hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4080 from geoffw0/split

Browse Source 
C++: Split test file stl.cpp
This commit is contained in:
Jonas Jensen
2020-08-14 15:59:46 +02:00
committed by GitHub
parent e9a36b2524 89c2b6dc4b
commit 768e5190a1
9 changed files with 730 additions and 720 deletions
Download Patch File Download Diff File Expand all files Collapse all files

556
cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
View File

@@ -308,284 +308,230 @@
| movableclass.cpp:65:13:65:18 | call to source | movableclass.cpp:65:13:65:20 | call to MyMovableClass | TAINT |
| movableclass.cpp:65:13:65:20 | call to MyMovableClass | movableclass.cpp:65:8:65:9 | ref arg s3 | TAINT |
| movableclass.cpp:65:13:65:20 | call to MyMovableClass | movableclass.cpp:65:11:65:11 | call to operator= | TAINT |
| stl.cpp:109:12:109:17 | call to source | stl.cpp:113:7:113:7 | a | |
| stl.cpp:110:16:110:20 | 123 | stl.cpp:110:16:110:21 | call to basic_string | TAINT |
| stl.cpp:110:16:110:21 | call to basic_string | stl.cpp:114:7:114:7 | b | |
| stl.cpp:110:16:110:21 | call to basic_string | stl.cpp:116:7:116:7 | b | |
| stl.cpp:111:16:111:21 | call to source | stl.cpp:111:16:111:24 | call to basic_string | TAINT |
| stl.cpp:111:16:111:24 | call to basic_string | stl.cpp:115:7:115:7 | c | |
| stl.cpp:111:16:111:24 | call to basic_string | stl.cpp:117:7:117:7 | c | |
| stl.cpp:116:7:116:7 | b | stl.cpp:116:9:116:13 | call to c_str | TAINT |
| stl.cpp:117:7:117:7 | c | stl.cpp:117:9:117:13 | call to c_str | TAINT |
| stl.cpp:122:20:122:22 | call to basic_stringstream | stl.cpp:125:2:125:4 | ss1 | |
| stl.cpp:122:20:122:22 | call to basic_stringstream | stl.cpp:131:7:131:9 | ss1 | |
| stl.cpp:122:20:122:22 | call to basic_stringstream | stl.cpp:136:7:136:9 | ss1 | |
| stl.cpp:122:25:122:27 | call to basic_stringstream | stl.cpp:126:2:126:4 | ss2 | |
| stl.cpp:122:25:122:27 | call to basic_stringstream | stl.cpp:132:7:132:9 | ss2 | |
| stl.cpp:122:25:122:27 | call to basic_stringstream | stl.cpp:137:7:137:9 | ss2 | |
| stl.cpp:122:30:122:32 | call to basic_stringstream | stl.cpp:127:2:127:4 | ss3 | |
| stl.cpp:122:30:122:32 | call to basic_stringstream | stl.cpp:133:7:133:9 | ss3 | |
| stl.cpp:122:30:122:32 | call to basic_stringstream | stl.cpp:138:7:138:9 | ss3 | |
| stl.cpp:122:35:122:37 | call to basic_stringstream | stl.cpp:128:2:128:4 | ss4 | |
| stl.cpp:122:35:122:37 | call to basic_stringstream | stl.cpp:134:7:134:9 | ss4 | |
| stl.cpp:122:35:122:37 | call to basic_stringstream | stl.cpp:139:7:139:9 | ss4 | |
| stl.cpp:122:40:122:42 | call to basic_stringstream | stl.cpp:129:2:129:4 | ss5 | |
| stl.cpp:122:40:122:42 | call to basic_stringstream | stl.cpp:135:7:135:9 | ss5 | |
| stl.cpp:122:40:122:42 | call to basic_stringstream | stl.cpp:140:7:140:9 | ss5 | |
| stl.cpp:123:16:123:21 | call to source | stl.cpp:123:16:123:24 | call to basic_string | TAINT |
| stl.cpp:123:16:123:24 | call to basic_string | stl.cpp:129:9:129:9 | t | |
| stl.cpp:125:2:125:4 | ref arg ss1 | stl.cpp:131:7:131:9 | ss1 | |
| stl.cpp:125:2:125:4 | ref arg ss1 | stl.cpp:136:7:136:9 | ss1 | |
| stl.cpp:126:2:126:4 | ref arg ss2 | stl.cpp:132:7:132:9 | ss2 | |
| stl.cpp:126:2:126:4 | ref arg ss2 | stl.cpp:137:7:137:9 | ss2 | |
| stl.cpp:127:2:127:4 | ref arg ss3 | stl.cpp:133:7:133:9 | ss3 | |
| stl.cpp:127:2:127:4 | ref arg ss3 | stl.cpp:138:7:138:9 | ss3 | |
| stl.cpp:128:2:128:4 | ref arg ss4 | stl.cpp:134:7:134:9 | ss4 | |
| stl.cpp:128:2:128:4 | ref arg ss4 | stl.cpp:139:7:139:9 | ss4 | |
| stl.cpp:129:2:129:4 | ref arg ss5 | stl.cpp:135:7:135:9 | ss5 | |
| stl.cpp:129:2:129:4 | ref arg ss5 | stl.cpp:140:7:140:9 | ss5 | |
| stl.cpp:143:32:143:37 | source | stl.cpp:148:9:148:14 | source | |
| stl.cpp:145:20:145:22 | call to basic_stringstream | stl.cpp:147:2:147:4 | ss1 | |
| stl.cpp:145:20:145:22 | call to basic_stringstream | stl.cpp:150:7:150:9 | ss1 | |
| stl.cpp:145:20:145:22 | call to basic_stringstream | stl.cpp:152:7:152:9 | ss1 | |
| stl.cpp:145:25:145:27 | call to basic_stringstream | stl.cpp:148:2:148:4 | ss2 | |
| stl.cpp:145:25:145:27 | call to basic_stringstream | stl.cpp:151:7:151:9 | ss2 | |
| stl.cpp:145:25:145:27 | call to basic_stringstream | stl.cpp:153:7:153:9 | ss2 | |
| stl.cpp:147:2:147:4 | ref arg ss1 | stl.cpp:150:7:150:9 | ss1 | |
| stl.cpp:147:2:147:4 | ref arg ss1 | stl.cpp:152:7:152:9 | ss1 | |
| stl.cpp:148:2:148:4 | ref arg ss2 | stl.cpp:151:7:151:9 | ss2 | |
| stl.cpp:148:2:148:4 | ref arg ss2 | stl.cpp:153:7:153:9 | ss2 | |
| stl.cpp:166:16:166:28 | call to basic_string | stl.cpp:167:7:167:11 | path1 | |
| stl.cpp:166:17:166:26 | call to user_input | stl.cpp:166:16:166:28 | call to basic_string | TAINT |
| stl.cpp:167:7:167:11 | path1 | stl.cpp:167:13:167:17 | call to c_str | TAINT |
| stl.cpp:170:10:170:19 | call to user_input | stl.cpp:170:10:170:21 | call to basic_string | TAINT |
| stl.cpp:170:10:170:21 | call to basic_string | stl.cpp:170:2:170:21 | ... = ... | |
| stl.cpp:170:10:170:21 | call to basic_string | stl.cpp:171:7:171:11 | path2 | |
| stl.cpp:171:7:171:11 | path2 | stl.cpp:171:13:171:17 | call to c_str | TAINT |
| stl.cpp:173:15:173:24 | call to user_input | stl.cpp:173:15:173:27 | call to basic_string | TAINT |
| stl.cpp:173:15:173:27 | call to basic_string | stl.cpp:174:7:174:11 | path3 | |
| stl.cpp:174:7:174:11 | path3 | stl.cpp:174:13:174:17 | call to c_str | TAINT |
| stl.cpp:179:19:179:24 | call to source | stl.cpp:182:17:182:18 | cs | |
| stl.cpp:179:19:179:24 | call to source | stl.cpp:184:7:184:8 | cs | |
| stl.cpp:182:17:182:18 | cs | stl.cpp:182:17:182:19 | call to basic_string | TAINT |
| stl.cpp:182:17:182:19 | call to basic_string | stl.cpp:185:7:185:8 | ss | |
| stl.cpp:190:19:190:24 | call to source | stl.cpp:193:17:193:18 | cs | |
| stl.cpp:193:17:193:18 | cs | stl.cpp:193:17:193:19 | call to basic_string | TAINT |
| stl.cpp:193:17:193:19 | call to basic_string | stl.cpp:196:7:196:8 | ss | |
| stl.cpp:193:17:193:19 | call to basic_string | stl.cpp:199:7:199:8 | ss | |
| stl.cpp:196:7:196:8 | ss | stl.cpp:196:10:196:14 | call to c_str | TAINT |
| stl.cpp:196:10:196:14 | call to c_str | stl.cpp:196:2:196:16 | ... = ... | |
| stl.cpp:196:10:196:14 | call to c_str | stl.cpp:198:7:198:8 | cs | |
| stl.cpp:205:18:205:24 | hello | stl.cpp:205:18:205:25 | call to basic_string | TAINT |
| stl.cpp:205:18:205:25 | call to basic_string | stl.cpp:210:8:210:9 | s1 | |
| stl.cpp:206:19:206:26 | call to basic_string | stl.cpp:211:8:211:9 | s2 | |
| stl.cpp:206:20:206:26 | hello | stl.cpp:206:19:206:26 | call to basic_string | TAINT |
| stl.cpp:208:8:208:14 | call to basic_string | stl.cpp:208:3:208:14 | ... = ... | |
| stl.cpp:208:8:208:14 | call to basic_string | stl.cpp:212:8:212:9 | s3 | |
| stl.cpp:208:8:208:14 | hello | stl.cpp:208:8:208:14 | call to basic_string | TAINT |
| stl.cpp:216:18:216:23 | call to source | stl.cpp:216:18:216:26 | call to basic_string | TAINT |
| stl.cpp:216:18:216:26 | call to basic_string | stl.cpp:221:8:221:9 | s1 | |
| stl.cpp:217:19:217:27 | call to basic_string | stl.cpp:222:8:222:9 | s2 | |
| stl.cpp:217:20:217:25 | call to source | stl.cpp:217:19:217:27 | call to basic_string | TAINT |
| stl.cpp:219:8:219:13 | call to source | stl.cpp:219:8:219:15 | call to basic_string | TAINT |
| stl.cpp:219:8:219:15 | call to basic_string | stl.cpp:219:3:219:15 | ... = ... | |
| stl.cpp:219:8:219:15 | call to basic_string | stl.cpp:223:8:223:9 | s3 | |
| stl.cpp:227:15:227:16 | call to basic_string | stl.cpp:228:20:228:21 | s1 | |
| stl.cpp:227:15:227:16 | call to basic_string | stl.cpp:230:8:230:9 | s1 | |
| stl.cpp:227:15:227:16 | call to basic_string | stl.cpp:232:8:232:9 | s1 | |
| stl.cpp:228:20:228:21 | s1 | stl.cpp:233:8:233:9 | s2 | |
| stl.cpp:230:8:230:9 | s1 | stl.cpp:230:3:230:9 | ... = ... | |
| stl.cpp:230:8:230:9 | s1 | stl.cpp:234:8:234:9 | s3 | |
| stl.cpp:238:19:238:40 | call to basic_string | stl.cpp:242:8:242:9 | s1 | |
| stl.cpp:238:32:238:37 | call to source | stl.cpp:238:19:238:40 | call to basic_string | TAINT |
| stl.cpp:240:8:240:28 | call to basic_string | stl.cpp:240:3:240:28 | ... = ... | |
| stl.cpp:240:8:240:28 | call to basic_string | stl.cpp:243:8:243:9 | s2 | |
| stl.cpp:240:20:240:25 | call to source | stl.cpp:240:8:240:28 | call to basic_string | TAINT |
| stl.cpp:250:16:250:21 | call to source | stl.cpp:250:16:250:24 | call to basic_string | TAINT |
| stl.cpp:250:16:250:24 | call to basic_string | stl.cpp:251:15:251:15 | s | |
| stl.cpp:250:16:250:24 | call to basic_string | stl.cpp:255:33:255:33 | s | |
| stl.cpp:250:16:250:24 | call to basic_string | stl.cpp:255:50:255:50 | s | |
| stl.cpp:250:16:250:24 | call to basic_string | stl.cpp:259:16:259:16 | s | |
| stl.cpp:251:15:251:15 | call to begin | stl.cpp:251:15:251:15 | (__begin) | |
| stl.cpp:251:15:251:15 | call to begin | stl.cpp:251:15:251:15 | (__begin) | |
| stl.cpp:251:15:251:15 | call to begin | stl.cpp:251:15:251:15 | (__begin) | |
| stl.cpp:251:15:251:15 | call to end | stl.cpp:251:15:251:15 | (__end) | |
| stl.cpp:251:15:251:15 | call to operator* | stl.cpp:252:8:252:8 | c | |
| stl.cpp:251:15:251:15 | ref arg (__begin) | stl.cpp:251:15:251:15 | (__begin) | |
| stl.cpp:251:15:251:15 | ref arg (__begin) | stl.cpp:251:15:251:15 | (__begin) | |
