mirror of
https://github.com/github/codeql.git
synced 2025-12-22 11:46:32 +01:00
C++: Add test cases for MAD sources, sinks and summaries in namespaces.
This commit is contained in:
Geoffrey White
@@ -16,6 +16,9 @@ private class TestSources extends SourceModelCsv {
|
|||||||
";;false;remoteMadSourceArg0;;;Argument[0];remote",
|
";;false;remoteMadSourceArg0;;;Argument[0];remote",
|
||||||
";;false;remoteMadSourceArg1;;;Argument[1];remote", ";;false;remoteMadSourceVar;;;;remote",
|
";;false;remoteMadSourceArg1;;;Argument[1];remote", ";;false;remoteMadSourceVar;;;;remote",
|
||||||
";;false;remoteMadSourceParam0;;;Parameter[0];remote",
|
";;false;remoteMadSourceParam0;;;Parameter[0];remote",
|
||||||
|
"MyNamespace;;false;namespaceLocalMadSource;;;ReturnValue;remote",
|
||||||
|
"MyNamespace;;false;namespaceLocalMadSourceVar;;;;remote",
|
||||||
|
"MyNamespace::MyNamespace2;;false;namespace2LocalMadSource;;;ReturnValue;remote",
|
||||||
";MyClass;true;memberRemoteMadSource;;;ReturnValue;remote",
|
";MyClass;true;memberRemoteMadSource;;;ReturnValue;remote",
|
||||||
";MyClass;true;memberRemoteMadSourceArg0;;;Argument[0];remote",
|
";MyClass;true;memberRemoteMadSourceArg0;;;Argument[0];remote",
|
||||||
";MyClass;true;memberRemoteMadSourceVar;;;;remote",
|
";MyClass;true;memberRemoteMadSourceVar;;;;remote",
|
||||||
@@ -41,6 +44,10 @@ private class TestSinks extends SinkModelCsv {
|
|||||||
";;false;madSinkVar;;;;test-sink", ";;false;madSinkParam0;;;Parameter[0];remote",
|
";;false;madSinkVar;;;;test-sink", ";;false;madSinkParam0;;;Parameter[0];remote",
|
||||||
";MyClass;true;memberMadSinkArg0;;;Argument[0];test-sink",
|
";MyClass;true;memberMadSinkArg0;;;Argument[0];test-sink",
|
||||||
";MyClass;true;memberMadSinkVar;;;;test-sink",
|
";MyClass;true;memberMadSinkVar;;;;test-sink",
|
||||||
|
"MyNamespace;MyClass;true;namespaceMemberMadSinkArg0;;;Argument[0];test-sink",
|
||||||
|
"MyNamespace;MyClass;true;namespaceStaticMemberMadSinkArg0;;;Argument[0];test-sink",
|
||||||
|
"MyNamespace;MyClass;true;namespaceMemberMadSinkVar;;;;test-sink",
|
||||||
|
"MyNamespace;MyClass;true;namespaceStaticMemberMadSinkVar;;;;test-sink",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -64,6 +71,7 @@ private class TestSummaries extends SummaryModelCsv {
|
|||||||
";MyClass;true;madSelfToReturn;;;Argument[-1];ReturnValue;taint",
|
";MyClass;true;madSelfToReturn;;;Argument[-1];ReturnValue;taint",
|
||||||
";MyClass;true;madArg0ToField;;;Argument[0];Argument[-1].val;taint",
|
";MyClass;true;madArg0ToField;;;Argument[0];Argument[-1].val;taint",
|
||||||
";MyClass;true;madFieldToReturn;;;Argument[-1].val;ReturnValue;taint",
|
";MyClass;true;madFieldToReturn;;;Argument[-1].val;ReturnValue;taint",
|
||||||
|
"MyNamespace;MyClass;true;namespaceMadSelfToReturn;;;Argument[-1];ReturnValue;taint",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -77,7 +85,7 @@ module IRTest {
|
|||||||
predicate isSource(DataFlow::Node source) {
|
predicate isSource(DataFlow::Node source) {
|
||||||
source instanceof FlowSource
|
source instanceof FlowSource
|
||||||
or
|
or
|
||||||
source.asExpr().(FunctionCall).getTarget().getName() = ["source", "source2"]
|
source.asExpr().(FunctionCall).getTarget().getName() = ["source", "source2", "source3"]
|
||||||
}
|
}
|
||||||
|
|
||||||
predicate isSink(DataFlow::Node sink) {
|
predicate isSink(DataFlow::Node sink) {
|
||||||
|
|||||||
@@ -16,6 +16,18 @@ void remoteMadSourceArg1(int &x, int &y);
|
|||||||
int remoteMadSourceVar;
|
int remoteMadSourceVar;
|
||||||
void remoteMadSourceParam0(int x);
