNamespace::MyClass mnc;
|
||||
|
||||
// test class member sources
|
||||
|
||||
@@ -206,6 +241,11 @@ void test_class_members() {
|
||||
|
||||
mc.memberMadSinkVar = source(); // $ MISSING: ir
|
||||
|
||||
mnc.namespaceMemberMadSinkArg0(source()); // $ MISSING: ir
|
||||
MyNamespace::MyClass::namespaceStaticMemberMadSinkArg0(source()); // $ MISSING: ir
|
||||
mnc.namespaceMemberMadSinkVar = source(); // $ MISSING: ir
|
||||
MyNamespace::MyClass::namespaceStaticMemberMadSinkVar = source(); // $ MISSING: ir
|
||||
|
||||
// test class member summaries
|
||||
|
||||
sink(mc2);
|
||||
@@ -223,6 +263,8 @@ void test_class_members() {
|
||||
mc4.val = source();
|
||||
sink(mc4.madFieldToReturn()); // $ MISSING: ir
|
||||
|
||||
sink(source3().namespaceMadSelfToReturn()); // $ MISSING: ir
|
||||
|
||||
// test class member sources + sinks + summaries together
|
||||
|
||||
mc.memberMadSinkArg0(mc.memberRemoteMadSource()); // $ ir
|
||||
|
||||
Reference in New Issue
Block a user