| stl.cpp:251:15:251:15 | ref arg (__begin) | stl.cpp:251:15:251:15 | (__begin) | |
| stl.cpp:251:15:251:15 | ref arg (__range) | stl.cpp:251:15:251:15 | (__range) | |
| stl.cpp:251:15:251:15 | s | stl.cpp:251:15:251:15 | (__range) | |
| stl.cpp:251:15:251:15 | s | stl.cpp:251:15:251:15 | (__range) | |
| stl.cpp:251:15:251:15 | s | stl.cpp:251:15:251:15 | call to operator* | TAINT |
| stl.cpp:255:33:255:33 | ref arg s | stl.cpp:255:50:255:50 | s | |
| stl.cpp:255:33:255:33 | ref arg s | stl.cpp:259:16:259:16 | s | |
| stl.cpp:255:35:255:39 | call to begin | stl.cpp:255:44:255:45 | it | |
| stl.cpp:255:35:255:39 | call to begin | stl.cpp:255:61:255:62 | it | |
| stl.cpp:255:35:255:39 | call to begin | stl.cpp:256:9:256:10 | it | |
| stl.cpp:255:50:255:50 | ref arg s | stl.cpp:255:50:255:50 | s | |
| stl.cpp:255:50:255:50 | ref arg s | stl.cpp:259:16:259:16 | s | |
| stl.cpp:255:61:255:62 | ref arg it | stl.cpp:255:44:255:45 | it | |
| stl.cpp:255:61:255:62 | ref arg it | stl.cpp:255:61:255:62 | it | |
| stl.cpp:255:61:255:62 | ref arg it | stl.cpp:256:9:256:10 | it | |
| stl.cpp:259:16:259:16 | call to begin | stl.cpp:259:16:259:16 | (__begin) | |
| stl.cpp:259:16:259:16 | call to begin | stl.cpp:259:16:259:16 | (__begin) | |
| stl.cpp:259:16:259:16 | call to begin | stl.cpp:259:16:259:16 | (__begin) | |
| stl.cpp:259:16:259:16 | call to end | stl.cpp:259:16:259:16 | (__end) | |
| stl.cpp:259:16:259:16 | call to operator* | stl.cpp:260:8:260:8 | c | |
| stl.cpp:259:16:259:16 | ref arg (__begin) | stl.cpp:259:16:259:16 | (__begin) | |
| stl.cpp:259:16:259:16 | ref arg (__begin) | stl.cpp:259:16:259:16 | (__begin) | |
| stl.cpp:259:16:259:16 | ref arg (__begin) | stl.cpp:259:16:259:16 | (__begin) | |
| stl.cpp:259:16:259:16 | ref arg (__range) | stl.cpp:259:16:259:16 | (__range) | |
| stl.cpp:259:16:259:16 | s | stl.cpp:259:16:259:16 | (__range) | |
| stl.cpp:259:16:259:16 | s | stl.cpp:259:16:259:16 | (__range) | |
| stl.cpp:259:16:259:16 | s | stl.cpp:259:16:259:16 | call to operator* | TAINT |
| stl.cpp:263:28:263:33 | call to source | stl.cpp:263:28:263:36 | call to basic_string | TAINT |
| stl.cpp:263:28:263:36 | call to basic_string | stl.cpp:264:22:264:28 | const_s | |
| stl.cpp:264:22:264:22 | call to begin | stl.cpp:264:22:264:22 | (__begin) | |
| stl.cpp:264:22:264:22 | call to begin | stl.cpp:264:22:264:22 | (__begin) | |
| stl.cpp:264:22:264:22 | call to begin | stl.cpp:264:22:264:22 | (__begin) | |
| stl.cpp:264:22:264:22 | call to end | stl.cpp:264:22:264:22 | (__end) | |
| stl.cpp:264:22:264:22 | call to operator* | stl.cpp:265:8:265:8 | c | |
| stl.cpp:264:22:264:22 | ref arg (__begin) | stl.cpp:264:22:264:22 | (__begin) | |
| stl.cpp:264:22:264:22 | ref arg (__begin) | stl.cpp:264:22:264:22 | (__begin) | |
| stl.cpp:264:22:264:22 | ref arg (__begin) | stl.cpp:264:22:264:22 | (__begin) | |
| stl.cpp:264:22:264:28 | const_s | stl.cpp:264:22:264:22 | (__range) | |
| stl.cpp:264:22:264:28 | const_s | stl.cpp:264:22:264:22 | (__range) | |
| stl.cpp:264:22:264:28 | const_s | stl.cpp:264:22:264:22 | call to operator* | TAINT |
| stl.cpp:300:43:300:49 | source1 | stl.cpp:304:21:304:27 | source1 | |
| stl.cpp:300:43:300:49 | source1 | stl.cpp:318:33:318:39 | source1 | |
| stl.cpp:304:21:304:27 | source1 | stl.cpp:304:21:304:28 | call to vector | TAINT |
| stl.cpp:304:21:304:28 | call to vector | stl.cpp:306:14:306:14 | v | |
| stl.cpp:304:21:304:28 | call to vector | stl.cpp:310:38:310:38 | v | |
| stl.cpp:304:21:304:28 | call to vector | stl.cpp:310:55:310:55 | v | |
| stl.cpp:304:21:304:28 | call to vector | stl.cpp:314:15:314:15 | v | |
| stl.cpp:306:14:306:14 | call to begin | stl.cpp:306:14:306:14 | (__begin) | |
| stl.cpp:306:14:306:14 | call to begin | stl.cpp:306:14:306:14 | (__begin) | |
| stl.cpp:306:14:306:14 | call to begin | stl.cpp:306:14:306:14 | (__begin) | |
| stl.cpp:306:14:306:14 | call to end | stl.cpp:306:14:306:14 | (__end) | |
| stl.cpp:306:14:306:14 | call to operator* | stl.cpp:307:8:307:8 | x | |
| stl.cpp:306:14:306:14 | ref arg (__begin) | stl.cpp:306:14:306:14 | (__begin) | |
| stl.cpp:306:14:306:14 | ref arg (__begin) | stl.cpp:306:14:306:14 | (__begin) | |
| stl.cpp:306:14:306:14 | ref arg (__begin) | stl.cpp:306:14:306:14 | (__begin) | |
| stl.cpp:306:14:306:14 | ref arg (__range) | stl.cpp:306:14:306:14 | (__range) | |
| stl.cpp:306:14:306:14 | v | stl.cpp:306:14:306:14 | (__range) | |
| stl.cpp:306:14:306:14 | v | stl.cpp:306:14:306:14 | (__range) | |
| stl.cpp:306:14:306:14 | v | stl.cpp:306:14:306:14 | call to operator* | TAINT |
| stl.cpp:310:38:310:38 | ref arg v | stl.cpp:310:55:310:55 | v | |
| stl.cpp:310:38:310:38 | ref arg v | stl.cpp:314:15:314:15 | v | |
| stl.cpp:310:40:310:44 | call to begin | stl.cpp:310:49:310:50 | it | |
| stl.cpp:310:40:310:44 | call to begin | stl.cpp:310:66:310:67 | it | |
| stl.cpp:310:40:310:44 | call to begin | stl.cpp:311:9:311:10 | it | |
| stl.cpp:310:55:310:55 | ref arg v | stl.cpp:310:55:310:55 | v | |
| stl.cpp:310:55:310:55 | ref arg v | stl.cpp:314:15:314:15 | v | |
| stl.cpp:310:66:310:67 | ref arg it | stl.cpp:310:49:310:50 | it | |
| stl.cpp:310:66:310:67 | ref arg it | stl.cpp:310:66:310:67 | it | |
| stl.cpp:310:66:310:67 | ref arg it | stl.cpp:311:9:311:10 | it | |
| stl.cpp:314:15:314:15 | call to begin | stl.cpp:314:15:314:15 | (__begin) | |
| stl.cpp:314:15:314:15 | call to begin | stl.cpp:314:15:314:15 | (__begin) | |
| stl.cpp:314:15:314:15 | call to begin | stl.cpp:314:15:314:15 | (__begin) | |
| stl.cpp:314:15:314:15 | call to end | stl.cpp:314:15:314:15 | (__end) | |
| stl.cpp:314:15:314:15 | call to operator* | stl.cpp:315:8:315:8 | x | |
| stl.cpp:314:15:314:15 | ref arg (__begin) | stl.cpp:314:15:314:15 | (__begin) | |
| stl.cpp:314:15:314:15 | ref arg (__begin) | stl.cpp:314:15:314:15 | (__begin) | |
| stl.cpp:314:15:314:15 | ref arg (__begin) | stl.cpp:314:15:314:15 | (__begin) | |
| stl.cpp:314:15:314:15 | ref arg (__range) | stl.cpp:314:15:314:15 | (__range) | |
| stl.cpp:314:15:314:15 | v | stl.cpp:314:15:314:15 | (__range) | |
| stl.cpp:314:15:314:15 | v | stl.cpp:314:15:314:15 | (__range) | |
| stl.cpp:314:15:314:15 | v | stl.cpp:314:15:314:15 | call to operator* | TAINT |
| stl.cpp:318:33:318:39 | source1 | stl.cpp:318:33:318:40 | call to vector | TAINT |
| stl.cpp:318:33:318:40 | call to vector | stl.cpp:319:21:319:27 | const_v | |
| stl.cpp:319:21:319:21 | call to begin | stl.cpp:319:21:319:21 | (__begin) | |
| stl.cpp:319:21:319:21 | call to begin | stl.cpp:319:21:319:21 | (__begin) | |
| stl.cpp:319:21:319:21 | call to begin | stl.cpp:319:21:319:21 | (__begin) | |
| stl.cpp:319:21:319:21 | call to end | stl.cpp:319:21:319:21 | (__end) | |
| stl.cpp:319:21:319:21 | call to operator* | stl.cpp:320:8:320:8 | x | |
| stl.cpp:319:21:319:21 | ref arg (__begin) | stl.cpp:319:21:319:21 | (__begin) | |
| stl.cpp:319:21:319:21 | ref arg (__begin) | stl.cpp:319:21:319:21 | (__begin) | |
| stl.cpp:319:21:319:21 | ref arg (__begin) | stl.cpp:319:21:319:21 | (__begin) | |
| stl.cpp:319:21:319:27 | const_v | stl.cpp:319:21:319:21 | (__range) | |
| stl.cpp:319:21:319:27 | const_v | stl.cpp:319:21:319:21 | (__range) | |
| stl.cpp:319:21:319:27 | const_v | stl.cpp:319:21:319:21 | call to operator* | TAINT |
| stl.cpp:331:18:331:24 | hello | stl.cpp:331:18:331:25 | call to basic_string | TAINT |
| stl.cpp:331:18:331:25 | call to basic_string | stl.cpp:334:8:334:9 | s1 | |
| stl.cpp:331:18:331:25 | call to basic_string | stl.cpp:334:13:334:14 | s1 | |
| stl.cpp:331:18:331:25 | call to basic_string | stl.cpp:335:8:335:9 | s1 | |
| stl.cpp:331:18:331:25 | call to basic_string | stl.cpp:336:13:336:14 | s1 | |
| stl.cpp:331:18:331:25 | call to basic_string | stl.cpp:339:8:339:9 | s1 | |
| stl.cpp:331:18:331:25 | call to basic_string | stl.cpp:340:8:340:9 | s1 | |
| stl.cpp:332:18:332:23 | call to source | stl.cpp:332:18:332:26 | call to basic_string | TAINT |
| stl.cpp:332:18:332:26 | call to basic_string | stl.cpp:335:13:335:14 | s2 | |
| stl.cpp:332:18:332:26 | call to basic_string | stl.cpp:336:8:336:9 | s2 | |
| stl.cpp:332:18:332:26 | call to basic_string | stl.cpp:337:8:337:9 | s2 | |
| stl.cpp:332:18:332:26 | call to basic_string | stl.cpp:337:13:337:14 | s2 | |
| stl.cpp:334:8:334:9 | s1 | stl.cpp:334:11:334:11 | call to operator+ | TAINT |
| stl.cpp:334:13:334:14 | s1 | stl.cpp:334:11:334:11 | call to operator+ | TAINT |
| stl.cpp:335:8:335:9 | s1 | stl.cpp:335:11:335:11 | call to operator+ | TAINT |
| stl.cpp:335:13:335:14 | s2 | stl.cpp:335:11:335:11 | call to operator+ | TAINT |
| stl.cpp:336:8:336:9 | s2 | stl.cpp:336:11:336:11 | call to operator+ | TAINT |
| stl.cpp:336:13:336:14 | s1 | stl.cpp:336:11:336:11 | call to operator+ | TAINT |
| stl.cpp:337:8:337:9 | s2 | stl.cpp:337:11:337:11 | call to operator+ | TAINT |
| stl.cpp:337:13:337:14 | s2 | stl.cpp:337:11:337:11 | call to operator+ | TAINT |
| stl.cpp:339:8:339:9 | s1 | stl.cpp:339:11:339:11 | call to operator+ | TAINT |
| stl.cpp:339:13:339:20 | world | stl.cpp:339:11:339:11 | call to operator+ | TAINT |
| stl.cpp:340:8:340:9 | s1 | stl.cpp:340:11:340:11 | call to operator+ | TAINT |
| stl.cpp:340:13:340:18 | call to source | stl.cpp:340:11:340:11 | call to operator+ | TAINT |
| stl.cpp:344:18:344:22 | abc | stl.cpp:344:18:344:23 | call to basic_string | TAINT |