|
void remoteMadSourceParam0(int x);
|
||||||
|
|
||||||
|
namespace MyNamespace {
|
||||||
|
int namespaceLocalMadSource();
|
||||||
|
int namespaceLocalMadSourceVar;
|
||||||
|
|
||||||
|
namespace MyNamespace2 {
|
||||||
|
int namespace2LocalMadSource();
|
||||||
|
}
|
||||||
|
|
||||||
|
int localMadSource(); // (not a source)
|
||||||
|
}
|
||||||
|
int namespaceLocalMadSource(); // (not a source)
|
||||||
|
|
||||||
void test_sources() {
|
void test_sources() {
|
||||||
sink(0);
|
sink(0);
|
||||||
sink(source()); // $ ir
|
sink(source()); // $ ir
|
||||||
@@ -42,6 +54,12 @@ void test_sources() {
|
|||||||
|
|
||||||
int e = localMadSource();
|
int e = localMadSource();
|
||||||
sink(e); // $ ir
|
sink(e); // $ ir
|
||||||
|
|
||||||
|
sink(MyNamespace::namespaceLocalMadSource()); // $ MISSING: ir
|
||||||
|
sink(MyNamespace::namespaceLocalMadSourceVar); // $ MISSING: ir
|
||||||
|
sink(MyNamespace::MyNamespace2::namespace2LocalMadSource()); // $ MISSING: ir
|
||||||
|
sink(MyNamespace::localMadSource()); // $ SPURIOUS: ir (the MyNamespace version of this function is not a source)
|
||||||
|
sink(namespaceLocalMadSource()); // (the global namespace version of this function is not a source)
|
||||||
}
|
}
|
||||||
|
|
||||||
void remoteMadSourceParam0(int x)
|
void remoteMadSourceParam0(int x)
|
||||||
@@ -179,9 +197,26 @@ public:
|
|||||||
MyClass source2();
|
MyClass source2();
|
||||||
void sink(MyClass mc);
|
void sink(MyClass mc);
|
||||||
|
|
||||||
|
namespace MyNamespace {
|
||||||
|
class MyClass {
|
||||||
|
public:
|
||||||
|
// sinks
|
||||||
|
void namespaceMemberMadSinkArg0(int x);
|
||||||
|
static void namespaceStaticMemberMadSinkArg0(int x);
|
||||||
|
int namespaceMemberMadSinkVar;
|
||||||
|
static int namespaceStaticMemberMadSinkVar;
|
||||||
|
|
||||||
|
// summaries
|
||||||
|
int namespaceMadSelfToReturn();
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
MyNamespace::MyClass source3();
|
||||||
|
|
||||||
void test_class_members() {
|
void test_class_members() {
|
||||||
MyClass mc, mc2, mc3, mc4, mc5, mc6;
|
MyClass mc, mc2, mc3, mc4, mc5, mc6;
|
||||||
MyDerivedClass mdc;
|
MyDerivedClass mdc;
|
||||||
|
MyNamespace::MyClass mnc;
|
||||||
|
|
||||||
// test class member sources
|
// test class member sources
|
||||||
|
|
||||||
@@ -206,6 +241,11 @@ void test_class_members() {
|
|||||||
|
|
||||||
mc.memberMadSinkVar = source(); // $ MISSING: ir
|
mc.memberMadSinkVar = source(); // $ MISSING: ir
|
||||||
|
|
||||||
|
mnc.namespaceMemberMadSinkArg0(source()); // $ MISSING: ir
|
||||||
|
MyNamespace::MyClass::namespaceStaticMemberMadSinkArg0(source()); // $ MISSING: ir
|
||||||
|
mnc.namespaceMemberMadSinkVar = source(); // $ MISSING: ir
|
||||||
|
MyNamespace::MyClass::namespaceStaticMemberMadSinkVar = source(); // $ MISSING: ir
|
||||||
|
|
||||||
// test class member summaries
|
// test class member summaries
|
||||||
|
|
||||||
sink(mc2);
|
sink(mc2);
|
||||||
@@ -223,6 +263,8 @@ void test_class_members() {
|
|||||||
mc4.val = source();
|
mc4.val = source();
|
||||||
sink(mc4.madFieldToReturn()); // $ MISSING: ir
|
sink(mc4.madFieldToReturn()); // $ MISSING: ir
|
||||||
|
|
||||||
|
sink(source3().namespaceMadSelfToReturn()); // $ MISSING: ir
|
||||||
|
|
||||||
// test class member sources + sinks + summaries together
|
// test class member sources + sinks + summaries together
|
||||||
|
|
||||||
mc.memberMadSinkArg0(mc.memberRemoteMadSource()); // $ ir
|
mc.memberMadSinkArg0(mc.memberRemoteMadSource()); // $ ir
|
||||||
|
|||||||
Reference in New Issue
Block a user