| stl.cpp:344:18:344:23 | call to basic_string | stl.cpp:348:8:348:9 | s3 | |
| stl.cpp:344:18:344:23 | call to basic_string | stl.cpp:351:8:351:9 | s3 | |
| stl.cpp:344:18:344:23 | call to basic_string | stl.cpp:355:8:355:9 | s3 | |
| stl.cpp:344:18:344:23 | call to basic_string | stl.cpp:360:8:360:9 | s3 | |
| stl.cpp:344:18:344:23 | call to basic_string | stl.cpp:364:8:364:9 | s3 | |
| stl.cpp:345:18:345:23 | call to source | stl.cpp:345:18:345:26 | call to basic_string | TAINT |
| stl.cpp:345:18:345:26 | call to basic_string | stl.cpp:348:13:348:14 | s4 | |
| stl.cpp:345:18:345:26 | call to basic_string | stl.cpp:352:9:352:10 | s4 | |
| stl.cpp:345:18:345:26 | call to basic_string | stl.cpp:361:13:361:14 | s4 | |
| stl.cpp:348:8:348:9 | s3 | stl.cpp:348:11:348:11 | call to operator+ | TAINT |
| stl.cpp:348:11:348:11 | call to operator+ | stl.cpp:348:3:348:14 | ... = ... | |
| stl.cpp:348:11:348:11 | call to operator+ | stl.cpp:349:8:349:9 | s5 | |
| stl.cpp:348:13:348:14 | s4 | stl.cpp:348:11:348:11 | call to operator+ | TAINT |
| stl.cpp:351:8:351:9 | s3 | stl.cpp:351:3:351:9 | ... = ... | |
| stl.cpp:351:8:351:9 | s3 | stl.cpp:352:3:352:4 | s6 | |
| stl.cpp:351:8:351:9 | s3 | stl.cpp:353:8:353:9 | s6 | |
| stl.cpp:352:3:352:4 | ref arg s6 | stl.cpp:353:8:353:9 | s6 | |
| stl.cpp:352:9:352:10 | s4 | stl.cpp:352:3:352:4 | ref arg s6 | TAINT |
| stl.cpp:352:9:352:10 | s4 | stl.cpp:352:6:352:6 | call to operator+= | TAINT |
| stl.cpp:355:8:355:9 | s3 | stl.cpp:355:3:355:9 | ... = ... | |
| stl.cpp:355:8:355:9 | s3 | stl.cpp:356:3:356:4 | s7 | |
| stl.cpp:355:8:355:9 | s3 | stl.cpp:357:3:357:4 | s7 | |
| stl.cpp:355:8:355:9 | s3 | stl.cpp:358:8:358:9 | s7 | |
| stl.cpp:356:3:356:4 | ref arg s7 | stl.cpp:357:3:357:4 | s7 | |
| stl.cpp:356:3:356:4 | ref arg s7 | stl.cpp:358:8:358:9 | s7 | |
| stl.cpp:356:9:356:14 | call to source | stl.cpp:356:3:356:4 | ref arg s7 | TAINT |
| stl.cpp:356:9:356:14 | call to source | stl.cpp:356:6:356:6 | call to operator+= | TAINT |
| stl.cpp:357:3:357:4 | ref arg s7 | stl.cpp:358:8:358:9 | s7 | |
| stl.cpp:357:9:357:11 | | stl.cpp:357:3:357:4 | ref arg s7 | TAINT |
| stl.cpp:357:9:357:11 | | stl.cpp:357:6:357:6 | call to operator+= | TAINT |
| stl.cpp:360:8:360:9 | s3 | stl.cpp:360:3:360:9 | ... = ... | |
| stl.cpp:360:8:360:9 | s3 | stl.cpp:361:3:361:4 | s8 | |
| stl.cpp:360:8:360:9 | s3 | stl.cpp:362:8:362:9 | s8 | |
| stl.cpp:361:3:361:4 | ref arg s8 | stl.cpp:362:8:362:9 | s8 | |
| stl.cpp:361:13:361:14 | s4 | stl.cpp:361:3:361:4 | ref arg s8 | TAINT |
| stl.cpp:361:13:361:14 | s4 | stl.cpp:361:6:361:11 | call to append | TAINT |
| stl.cpp:364:8:364:9 | s3 | stl.cpp:364:3:364:9 | ... = ... | |
| stl.cpp:364:8:364:9 | s3 | stl.cpp:365:3:365:4 | s9 | |
| stl.cpp:364:8:364:9 | s3 | stl.cpp:366:3:366:4 | s9 | |
| stl.cpp:364:8:364:9 | s3 | stl.cpp:367:8:367:9 | s9 | |
| stl.cpp:365:3:365:4 | ref arg s9 | stl.cpp:366:3:366:4 | s9 | |
| stl.cpp:365:3:365:4 | ref arg s9 | stl.cpp:367:8:367:9 | s9 | |
| stl.cpp:365:13:365:18 | call to source | stl.cpp:365:3:365:4 | ref arg s9 | TAINT |
| stl.cpp:365:13:365:18 | call to source | stl.cpp:365:6:365:11 | call to append | TAINT |
| stl.cpp:366:3:366:4 | ref arg s9 | stl.cpp:367:8:367:9 | s9 | |
| stl.cpp:366:13:366:15 | | stl.cpp:366:3:366:4 | ref arg s9 | TAINT |
| stl.cpp:366:13:366:15 | | stl.cpp:366:6:366:11 | call to append | TAINT |
| stl.cpp:371:19:371:23 | abc | stl.cpp:371:19:371:24 | call to basic_string | TAINT |
| stl.cpp:371:19:371:24 | call to basic_string | stl.cpp:374:3:374:5 | s10 | |
| stl.cpp:371:19:371:24 | call to basic_string | stl.cpp:375:8:375:10 | s10 | |
| stl.cpp:372:12:372:26 | call to source | stl.cpp:374:17:374:17 | c | |
| stl.cpp:374:3:374:5 | ref arg s10 | stl.cpp:375:8:375:10 | s10 | |
| stl.cpp:374:17:374:17 | c | stl.cpp:374:3:374:5 | ref arg s10 | TAINT |
| stl.cpp:374:17:374:17 | c | stl.cpp:374:7:374:12 | call to append | TAINT |
| string.cpp:24:12:24:17 | call to source | string.cpp:28:7:28:7 | a | |
| string.cpp:25:16:25:20 | 123 | string.cpp:25:16:25:21 | call to basic_string | TAINT |
| string.cpp:25:16:25:21 | call to basic_string | string.cpp:29:7:29:7 | b | |
| string.cpp:25:16:25:21 | call to basic_string | string.cpp:31:7:31:7 | b | |
| string.cpp:26:16:26:21 | call to source | string.cpp:26:16:26:24 | call to basic_string | TAINT |
| string.cpp:26:16:26:24 | call to basic_string | string.cpp:30:7:30:7 | c | |
| string.cpp:26:16:26:24 | call to basic_string | string.cpp:32:7:32:7 | c | |
| string.cpp:31:7:31:7 | b | string.cpp:31:9:31:13 | call to c_str | TAINT |
| string.cpp:32:7:32:7 | c | string.cpp:32:9:32:13 | call to c_str | TAINT |
| string.cpp:37:16:37:28 | call to basic_string | string.cpp:38:7:38:11 | path1 | |
| string.cpp:37:17:37:26 | call to user_input | string.cpp:37:16:37:28 | call to basic_string | TAINT |
| string.cpp:38:7:38:11 | path1 | string.cpp:38:13:38:17 | call to c_str | TAINT |
| string.cpp:41:10:41:19 | call to user_input | string.cpp:41:10:41:21 | call to basic_string | TAINT |
| string.cpp:41:10:41:21 | call to basic_string | string.cpp:41:2:41:21 | ... = ... | |
| string.cpp:41:10:41:21 | call to basic_string | string.cpp:42:7:42:11 | path2 | |
| string.cpp:42:7:42:11 | path2 | string.cpp:42:13:42:17 | call to c_str | TAINT |
| string.cpp:44:15:44:24 | call to user_input | string.cpp:44:15:44:27 | call to basic_string | TAINT |
| string.cpp:44:15:44:27 | call to basic_string | string.cpp:45:7:45:11 | path3 | |
| string.cpp:45:7:45:11 | path3 | string.cpp:45:13:45:17 | call to c_str | TAINT |
| string.cpp:50:19:50:24 | call to source | string.cpp:53:17:53:18 | cs | |
| string.cpp:50:19:50:24 | call to source | string.cpp:55:7:55:8 | cs | |
| string.cpp:53:17:53:18 | cs | string.cpp:53:17:53:19 | call to basic_string | TAINT |
| string.cpp:53:17:53:19 | call to basic_string | string.cpp:56:7:56:8 | ss | |
| string.cpp:61:19:61:24 | call to source | string.cpp:64:17:64:18 | cs | |
| string.cpp:64:17:64:18 | cs | string.cpp:64:17:64:19 | call to basic_string | TAINT |
| string.cpp:64:17:64:19 | call to basic_string | string.cpp:67:7:67:8 | ss | |
| string.cpp:64:17:64:19 | call to basic_string | string.cpp:70:7:70:8 | ss | |
| string.cpp:67:7:67:8 | ss | string.cpp:67:10:67:14 | call to c_str | TAINT |
| string.cpp:67:10:67:14 | call to c_str | string.cpp:67:2:67:16 | ... = ... | |
| string.cpp:67:10:67:14 | call to c_str | string.cpp:69:7:69:8 | cs | |
| string.cpp:76:18:76:24 | hello | string.cpp:76:18:76:25 | call to basic_string | TAINT |
| string.cpp:76:18:76:25 | call to basic_string | string.cpp:81:8:81:9 | s1 | |
| string.cpp:77:19:77:26 | call to basic_string | string.cpp:82:8:82:9 | s2 | |
| string.cpp:77:20:77:26 | hello | string.cpp:77:19:77:26 | call to basic_string | TAINT |
| string.cpp:79:8:79:14 | call to basic_string | string.cpp:79:3:79:14 | ... = ... | |
| string.cpp:79:8:79:14 | call to basic_string | string.cpp:83:8:83:9 | s3 | |
| string.cpp:79:8:79:14 | hello | string.cpp:79:8:79:14 | call to basic_string | TAINT |
| string.cpp:87:18:87:23 | call to source | string.cpp:87:18:87:26 | call to basic_string | TAINT |
| string.cpp:87:18:87:26 | call to basic_string | string.cpp:92:8:92:9 | s1 | |
| string.cpp:88:19:88:27 | call to basic_string | string.cpp:93:8:93:9 | s2 | |
| string.cpp:88:20:88:25 | call to source | string.cpp:88:19:88:27 | call to basic_string | TAINT |
| string.cpp:90:8:90:13 | call to source | string.cpp:90:8:90:15 | call to basic_string | TAINT |
| string.cpp:90:8:90:15 | call to basic_string | string.cpp:90:3:90:15 | ... = ... | |
| string.cpp:90:8:90:15 | call to basic_string | string.cpp:94:8:94:9 | s3 | |
| string.cpp:98:15:98:16 | call to basic_string | string.cpp:99:20:99:21 | s1 | |
| string.cpp:98:15:98:16 | call to basic_string | string.cpp:101:8:101:9 | s1 | |
| string.cpp:98:15:98:16 | call to basic_string | string.cpp:103:8:103:9 | s1 | |
| string.cpp:99:20:99:21 | s1 | string.cpp:104:8:104:9 | s2 | |
| string.cpp:101:8:101:9 | s1 | string.cpp:101:3:101:9 | ... = ... | |
| string.cpp:101:8:101:9 | s1 | string.cpp:105:8:105:9 | s3 | |
| string.cpp:109:19:109:40 | call to basic_string | string.cpp:113:8:113:9 | s1 | |
| string.cpp:109:32:109:37 | call to source | string.cpp:109:19:109:40 | call to basic_string | TAINT |
| string.cpp:111:8:111:28 | call to basic_string | string.cpp:111:3:111:28 | ... = ... | |
| string.cpp:111:8:111:28 | call to basic_string | string.cpp:114:8:114:9 | s2 | |
| string.cpp:111:20:111:25 | call to source | string.cpp:111:8:111:28 | call to basic_string | TAINT |
| string.cpp:119:16:119:21 | call to source | string.cpp:119:16:119:24 | call to basic_string | TAINT |
| string.cpp:119:16:119:24 | call to basic_string | string.cpp:120:15:120:15 | s | |
| string.cpp:119:16:119:24 | call to basic_string | string.cpp:124:33:124:33 | s | |
| string.cpp:119:16:119:24 | call to basic_string | string.cpp:124:50:124:50 | s | |
| string.cpp:119:16:119:24 | call to basic_string | string.cpp:128:16:128:16 | s | |
| string.cpp:120:15:120:15 | call to begin | string.cpp:120:15:120:15 | (__begin) | |
| string.cpp:120:15:120:15 | call to begin | string.cpp:120:15:120:15 | (__begin) | |
| string.cpp:120:15:120:15 | call to begin | string.cpp:120:15:120:15 | (__begin) | |
| string.cpp:120:15:120:15 | call to end | string.cpp:120:15:120:15 | (__end) | |
| string.cpp:120:15:120:15 | call to operator* | string.cpp:121:8:121:8 | c | |
| string.cpp:120:15:120:15 | ref arg (__begin) | string.cpp:120:15:120:15 | (__begin) | |
| string.cpp:120:15:120:15 | ref arg (__begin) | string.cpp:120:15:120:15 | (__begin) | |
| string.cpp:120:15:120:15 | ref arg (__begin) | string.cpp:120:15:120:15 | (__begin) | |
| string.cpp:120:15:120:15 | ref arg (__range) | string.cpp:120:15:120:15 | (__range) | |
| string.cpp:120:15:120:15 | s | string.cpp:120:15:120:15 | (__range) | |
| string.cpp:120:15:120:15 | s | string.cpp:120:15:120:15 | (__range) | |
| string.cpp:120:15:120:15 | s | string.cpp:120:15:120:15 | call to operator* | TAINT |
| string.cpp:124:33:124:33 | ref arg s | string.cpp:124:50:124:50 | s | |
| string.cpp:124:33:124:33 | ref arg s | string.cpp:128:16:128:16 | s | |
| string.cpp:124:35:124:39 | call to begin | string.cpp:124:44:124:45 | it | |
| string.cpp:124:35:124:39 | call to begin | string.cpp:124:61:124:62 | it | |
| string.cpp:124:35:124:39 | call to begin | string.cpp:125:9:125:10 | it | |
| string.cpp:124:50:124:50 | ref arg s | string.cpp:124:50:124:50 | s | |
| string.cpp:124:50:124:50 | ref arg s | string.cpp:128:16:128:16 | s | |
| string.cpp:124:61:124:62 | ref arg it | string.cpp:124:44:124:45 | it | |
| string.cpp:124:61:124:62 | ref arg it | string.cpp:124:61:124:62 | it | |
| string.cpp:124:61:124:62 | ref arg it | string.cpp:125:9:125:10 | it | |
| string.cpp:128:16:128:16 | call to begin | string.cpp:128:16:128:16 | (__begin) | |
| string.cpp:128:16:128:16 | call to begin | string.cpp:128:16:128:16 | (__begin) | |
| string.cpp:128:16:128:16 | call to begin | string.cpp:128:16:128:16 | (__begin) | |
| string.cpp:128:16:128:16 | call to end | string.cpp:128:16:128:16 | (__end) | |
| string.cpp:128:16:128:16 | call to operator* | string.cpp:129:8:129:8 | c | |
| string.cpp:128:16:128:16 | ref arg (__begin) | string.cpp:128:16:128:16 | (__begin) | |
| string.cpp:128:16:128:16 | ref arg (__begin) | string.cpp:128:16:128:16 | (__begin) | |
| string.cpp:128:16:128:16 | ref arg (__begin) | string.cpp:128:16:128:16 | (__begin) | |
| string.cpp:128:16:128:16 | ref arg (__range) | string.cpp:128:16:128:16 | (__range) | |
| string.cpp:128:16:128:16 | s | string.cpp:128:16:128:16 | (__range) | |
| string.cpp:128:16:128:16 | s | string.cpp:128:16:128:16 | (__range) | |
| string.cpp:128:16:128:16 | s | string.cpp:128:16:128:16 | call to operator* | TAINT |
| string.cpp:132:28:132:33 | call to source | string.cpp:132:28:132:36 | call to basic_string | TAINT |
| string.cpp:132:28:132:36 | call to basic_string | string.cpp:133:22:133:28 | const_s | |
| string.cpp:133:22:133:22 | call to begin | string.cpp:133:22:133:22 | (__begin) | |
| string.cpp:133:22:133:22 | call to begin | string.cpp:133:22:133:22 | (__begin) | |
| string.cpp:133:22:133:22 | call to begin | string.cpp:133:22:133:22 | (__begin) | |
| string.cpp:133:22:133:22 | call to end | string.cpp:133:22:133:22 | (__end) | |
| string.cpp:133:22:133:22 | call to operator* | string.cpp:134:8:134:8 | c | |
| string.cpp:133:22:133:22 | ref arg (__begin) | string.cpp:133:22:133:22 | (__begin) | |
| string.cpp:133:22:133:22 | ref arg (__begin) | string.cpp:133:22:133:22 | (__begin) | |
| string.cpp:133:22:133:22 | ref arg (__begin) | string.cpp:133:22:133:22 | (__begin) | |
| string.cpp:133:22:133:28 | const_s | string.cpp:133:22:133:22 | (__range) | |
| string.cpp:133:22:133:28 | const_s | string.cpp:133:22:133:22 | (__range) | |
| string.cpp:133:22:133:28 | const_s | string.cpp:133:22:133:22 | call to operator* | TAINT |
| string.cpp:140:18:140:24 | hello | string.cpp:140:18:140:25 | call to basic_string | TAINT |
| string.cpp:140:18:140:25 | call to basic_string | string.cpp:143:8:143:9 | s1 | |
| string.cpp:140:18:140:25 | call to basic_string | string.cpp:143:13:143:14 | s1 | |
| string.cpp:140:18:140:25 | call to basic_string | string.cpp:144:8:144:9 | s1 | |
| string.cpp:140:18:140:25 | call to basic_string | string.cpp:145:13:145:14 | s1 | |
| string.cpp:140:18:140:25 | call to basic_string | string.cpp:148:8:148:9 | s1 | |
| string.cpp:140:18:140:25 | call to basic_string | string.cpp:149:8:149:9 | s1 | |
| string.cpp:141:18:141:23 | call to source | string.cpp:141:18:141:26 | call to basic_string | TAINT |
| string.cpp:141:18:141:26 | call to basic_string | string.cpp:144:13:144:14 | s2 | |
| string.cpp:141:18:141:26 | call to basic_string | string.cpp:145:8:145:9 | s2 | |
| string.cpp:141:18:141:26 | call to basic_string | string.cpp:146:8:146:9 | s2 | |
| string.cpp:141:18:141:26 | call to basic_string | string.cpp:146:13:146:14 | s2 | |
| string.cpp:143:8:143:9 | s1 | string.cpp:143:11:143:11 | call to operator+ | TAINT |
| string.cpp:143:13:143:14 | s1 | string.cpp:143:11:143:11 | call to operator+ | TAINT |
| string.cpp:144:8:144:9 | s1 | string.cpp:144:11:144:11 | call to operator+ | TAINT |
| string.cpp:144:13:144:14 | s2 | string.cpp:144:11:144:11 | call to operator+ | TAINT |
| string.cpp:145:8:145:9 | s2 | string.cpp:145:11:145:11 | call to operator+ | TAINT |
| string.cpp:145:13:145:14 | s1 | string.cpp:145:11:145:11 | call to operator+ | TAINT |
| string.cpp:146:8:146:9 | s2 | string.cpp:146:11:146:11 | call to operator+ | TAINT |
| string.cpp:146:13:146:14 | s2 | string.cpp:146:11:146:11 | call to operator+ | TAINT |
| string.cpp:148:8:148:9 | s1 | string.cpp:148:11:148:11 | call to operator+ | TAINT |
| string.cpp:148:13:148:20 | world | string.cpp:148:11:148:11 | call to operator+ | TAINT |
| string.cpp:149:8:149:9 | s1 | string.cpp:149:11:149:11 | call to operator+ | TAINT |
| string.cpp:149:13:149:18 | call to source | string.cpp:149:11:149:11 | call to operator+ | TAINT |
| string.cpp:153:18:153:22 | abc | string.cpp:153:18:153:23 | call to basic_string | TAINT |
| string.cpp:153:18:153:23 | call to basic_string | string.cpp:157:8:157:9 | s3 | |
| string.cpp:153:18:153:23 | call to basic_string | string.cpp:160:8:160:9 | s3 | |
| string.cpp:153:18:153:23 | call to basic_string | string.cpp:164:8:164:9 | s3 | |
| string.cpp:153:18:153:23 | call to basic_string | string.cpp:169:8:169:9 | s3 | |
| string.cpp:153:18:153:23 | call to basic_string | string.cpp:173:8:173:9 | s3 | |
| string.cpp:154:18:154:23 | call to source | string.cpp:154:18:154:26 | call to basic_string | TAINT |
| string.cpp:154:18:154:26 | call to basic_string | string.cpp:157:13:157:14 | s4 | |
| string.cpp:154:18:154:26 | call to basic_string | string.cpp:161:9:161:10 | s4 | |
| string.cpp:154:18:154:26 | call to basic_string | string.cpp:170:13:170:14 | s4 | |
| string.cpp:157:8:157:9 | s3 | string.cpp:157:11:157:11 | call to operator+ | TAINT |
| string.cpp:157:11:157:11 | call to operator+ | string.cpp:157:3:157:14 | ... = ... | |
| string.cpp:157:11:157:11 | call to operator+ | string.cpp:158:8:158:9 | s5 | |
| string.cpp:157:13:157:14 | s4 | string.cpp:157:11:157:11 | call to operator+ | TAINT |
| string.cpp:160:8:160:9 | s3 | string.cpp:160:3:160:9 | ... = ... | |
| string.cpp:160:8:160:9 | s3 | string.cpp:161:3:161:4 | s6 | |
| string.cpp:160:8:160:9 | s3 | string.cpp:162:8:162:9 | s6 | |
| string.cpp:161:3:161:4 | ref arg s6 | string.cpp:162:8:162:9 | s6 | |
| string.cpp:161:9:161:10 | s4 | string.cpp:161:3:161:4 | ref arg s6 | TAINT |
| string.cpp:161:9:161:10 | s4 | string.cpp:161:6:161:6 | call to operator+= | TAINT |
| string.cpp:164:8:164:9 | s3 | string.cpp:164:3:164:9 | ... = ... | |
| string.cpp:164:8:164:9 | s3 | string.cpp:165:3:165:4 | s7 | |
| string.cpp:164:8:164:9 | s3 | string.cpp:166:3:166:4 | s7 | |
| string.cpp:164:8:164:9 | s3 | string.cpp:167:8:167:9 | s7 | |
| string.cpp:165:3:165:4 | ref arg s7 | string.cpp:166:3:166:4 | s7 | |
| string.cpp:165:3:165:4 | ref arg s7 | string.cpp:167:8:167:9 | s7 | |
| string.cpp:165:9:165:14 | call to source | string.cpp:165:3:165:4 | ref arg s7 | TAINT |
| string.cpp:165:9:165:14 | call to source | string.cpp:165:6:165:6 | call to operator+= | TAINT |
| string.cpp:166:3:166:4 | ref arg s7 | string.cpp:167:8:167:9 | s7 | |
| string.cpp:166:9:166:11 | | string.cpp:166:3:166:4 | ref arg s7 | TAINT |
| string.cpp:166:9:166:11 | | string.cpp:166:6:166:6 | call to operator+= | TAINT |
| string.cpp:169:8:169:9 | s3 | string.cpp:169:3:169:9 | ... = ... | |
| string.cpp:169:8:169:9 | s3 | string.cpp:170:3:170:4 | s8 | |
| string.cpp:169:8:169:9 | s3 | string.cpp:171:8:171:9 | s8 | |
| string.cpp:170:3:170:4 | ref arg s8 | string.cpp:171:8:171:9 | s8 | |
| string.cpp:170:13:170:14 | s4 | string.cpp:170:3:170:4 | ref arg s8 | TAINT |
| string.cpp:170:13:170:14 | s4 | string.cpp:170:6:170:11 | call to append | TAINT |
| string.cpp:173:8:173:9 | s3 | string.cpp:173:3:173:9 | ... = ... | |
| string.cpp:173:8:173:9 | s3 | string.cpp:174:3:174:4 | s9 | |
| string.cpp:173:8:173:9 | s3 | string.cpp:175:3:175:4 | s9 | |
| string.cpp:173:8:173:9 | s3 | string.cpp:176:8:176:9 | s9 | |
| string.cpp:174:3:174:4 | ref arg s9 | string.cpp:175:3:175:4 | s9 | |
| string.cpp:174:3:174:4 | ref arg s9 | string.cpp:176:8:176:9 | s9 | |
| string.cpp:174:13:174:18 | call to source | string.cpp:174:3:174:4 | ref arg s9 | TAINT |
| string.cpp:174:13:174:18 | call to source | string.cpp:174:6:174:11 | call to append | TAINT |
| string.cpp:175:3:175:4 | ref arg s9 | string.cpp:176:8:176:9 | s9 | |
| string.cpp:175:13:175:15 | | string.cpp:175:3:175:4 | ref arg s9 | TAINT |
| string.cpp:175:13:175:15 | | string.cpp:175:6:175:11 | call to append | TAINT |
| string.cpp:180:19:180:23 | abc | string.cpp:180:19:180:24 | call to basic_string | TAINT |
| string.cpp:180:19:180:24 | call to basic_string | string.cpp:183:3:183:5 | s10 | |
| string.cpp:180:19:180:24 | call to basic_string | string.cpp:184:8:184:10 | s10 | |
| string.cpp:181:12:181:26 | call to source | string.cpp:183:17:183:17 | c | |
| string.cpp:183:3:183:5 | ref arg s10 | string.cpp:184:8:184:10 | s10 | |
| string.cpp:183:17:183:17 | c | string.cpp:183:3:183:5 | ref arg s10 | TAINT |
| string.cpp:183:17:183:17 | c | string.cpp:183:7:183:12 | call to append | TAINT |
| stringstream.cpp:13:20:13:22 | call to basic_stringstream | stringstream.cpp:16:2:16:4 | ss1 | |
| stringstream.cpp:13:20:13:22 | call to basic_stringstream | stringstream.cpp:22:7:22:9 | ss1 | |
| stringstream.cpp:13:20:13:22 | call to basic_stringstream | stringstream.cpp:27:7:27:9 | ss1 | |
| stringstream.cpp:13:25:13:27 | call to basic_stringstream | stringstream.cpp:17:2:17:4 | ss2 | |
| stringstream.cpp:13:25:13:27 | call to basic_stringstream | stringstream.cpp:23:7:23:9 | ss2 | |
| stringstream.cpp:13:25:13:27 | call to basic_stringstream | stringstream.cpp:28:7:28:9 | ss2 | |
| stringstream.cpp:13:30:13:32 | call to basic_stringstream | stringstream.cpp:18:2:18:4 | ss3 | |
| stringstream.cpp:13:30:13:32 | call to basic_stringstream | stringstream.cpp:24:7:24:9 | ss3 | |
| stringstream.cpp:13:30:13:32 | call to basic_stringstream | stringstream.cpp:29:7:29:9 | ss3 | |
| stringstream.cpp:13:35:13:37 | call to basic_stringstream | stringstream.cpp:19:2:19:4 | ss4 | |
| stringstream.cpp:13:35:13:37 | call to basic_stringstream | stringstream.cpp:25:7:25:9 | ss4 | |
| stringstream.cpp:13:35:13:37 | call to basic_stringstream | stringstream.cpp:30:7:30:9 | ss4 | |
| stringstream.cpp:13:40:13:42 | call to basic_stringstream | stringstream.cpp:20:2:20:4 | ss5 | |
| stringstream.cpp:13:40:13:42 | call to basic_stringstream | stringstream.cpp:26:7:26:9 | ss5 | |
| stringstream.cpp:13:40:13:42 | call to basic_stringstream | stringstream.cpp:31:7:31:9 | ss5 | |
| stringstream.cpp:14:16:14:21 | call to source | stringstream.cpp:14:16:14:24 | call to basic_string | TAINT |
| stringstream.cpp:14:16:14:24 | call to basic_string | stringstream.cpp:20:9:20:9 | t | |
| stringstream.cpp:16:2:16:4 | ref arg ss1 | stringstream.cpp:22:7:22:9 | ss1 | |
| stringstream.cpp:16:2:16:4 | ref arg ss1 | stringstream.cpp:27:7:27:9 | ss1 | |
| stringstream.cpp:17:2:17:4 | ref arg ss2 | stringstream.cpp:23:7:23:9 | ss2 | |
| stringstream.cpp:17:2:17:4 | ref arg ss2 | stringstream.cpp:28:7:28:9 | ss2 | |
| stringstream.cpp:18:2:18:4 | ref arg ss3 | stringstream.cpp:24:7:24:9 | ss3 | |
| stringstream.cpp:18:2:18:4 | ref arg ss3 | stringstream.cpp:29:7:29:9 | ss3 | |
| stringstream.cpp:19:2:19:4 | ref arg ss4 | stringstream.cpp:25:7:25:9 | ss4 | |
| stringstream.cpp:19:2:19:4 | ref arg ss4 | stringstream.cpp:30:7:30:9 | ss4 | |
| stringstream.cpp:20:2:20:4 | ref arg ss5 | stringstream.cpp:26:7:26:9 | ss5 | |
| stringstream.cpp:20:2:20:4 | ref arg ss5 | stringstream.cpp:31:7:31:9 | ss5 | |
| stringstream.cpp:34:32:34:37 | source | stringstream.cpp:39:9:39:14 | source | |
| stringstream.cpp:36:20:36:22 | call to basic_stringstream | stringstream.cpp:38:2:38:4 | ss1 | |
| stringstream.cpp:36:20:36:22 | call to basic_stringstream | stringstream.cpp:41:7:41:9 | ss1 | |
| stringstream.cpp:36:20:36:22 | call to basic_stringstream | stringstream.cpp:43:7:43:9 | ss1 | |
| stringstream.cpp:36:25:36:27 | call to basic_stringstream | stringstream.cpp:39:2:39:4 | ss2 | |
| stringstream.cpp:36:25:36:27 | call to basic_stringstream | stringstream.cpp:42:7:42:9 | ss2 | |
| stringstream.cpp:36:25:36:27 | call to basic_stringstream | stringstream.cpp:44:7:44:9 | ss2 | |
| stringstream.cpp:38:2:38:4 | ref arg ss1 | stringstream.cpp:41:7:41:9 | ss1 | |
| stringstream.cpp:38:2:38:4 | ref arg ss1 | stringstream.cpp:43:7:43:9 | ss1 | |
| stringstream.cpp:39:2:39:4 | ref arg ss2 | stringstream.cpp:42:7:42:9 | ss2 | |
| stringstream.cpp:39:2:39:4 | ref arg ss2 | stringstream.cpp:44:7:44:9 | ss2 | |
| structlikeclass.cpp:5:7:5:7 | Unknown literal | structlikeclass.cpp:5:7:5:7 | constructor init of field v | TAINT |
| structlikeclass.cpp:5:7:5:7 | Unknown literal | structlikeclass.cpp:5:7:5:7 | constructor init of field v | TAINT |
| structlikeclass.cpp:5:7:5:7 | this | structlikeclass.cpp:5:7:5:7 | constructor init of field v [pre-this] | |
@@ -1384,3 +1330,57 @@
| taint.cpp:483:18:483:19 | ref arg & ... | taint.cpp:483:19:483:19 | n [inner post update] | |
| taint.cpp:483:19:483:19 | n | taint.cpp:483:18:483:19 | & ... | |
| taint.cpp:483:28:483:34 | source1 | taint.cpp:483:11:483:15 | ref arg & ... | TAINT |
| vector.cpp:8:43:8:49 | source1 | vector.cpp:12:21:12:27 | source1 | |
| vector.cpp:8:43:8:49 | source1 | vector.cpp:26:33:26:39 | source1 | |
| vector.cpp:12:21:12:27 | source1 | vector.cpp:12:21:12:28 | call to vector | TAINT |
| vector.cpp:12:21:12:28 | call to vector | vector.cpp:14:14:14:14 | v | |
| vector.cpp:12:21:12:28 | call to vector | vector.cpp:18:38:18:38 | v | |
| vector.cpp:12:21:12:28 | call to vector | vector.cpp:18:55:18:55 | v | |
| vector.cpp:12:21:12:28 | call to vector | vector.cpp:22:15:22:15 | v | |
| vector.cpp:14:14:14:14 | call to begin | vector.cpp:14:14:14:14 | (__begin) | |
| vector.cpp:14:14:14:14 | call to begin | vector.cpp:14:14:14:14 | (__begin) | |
| vector.cpp:14:14:14:14 | call to begin | vector.cpp:14:14:14:14 | (__begin) | |
| vector.cpp:14:14:14:14 | call to end | vector.cpp:14:14:14:14 | (__end) | |
| vector.cpp:14:14:14:14 | call to operator* | vector.cpp:15:8:15:8 | x | |
| vector.cpp:14:14:14:14 | ref arg (__begin) | vector.cpp:14:14:14:14 | (__begin) | |
| vector.cpp:14:14:14:14 | ref arg (__begin) | vector.cpp:14:14:14:14 | (__begin) | |
| vector.cpp:14:14:14:14 | ref arg (__begin) | vector.cpp:14:14:14:14 | (__begin) | |
| vector.cpp:14:14:14:14 | ref arg (__range) | vector.cpp:14:14:14:14 | (__range) | |
| vector.cpp:14:14:14:14 | v | vector.cpp:14:14:14:14 | (__range) | |
| vector.cpp:14:14:14:14 | v | vector.cpp:14:14:14:14 | (__range) | |
| vector.cpp:14:14:14:14 | v | vector.cpp:14:14:14:14 | call to operator* | TAINT |
| vector.cpp:18:38:18:38 | ref arg v | vector.cpp:18:55:18:55 | v | |
| vector.cpp:18:38:18:38 | ref arg v | vector.cpp:22:15:22:15 | v | |
| vector.cpp:18:40:18:44 | call to begin | vector.cpp:18:49:18:50 | it | |
| vector.cpp:18:40:18:44 | call to begin | vector.cpp:18:66:18:67 | it | |
| vector.cpp:18:40:18:44 | call to begin | vector.cpp:19:9:19:10 | it | |
| vector.cpp:18:55:18:55 | ref arg v | vector.cpp:18:55:18:55 | v | |
| vector.cpp:18:55:18:55 | ref arg v | vector.cpp:22:15:22:15 | v | |
| vector.cpp:18:66:18:67 | ref arg it | vector.cpp:18:49:18:50 | it | |
| vector.cpp:18:66:18:67 | ref arg it | vector.cpp:18:66:18:67 | it | |
| vector.cpp:18:66:18:67 | ref arg it | vector.cpp:19:9:19:10 | it | |
| vector.cpp:22:15:22:15 | call to begin | vector.cpp:22:15:22:15 | (__begin) | |
| vector.cpp:22:15:22:15 | call to begin | vector.cpp:22:15:22:15 | (__begin) | |
| vector.cpp:22:15:22:15 | call to begin | vector.cpp:22:15:22:15 | (__begin) | |
| vector.cpp:22:15:22:15 | call to end | vector.cpp:22:15:22:15 | (__end) | |
| vector.cpp:22:15:22:15 | call to operator* | vector.cpp:23:8:23:8 | x | |
| vector.cpp:22:15:22:15 | ref arg (__begin) | vector.cpp:22:15:22:15 | (__begin) | |
| vector.cpp:22:15:22:15 | ref arg (__begin) | vector.cpp:22:15:22:15 | (__begin) | |
| vector.cpp:22:15:22:15 | ref arg (__begin) | vector.cpp:22:15:22:15 | (__begin) | |
| vector.cpp:22:15:22:15 | ref arg (__range) | vector.cpp:22:15:22:15 | (__range) | |
| vector.cpp:22:15:22:15 | v | vector.cpp:22:15:22:15 | (__range) | |
| vector.cpp:22:15:22:15 | v | vector.cpp:22:15:22:15 | (__range) | |
| vector.cpp:22:15:22:15 | v | vector.cpp:22:15:22:15 | call to operator* | TAINT |
| vector.cpp:26:33:26:39 | source1 | vector.cpp:26:33:26:40 | call to vector | TAINT |
| vector.cpp:26:33:26:40 | call to vector | vector.cpp:27:21:27:27 | const_v | |
| vector.cpp:27:21:27:21 | call to begin | vector.cpp:27:21:27:21 | (__begin) | |
| vector.cpp:27:21:27:21 | call to begin | vector.cpp:27:21:27:21 | (__begin) | |
| vector.cpp:27:21:27:21 | call to begin | vector.cpp:27:21:27:21 | (__begin) | |
| vector.cpp:27:21:27:21 | call to end | vector.cpp:27:21:27:21 | (__end) | |
| vector.cpp:27:21:27:21 | call to operator* | vector.cpp:28:8:28:8 | x | |
| vector.cpp:27:21:27:21 | ref arg (__begin) | vector.cpp:27:21:27:21 | (__begin) | |
| vector.cpp:27:21:27:21 | ref arg (__begin) | vector.cpp:27:21:27:21 | (__begin) | |
| vector.cpp:27:21:27:21 | ref arg (__begin) | vector.cpp:27:21:27:21 | (__begin) | |
| vector.cpp:27:21:27:27 | const_v | vector.cpp:27:21:27:21 | (__range) | |
| vector.cpp:27:21:27:27 | const_v | vector.cpp:27:21:27:21 | (__range) | |
| vector.cpp:27:21:27:27 | const_v | vector.cpp:27:21:27:21 | call to operator* | TAINT |

377
cpp/ql/test/library-tests/dataflow/taint-tests/stl.cpp
View File

@@ -1,377 +0,0 @@
typedef unsigned long size_t;
namespace std
{
template<class charT> struct char_traits;
typedef size_t streamsize;
struct ptrdiff_t;
template <class iterator_category,
class value_type,
class difference_type = ptrdiff_t,
class pointer_type = value_type*,
class reference_type = value_type&>
struct iterator {
iterator &operator++();
iterator operator++(int);
bool operator==(iterator other) const;
bool operator!=(iterator other) const;
reference_type operator*() const;
};
struct input_iterator_tag {};
struct forward_iterator_tag : public input_iterator_tag {};
struct bidirectional_iterator_tag : public forward_iterator_tag {};
struct random_access_iterator_tag : public bidirectional_iterator_tag {};
template <class T> class allocator {
public:
allocator() throw();
typedef size_t size_type;
};
template<class charT, class traits = char_traits<charT>, class Allocator = allocator<charT> >
class basic_string {
public:
typedef typename Allocator::size_type size_type;
explicit basic_string(const Allocator& a = Allocator());
basic_string(const charT* s, const Allocator& a = Allocator());
const charT* c_str() const;
typedef std::iterator<random_access_iterator_tag, charT> iterator;
typedef std::iterator<random_access_iterator_tag, const charT> const_iterator;
iterator begin();
iterator end();
const_iterator begin() const;
const_iterator end() const;
const_iterator cbegin() const;
const_iterator cend() const;
template<class T> basic_string& operator+=(const T& t);
basic_string& operator+=(const charT* s);
basic_string& append(const basic_string& str);
basic_string& append(const charT* s);
basic_string& append(size_type n, charT c);
};
template<class charT, class traits, class Allocator> basic_string<charT, traits, Allocator> operator+(const basic_string<charT, traits, Allocator>& lhs, const basic_string<charT, traits, Allocator>& rhs);
template<class charT, class traits, class Allocator> basic_string<charT, traits, Allocator> operator+(const basic_string<charT, traits, Allocator>& lhs, const charT* rhs);
typedef basic_string<char> string;
template <class charT, class traits = char_traits<charT> >
class basic_istream /*: virtual public basic_ios<charT,traits> - not needed for this test */ {
public:
basic_istream<charT,traits>& operator>>(int& n);
};
template <class charT, class traits = char_traits<charT> >
class basic_ostream /*: virtual public basic_ios<charT,traits> - not needed for this test */ {
public:
typedef charT char_type;
basic_ostream<charT,traits>& write(const char_type* s, streamsize n);
basic_ostream<charT, traits>& operator<<(int n);
};
template<class charT, class traits> basic_ostream<charT,traits>& operator<<(basic_ostream<charT,traits>&, const charT*);
template<class charT, class traits, class Allocator> basic_ostream<charT, traits>& operator<<(basic_ostream<charT, traits>& os, const basic_string<charT, traits, Allocator>& str);
template<class charT, class traits = char_traits<charT>>
class basic_iostream : public basic_istream<charT, traits>, public basic_ostream<charT, traits> {
public:
};
template<class charT, class traits = char_traits<charT>, class Allocator = allocator<charT>>
class basic_stringstream : public basic_iostream<charT, traits> {
public:
explicit basic_stringstream(/*ios_base::openmode which = ios_base::out|ios_base::in - not needed for this test*/);
basic_string<charT, traits, Allocator> str() const;
};
using stringstream = basic_stringstream<char>;
}
char *source();
void sink(const char *s) {};
void sink(const std::string &s) {};
void sink(const std::stringstream &s) {};
void test_string()
{
char *a = source();
std::string b("123");
std::string c(source());
sink(a); // tainted
sink(b);
sink(c); // tainted
sink(b.c_str());
sink(c.c_str()); // tainted
}
void test_stringstream()
{
std::stringstream ss1, ss2, ss3, ss4, ss5;
std::string t(source());
ss1 << "1234";
ss2 << source();
ss3 << "123" << source();
ss4 << source() << "456";
ss5 << t;
sink(ss1);
sink(ss2); // tainted [NOT DETECTED]
sink(ss3); // tainted [NOT DETECTED]
sink(ss4); // tainted [NOT DETECTED]
sink(ss5); // tainted [NOT DETECTED]
sink(ss1.str());
sink(ss2.str()); // tainted [NOT DETECTED]
sink(ss3.str()); // tainted [NOT DETECTED]
sink(ss4.str()); // tainted [NOT DETECTED]
sink(ss5.str()); // tainted [NOT DETECTED]
}
void test_stringstream_int(int source)
{
std::stringstream ss1, ss2;
ss1 << 1234;
ss2 << source;
sink(ss1);
sink(ss2); // tainted [NOT DETECTED]
sink(ss1.str());
sink(ss2.str()); // tainted [NOT DETECTED]
}
using namespace std;
char *user_input() {
return source();
}
void sink(const char *filename, const char *mode);
void test_strings2()
{
string path1 = user_input();
sink(path1.c_str(), "r"); // tainted
string path2;
path2 = user_input();
sink(path2.c_str(), "r"); // tainted
string path3(user_input());
sink(path3.c_str(), "r"); // tainted
}
void test_string3()
{
const char *cs = source();
// convert char * -> std::string
std::string ss(cs);
sink(cs); // tainted
sink(ss); // tainted
}
void test_string4()
{
const char *cs = source();
// convert char * -> std::string
std::string ss(cs);
// convert back std::string -> char *
cs = ss.c_str();
sink(cs); // tainted
sink(ss); // tainted
}
void test_string_constructors_assignments()
{
{
std::string s1("hello");
std::string s2 = "hello";
std::string s3;
s3 = "hello";
sink(s1);
sink(s2);
sink(s3);
}
{
std::string s1(source());
std::string s2 = source();
std::string s3;
s3 = source();
sink(s1); // tainted
sink(s2); // tainted
sink(s3); // tainted
}
{
std::string s1;
std::string s2 = s1;
std::string s3;
s3 = s1;
sink(s1);
sink(s2);
sink(s3);
}
{
std::string s1 = std::string(source());
std::string s2;
s2 = std::string(source());
sink(s1); // tainted
sink(s2); // tainted
}
}
void sink(char) {}
void test_range_based_for_loop_string() {
std::string s(source());
for(char c : s) {
sink(c); // tainted [NOT DETECTED by IR]
}
for(std::string::iterator it = s.begin(); it != s.end(); ++it) {
sink(*it); // tainted [NOT DETECTED]
}
for(char& c : s) {
sink(c); // tainted [NOT DETECTED by IR]
}
const std::string const_s(source());
for(const char& c : const_s) {
sink(c); // tainted [NOT DETECTED by IR]
}
}
namespace std {
template <class T>
class vector {
private:
void *data_;
public:
vector(int size);
T& operator[](int idx);
const T& operator[](int idx) const;
typedef std::iterator<random_access_iterator_tag, T> iterator;
typedef std::iterator<random_access_iterator_tag, const T> const_iterator;
iterator begin() noexcept;
iterator end() noexcept;
const_iterator begin() const noexcept;
const_iterator end() const noexcept;
};
}
void sink(int);
void test_range_based_for_loop_vector(int source1) {
// Tainting the vector by allocating a tainted length. This doesn't represent
// how a vector would typically get tainted, but it allows this test to avoid
// being concerned with std::vector modeling.
std::vector<int> v(source1);
for(int x : v) {
sink(x); // tainted [NOT DETECTED by IR]
}
for(std::vector<int>::iterator it = v.begin(); it != v.end(); ++it) {
sink(*it); // tainted [NOT DETECTED]
}
for(int& x : v) {
sink(x); // tainted [NOT DETECTED by IR]
}
const std::vector<int> const_v(source1);
for(const int& x : const_v) {
sink(x); // tainted [NOT DETECTED by IR]
}
}
namespace ns_char
{
char source();
}
void test_string_append() {
{
std::string s1("hello");
std::string s2(source());
sink(s1 + s1);
sink(s1 + s2); // tainted
sink(s2 + s1); // tainted
sink(s2 + s2); // tainted
sink(s1 + " world");
sink(s1 + source()); // tainted
}
{
std::string s3("abc");
std::string s4(source());
std::string s5, s6, s7, s8, s9;
s5 = s3 + s4;
sink(s5); // tainted
s6 = s3;
s6 += s4;
sink(s6); // tainted
s7 = s3;
s7 += source();
s7 += " ";
sink(s7); // tainted
s8 = s3;
s8.append(s4);
sink(s8); // tainted
s9 = s3;
s9.append(source());
s9.append(" ");
sink(s9); // tainted
}
{
std::string s10("abc");
char c = ns_char::source();
s10.append(1, c);
sink(s10); // tainted
}
}

126
cpp/ql/test/library-tests/dataflow/taint-tests/stl.h Normal file
View File

@@ -0,0 +1,126 @@
typedef unsigned long size_t;
// --- string ---
namespace std
{
template<class charT> struct char_traits;
typedef size_t streamsize;
struct ptrdiff_t;
template <class iterator_category,
class value_type,
class difference_type = ptrdiff_t,
class pointer_type = value_type*,
class reference_type = value_type&>
struct iterator {
iterator &operator++();
iterator operator++(int);
bool operator==(iterator other) const;
bool operator!=(iterator other) const;
reference_type operator*() const;
};
struct input_iterator_tag {};
struct forward_iterator_tag : public input_iterator_tag {};
struct bidirectional_iterator_tag : public forward_iterator_tag {};
struct random_access_iterator_tag : public bidirectional_iterator_tag {};
template <class T> class allocator {
public:
allocator() throw();
typedef size_t size_type;
};
template<class charT, class traits = char_traits<charT>, class Allocator = allocator<charT> >
class basic_string {
public:
typedef typename Allocator::size_type size_type;
explicit basic_string(const Allocator& a = Allocator());
basic_string(const charT* s, const Allocator& a = Allocator());
const charT* c_str() const;
typedef std::iterator<random_access_iterator_tag, charT> iterator;
typedef std::iterator<random_access_iterator_tag, const charT> const_iterator;
iterator begin();
iterator end();
const_iterator begin() const;
const_iterator end() const;
const_iterator cbegin() const;
const_iterator cend() const;
template<class T> basic_string& operator+=(const T& t);
basic_string& operator+=(const charT* s);
basic_string& append(const basic_string& str);
basic_string& append(const charT* s);
basic_string& append(size_type n, charT c);
};
template<class charT, class traits, class Allocator> basic_string<charT, traits, Allocator> operator+(const basic_string<charT, traits, Allocator>& lhs, const basic_string<charT, traits, Allocator>& rhs);
template<class charT, class traits, class Allocator> basic_string<charT, traits, Allocator> operator+(const basic_string<charT, traits, Allocator>& lhs, const charT* rhs);
typedef basic_string<char> string;
template <class charT, class traits = char_traits<charT> >
class basic_istream /*: virtual public basic_ios<charT,traits> - not needed for this test */ {
public:
basic_istream<charT,traits>& operator>>(int& n);
};
template <class charT, class traits = char_traits<charT> >
class basic_ostream /*: virtual public basic_ios<charT,traits> - not needed for this test */ {
public:
typedef charT char_type;
basic_ostream<charT,traits>& write(const char_type* s, streamsize n);
basic_ostream<charT, traits>& operator<<(int n);
};
template<class charT, class traits> basic_ostream<charT,traits>& operator<<(basic_ostream<charT,traits>&, const charT*);
template<class charT, class traits, class Allocator> basic_ostream<charT, traits>& operator<<(basic_ostream<charT, traits>& os, const basic_string<charT, traits, Allocator>& str);
template<class charT, class traits = char_traits<charT>>
class basic_iostream : public basic_istream<charT, traits>, public basic_ostream<charT, traits> {
public:
};
template<class charT, class traits = char_traits<charT>, class Allocator = allocator<charT>>
class basic_stringstream : public basic_iostream<charT, traits> {
public:
explicit basic_stringstream(/*ios_base::openmode which = ios_base::out|ios_base::in - not needed for this test*/);
basic_string<charT, traits, Allocator> str() const;
};
using stringstream = basic_stringstream<char>;
}
// --- vector ---
namespace std {
template <class T>
class vector {
private:
void *data_;
public:
vector(int size);
T& operator[](int idx);
const T& operator[](int idx) const;
typedef std::iterator<random_access_iterator_tag, T> iterator;
typedef std::iterator<random_access_iterator_tag, const T> const_iterator;
iterator begin() noexcept;
iterator end() noexcept;
const_iterator begin() const noexcept;
const_iterator end() const noexcept;
};
}

186
cpp/ql/test/library-tests/dataflow/taint-tests/string.cpp Normal file
View File

@@ -0,0 +1,186 @@
#include "stl.h"
using namespace std;
char *source();
namespace ns_char
{
char source();
}
char *user_input() {
return source();
}
void sink(const char *s) {};
void sink(const std::string &s) {};
void sink(const char *filename, const char *mode);
void sink(char) {}
void test_string()
{
char *a = source();
std::string b("123");
std::string c(source());
sink(a); // tainted
sink(b);
sink(c); // tainted
sink(b.c_str());
sink(c.c_str()); // tainted
}
void test_strings2()
{
string path1 = user_input();
sink(path1.c_str(), "r"); // tainted
string path2;
path2 = user_input();
sink(path2.c_str(), "r"); // tainted
string path3(user_input());
sink(path3.c_str(), "r"); // tainted
}
void test_string3()
{
const char *cs = source();
// convert char * -> std::string
std::string ss(cs);
sink(cs); // tainted
sink(ss); // tainted
}
void test_string4()
{
const char *cs = source();
// convert char * -> std::string
std::string ss(cs);
// convert back std::string -> char *
cs = ss.c_str();
sink(cs); // tainted
sink(ss); // tainted
}
void test_string_constructors_assignments()
{
{
std::string s1("hello");
std::string s2 = "hello";
std::string s3;
s3 = "hello";
sink(s1);
sink(s2);
sink(s3);
}
{
std::string s1(source());
std::string s2 = source();
std::string s3;
s3 = source();
sink(s1); // tainted
sink(s2); // tainted
sink(s3); // tainted
}
{
std::string s1;
std::string s2 = s1;
std::string s3;
s3 = s1;
sink(s1);
sink(s2);
sink(s3);
}
{
std::string s1 = std::string(source());
std::string s2;
s2 = std::string(source());
sink(s1); // tainted
sink(s2); // tainted
}
}
void test_range_based_for_loop_string() {
std::string s(source());
for(char c : s) {
sink(c); // tainted [NOT DETECTED by IR]
}
for(std::string::iterator it = s.begin(); it != s.end(); ++it) {
sink(*it); // tainted [NOT DETECTED]
}
for(char& c : s) {
sink(c); // tainted [NOT DETECTED by IR]
}
const std::string const_s(source());
for(const char& c : const_s) {
sink(c); // tainted [NOT DETECTED by IR]
}
}
void test_string_append() {
{
std::string s1("hello");
std::string s2(source());
sink(s1 + s1);
sink(s1 + s2); // tainted
sink(s2 + s1); // tainted
sink(s2 + s2); // tainted
sink(s1 + " world");
sink(s1 + source()); // tainted
}
{
std::string s3("abc");
std::string s4(source());
std::string s5, s6, s7, s8, s9;
s5 = s3 + s4;
sink(s5); // tainted
s6 = s3;
s6 += s4;
sink(s6); // tainted
s7 = s3;
s7 += source();
s7 += " ";
sink(s7); // tainted
s8 = s3;
s8.append(s4);
sink(s8); // tainted
s9 = s3;
s9.append(source());
s9.append(" ");
sink(s9); // tainted
}
{
std::string s10("abc");
char c = ns_char::source();
s10.append(1, c);
sink(s10); // tainted
}
}

45
cpp/ql/test/library-tests/dataflow/taint-tests/stringstream.cpp Normal file
View File

@@ -0,0 +1,45 @@
#include "stl.h"
using namespace std;
char *source();
void sink(const std::string &s) {};
void sink(const std::stringstream &s) {};
void test_stringstream()
{
std::stringstream ss1, ss2, ss3, ss4, ss5;
std::string t(source());
ss1 << "1234";
ss2 << source();
ss3 << "123" << source();
ss4 << source() << "456";
ss5 << t;
sink(ss1);
sink(ss2); // tainted [NOT DETECTED]
sink(ss3); // tainted [NOT DETECTED]
sink(ss4); // tainted [NOT DETECTED]
sink(ss5); // tainted [NOT DETECTED]
sink(ss1.str());
sink(ss2.str()); // tainted [NOT DETECTED]
sink(ss3.str()); // tainted [NOT DETECTED]
sink(ss4.str()); // tainted [NOT DETECTED]
sink(ss5.str()); // tainted [NOT DETECTED]
}
void test_stringstream_int(int source)
{
std::stringstream ss1, ss2;
ss1 << 1234;
ss2 << source;
sink(ss1);
sink(ss2); // tainted [NOT DETECTED]
sink(ss1.str());
sink(ss2.str()); // tainted [NOT DETECTED]
}

62
cpp/ql/test/library-tests/dataflow/taint-tests/taint.expected
View File

@@ -32,37 +32,34 @@
| movableclass.cpp:55:8:55:9 | s2 | movableclass.cpp:52:23:52:28 | call to source |
| movableclass.cpp:64:8:64:9 | s2 | movableclass.cpp:23:55:23:60 | call to source |
| movableclass.cpp:65:11:65:11 | call to operator= | movableclass.cpp:65:13:65:18 | call to source |
| stl.cpp:113:7:113:7 | a | stl.cpp:109:12:109:17 | call to source |
| stl.cpp:115:7:115:7 | c | stl.cpp:111:16:111:21 | call to source |
| stl.cpp:117:9:117:13 | call to c_str | stl.cpp:111:16:111:21 | call to source |
| stl.cpp:167:13:167:17 | call to c_str | stl.cpp:159:10:159:15 | call to source |
| stl.cpp:171:13:171:17 | call to c_str | stl.cpp:159:10:159:15 | call to source |
| stl.cpp:174:13:174:17 | call to c_str | stl.cpp:159:10:159:15 | call to source |
| stl.cpp:184:7:184:8 | cs | stl.cpp:179:19:179:24 | call to source |
| stl.cpp:185:7:185:8 | ss | stl.cpp:179:19:179:24 | call to source |
| stl.cpp:198:7:198:8 | cs | stl.cpp:190:19:190:24 | call to source |
| stl.cpp:199:7:199:8 | ss | stl.cpp:190:19:190:24 | call to source |
| stl.cpp:221:8:221:9 | s1 | stl.cpp:216:18:216:23 | call to source |
| stl.cpp:222:8:222:9 | s2 | stl.cpp:217:20:217:25 | call to source |
| stl.cpp:223:8:223:9 | s3 | stl.cpp:219:8:219:13 | call to source |
| stl.cpp:242:8:242:9 | s1 | stl.cpp:238:32:238:37 | call to source |
| stl.cpp:243:8:243:9 | s2 | stl.cpp:240:20:240:25 | call to source |
| stl.cpp:252:8:252:8 | c | stl.cpp:250:16:250:21 | call to source |
| stl.cpp:260:8:260:8 | c | stl.cpp:250:16:250:21 | call to source |
| stl.cpp:265:8:265:8 | c | stl.cpp:263:28:263:33 | call to source |
| stl.cpp:307:8:307:8 | x | stl.cpp:300:43:300:49 | source1 |
| stl.cpp:315:8:315:8 | x | stl.cpp:300:43:300:49 | source1 |
| stl.cpp:320:8:320:8 | x | stl.cpp:300:43:300:49 | source1 |
| stl.cpp:335:11:335:11 | call to operator+ | stl.cpp:332:18:332:23 | call to source |
| stl.cpp:336:11:336:11 | call to operator+ | stl.cpp:332:18:332:23 | call to source |
| stl.cpp:337:11:337:11 | call to operator+ | stl.cpp:332:18:332:23 | call to source |
| stl.cpp:340:11:340:11 | call to operator+ | stl.cpp:340:13:340:18 | call to source |
| stl.cpp:349:8:349:9 | s5 | stl.cpp:345:18:345:23 | call to source |
| stl.cpp:353:8:353:9 | s6 | stl.cpp:345:18:345:23 | call to source |
| stl.cpp:358:8:358:9 | s7 | stl.cpp:356:9:356:14 | call to source |
| stl.cpp:362:8:362:9 | s8 | stl.cpp:345:18:345:23 | call to source |
| stl.cpp:367:8:367:9 | s9 | stl.cpp:365:13:365:18 | call to source |
| stl.cpp:375:8:375:10 | s10 | stl.cpp:372:12:372:26 | call to source |
| string.cpp:28:7:28:7 | a | string.cpp:24:12:24:17 | call to source |
| string.cpp:30:7:30:7 | c | string.cpp:26:16:26:21 | call to source |
| string.cpp:32:9:32:13 | call to c_str | string.cpp:26:16:26:21 | call to source |
| string.cpp:38:13:38:17 | call to c_str | string.cpp:14:10:14:15 | call to source |
| string.cpp:42:13:42:17 | call to c_str | string.cpp:14:10:14:15 | call to source |
| string.cpp:45:13:45:17 | call to c_str | string.cpp:14:10:14:15 | call to source |
| string.cpp:55:7:55:8 | cs | string.cpp:50:19:50:24 | call to source |
| string.cpp:56:7:56:8 | ss | string.cpp:50:19:50:24 | call to source |
| string.cpp:69:7:69:8 | cs | string.cpp:61:19:61:24 | call to source |
| string.cpp:70:7:70:8 | ss | string.cpp:61:19:61:24 | call to source |
| string.cpp:92:8:92:9 | s1 | string.cpp:87:18:87:23 | call to source |
| string.cpp:93:8:93:9 | s2 | string.cpp:88:20:88:25 | call to source |
| string.cpp:94:8:94:9 | s3 | string.cpp:90:8:90:13 | call to source |
| string.cpp:113:8:113:9 | s1 | string.cpp:109:32:109:37 | call to source |
| string.cpp:114:8:114:9 | s2 | string.cpp:111:20:111:25 | call to source |
| string.cpp:121:8:121:8 | c | string.cpp:119:16:119:21 | call to source |
| string.cpp:129:8:129:8 | c | string.cpp:119:16:119:21 | call to source |
| string.cpp:134:8:134:8 | c | string.cpp:132:28:132:33 | call to source |
| string.cpp:144:11:144:11 | call to operator+ | string.cpp:141:18:141:23 | call to source |
| string.cpp:145:11:145:11 | call to operator+ | string.cpp:141:18:141:23 | call to source |
| string.cpp:146:11:146:11 | call to operator+ | string.cpp:141:18:141:23 | call to source |
| string.cpp:149:11:149:11 | call to operator+ | string.cpp:149:13:149:18 | call to source |
| string.cpp:158:8:158:9 | s5 | string.cpp:154:18:154:23 | call to source |
| string.cpp:162:8:162:9 | s6 | string.cpp:154:18:154:23 | call to source |
| string.cpp:167:8:167:9 | s7 | string.cpp:165:9:165:14 | call to source |
| string.cpp:171:8:171:9 | s8 | string.cpp:154:18:154:23 | call to source |
| string.cpp:176:8:176:9 | s9 | string.cpp:174:13:174:18 | call to source |
| string.cpp:184:8:184:10 | s10 | string.cpp:181:12:181:26 | call to source |
| structlikeclass.cpp:35:8:35:9 | s1 | structlikeclass.cpp:29:22:29:27 | call to source |
| structlikeclass.cpp:36:8:36:9 | s2 | structlikeclass.cpp:30:24:30:29 | call to source |
| structlikeclass.cpp:37:8:37:9 | s3 | structlikeclass.cpp:29:22:29:27 | call to source |
@@ -169,3 +166,6 @@
| taint.cpp:470:7:470:7 | x | taint.cpp:462:6:462:11 | call to source |
| taint.cpp:471:7:471:7 | y | taint.cpp:462:6:462:11 | call to source |
| taint.cpp:485:7:485:10 | line | taint.cpp:480:26:480:32 | source1 |
| vector.cpp:15:8:15:8 | x | vector.cpp:8:43:8:49 | source1 |
| vector.cpp:23:8:23:8 | x | vector.cpp:8:43:8:49 | source1 |
| vector.cpp:28:8:28:8 | x | vector.cpp:8:43:8:49 | source1 |

60
cpp/ql/test/library-tests/dataflow/taint-tests/test_diff.expected
View File

@@ -30,36 +30,33 @@
| movableclass.cpp:55:8:55:9 | movableclass.cpp:52:23:52:28 | AST only |
| movableclass.cpp:64:8:64:9 | movableclass.cpp:23:55:23:60 | AST only |
| movableclass.cpp:65:11:65:11 | movableclass.cpp:65:13:65:18 | AST only |
| stl.cpp:115:7:115:7 | stl.cpp:111:16:111:21 | AST only |
| stl.cpp:117:9:117:13 | stl.cpp:111:16:111:21 | AST only |
| stl.cpp:167:13:167:17 | stl.cpp:159:10:159:15 | AST only |
| stl.cpp:171:13:171:17 | stl.cpp:159:10:159:15 | AST only |
| stl.cpp:174:13:174:17 | stl.cpp:159:10:159:15 | AST only |
| stl.cpp:184:7:184:8 | stl.cpp:179:19:179:26 | IR only |
| stl.cpp:185:7:185:8 | stl.cpp:179:19:179:24 | AST only |
| stl.cpp:198:7:198:8 | stl.cpp:190:19:190:24 | AST only |
| stl.cpp:199:7:199:8 | stl.cpp:190:19:190:24 | AST only |
| stl.cpp:221:8:221:9 | stl.cpp:216:18:216:23 | AST only |
| stl.cpp:222:8:222:9 | stl.cpp:217:20:217:25 | AST only |
| stl.cpp:223:8:223:9 | stl.cpp:219:8:219:13 | AST only |
| stl.cpp:242:8:242:9 | stl.cpp:238:32:238:37 | AST only |
| stl.cpp:243:8:243:9 | stl.cpp:240:20:240:25 | AST only |
| stl.cpp:252:8:252:8 | stl.cpp:250:16:250:21 | AST only |
| stl.cpp:260:8:260:8 | stl.cpp:250:16:250:21 | AST only |
| stl.cpp:265:8:265:8 | stl.cpp:263:28:263:33 | AST only |
| stl.cpp:307:8:307:8 | stl.cpp:300:43:300:49 | AST only |
| stl.cpp:315:8:315:8 | stl.cpp:300:43:300:49 | AST only |
| stl.cpp:320:8:320:8 | stl.cpp:300:43:300:49 | AST only |
| stl.cpp:335:11:335:11 | stl.cpp:332:18:332:23 | AST only |
| stl.cpp:336:11:336:11 | stl.cpp:332:18:332:23 | AST only |
| stl.cpp:337:11:337:11 | stl.cpp:332:18:332:23 | AST only |
| stl.cpp:340:11:340:11 | stl.cpp:340:13:340:18 | AST only |
| stl.cpp:349:8:349:9 | stl.cpp:345:18:345:23 | AST only |
| stl.cpp:353:8:353:9 | stl.cpp:345:18:345:23 | AST only |
| stl.cpp:358:8:358:9 | stl.cpp:356:9:356:14 | AST only |
| stl.cpp:362:8:362:9 | stl.cpp:345:18:345:23 | AST only |
| stl.cpp:367:8:367:9 | stl.cpp:365:13:365:18 | AST only |
| stl.cpp:375:8:375:10 | stl.cpp:372:12:372:26 | AST only |
| string.cpp:30:7:30:7 | string.cpp:26:16:26:21 | AST only |
| string.cpp:32:9:32:13 | string.cpp:26:16:26:21 | AST only |
| string.cpp:38:13:38:17 | string.cpp:14:10:14:15 | AST only |
| string.cpp:42:13:42:17 | string.cpp:14:10:14:15 | AST only |
| string.cpp:45:13:45:17 | string.cpp:14:10:14:15 | AST only |
| string.cpp:55:7:55:8 | string.cpp:50:19:50:26 | IR only |
| string.cpp:56:7:56:8 | string.cpp:50:19:50:24 | AST only |
| string.cpp:69:7:69:8 | string.cpp:61:19:61:24 | AST only |
| string.cpp:70:7:70:8 | string.cpp:61:19:61:24 | AST only |
| string.cpp:92:8:92:9 | string.cpp:87:18:87:23 | AST only |
| string.cpp:93:8:93:9 | string.cpp:88:20:88:25 | AST only |
| string.cpp:94:8:94:9 | string.cpp:90:8:90:13 | AST only |
| string.cpp:113:8:113:9 | string.cpp:109:32:109:37 | AST only |
| string.cpp:114:8:114:9 | string.cpp:111:20:111:25 | AST only |
| string.cpp:121:8:121:8 | string.cpp:119:16:119:21 | AST only |
| string.cpp:129:8:129:8 | string.cpp:119:16:119:21 | AST only |
| string.cpp:134:8:134:8 | string.cpp:132:28:132:33 | AST only |
| string.cpp:144:11:144:11 | string.cpp:141:18:141:23 | AST only |
| string.cpp:145:11:145:11 | string.cpp:141:18:141:23 | AST only |
| string.cpp:146:11:146:11 | string.cpp:141:18:141:23 | AST only |
| string.cpp:149:11:149:11 | string.cpp:149:13:149:18 | AST only |
| string.cpp:158:8:158:9 | string.cpp:154:18:154:23 | AST only |
| string.cpp:162:8:162:9 | string.cpp:154:18:154:23 | AST only |
| string.cpp:167:8:167:9 | string.cpp:165:9:165:14 | AST only |
| string.cpp:171:8:171:9 | string.cpp:154:18:154:23 | AST only |
| string.cpp:176:8:176:9 | string.cpp:174:13:174:18 | AST only |
| string.cpp:184:8:184:10 | string.cpp:181:12:181:26 | AST only |
| structlikeclass.cpp:35:8:35:9 | structlikeclass.cpp:29:22:29:27 | AST only |
| structlikeclass.cpp:36:8:36:9 | structlikeclass.cpp:30:24:30:29 | AST only |
| structlikeclass.cpp:37:8:37:9 | structlikeclass.cpp:29:22:29:27 | AST only |
@@ -104,3 +101,6 @@
| taint.cpp:446:7:446:7 | taint.cpp:445:14:445:28 | AST only |
| taint.cpp:447:9:447:17 | taint.cpp:445:14:445:28 | AST only |
| taint.cpp:471:7:471:7 | taint.cpp:462:6:462:11 | AST only |
| vector.cpp:15:8:15:8 | vector.cpp:8:43:8:49 | AST only |
| vector.cpp:23:8:23:8 | vector.cpp:8:43:8:49 | AST only |
| vector.cpp:28:8:28:8 | vector.cpp:8:43:8:49 | AST only |

8
cpp/ql/test/library-tests/dataflow/taint-tests/test_ir.expected
View File

@@ -1,10 +1,10 @@
| format.cpp:157:7:157:22 | (int)... | format.cpp:147:12:147:25 | call to source |
| format.cpp:157:7:157:22 | access to array | format.cpp:147:12:147:25 | call to source |
| format.cpp:158:7:158:27 | ... + ... | format.cpp:148:16:148:30 | call to source |
| stl.cpp:113:7:113:7 | (const char *)... | stl.cpp:109:12:109:17 | call to source |
| stl.cpp:113:7:113:7 | a | stl.cpp:109:12:109:17 | call to source |
| stl.cpp:184:7:184:8 | cs | stl.cpp:179:19:179:24 | call to source |
| stl.cpp:184:7:184:8 | cs | stl.cpp:179:19:179:26 | (const char *)... |
| string.cpp:28:7:28:7 | (const char *)... | string.cpp:24:12:24:17 | call to source |
| string.cpp:28:7:28:7 | a | string.cpp:24:12:24:17 | call to source |
| string.cpp:55:7:55:8 | cs | string.cpp:50:19:50:24 | call to source |
| string.cpp:55:7:55:8 | cs | string.cpp:50:19:50:26 | (const char *)... |
| structlikeclass.cpp:38:8:38:9 | s4 | structlikeclass.cpp:33:8:33:13 | call to source |
| structlikeclass.cpp:61:8:61:9 | s2 | structlikeclass.cpp:58:24:58:29 | call to source |
| structlikeclass.cpp:62:8:62:20 | ... = ... | structlikeclass.cpp:62:13:62:18 | call to source |

30
cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp Normal file
View File

@@ -0,0 +1,30 @@
#include "stl.h"
using namespace std;
void sink(int);
void test_range_based_for_loop_vector(int source1) {
// Tainting the vector by allocating a tainted length. This doesn't represent
// how a vector would typically get tainted, but it allows this test to avoid
// being concerned with std::vector modeling.
std::vector<int> v(source1);
for(int x : v) {
sink(x); // tainted [NOT DETECTED by IR]
}
for(std::vector<int>::iterator it = v.begin(); it != v.end(); ++it) {
sink(*it); // tainted [NOT DETECTED]
}
for(int& x : v) {
sink(x); // tainted [NOT DETECTED by IR]
}
const std::vector<int> const_v(source1);
for(const int& x : const_v) {
sink(x); // tainted [NOT DETECTED by IR]
}
}