C++: Add flow test cases for Boost::Asio.

2026-04-24 08:15:14 +02:00 · 2024-06-03 14:41:23 +01:00
parent 8a5b5d220a
commit 7e5b7346c0
2 changed files with 120 additions and 2 deletions
--- a/cpp/ql/test/library-tests/dataflow/external-models/asio_streams.cpp
+++ b/cpp/ql/test/library-tests/dataflow/external-models/asio_streams.cpp
@@ -0,0 +1,107 @@
+
+// --- stub library headers ---
+
+namespace std {
+	typedef unsigned long size_t;
+	#define SIZE_MAX 0xFFFFFFFF
+
+	template <class T> class allocator {
+	};
+
+	template<class charT> struct char_traits {
+	};
+
+	template<class charT, class traits = char_traits<charT>, class Allocator = allocator<charT> >
+	class basic_string {
+	public:
+		basic_string(const charT* s, const Allocator& a = Allocator());
+	};
+
+	typedef basic_string<char> string;
+};
+
+namespace boost {
+	namespace system {
+		class error_code {
+		public:
+			operator bool() const;
+		};
+	};
+	
+	namespace asio {
+		template<typename Protocol/*, typename Executor*/>
+		class basic_stream_socket /*: public basic_socket<Protocol, Executor>*/ {
+		};
+
+		namespace ip {
+			class tcp {
+			public:
+				typedef basic_stream_socket<tcp> socket;
+			};
+		};
+
+		template<typename Allocator = std::allocator<char>> class basic_streambuf {
+		public:
+			basic_streambuf(
+				std::size_t maximum_size = SIZE_MAX,
+				const Allocator &allocator = Allocator());
+		};
+
+		typedef basic_streambuf<> streambuf;
+
+		class mutable_buffer {
+		};
+
+		template<typename Elem, typename Traits, typename Allocator>
+		mutable_buffer buffer(std::basic_string<Elem, Traits, Allocator> & data);
+
+		template<typename SyncReadStream, typename Allocator> std::size_t read_until(
+			SyncReadStream &s,
+			asio::basic_streambuf<Allocator> &b,
+			char delim,
+			boost::system::error_code &ec);
+
+		template<typename SyncWriteStream, typename ConstBufferSequence> std::size_t write(
+			SyncWriteStream &s,
+			const ConstBufferSequence &buffers,
+			boost::system::error_code &ec,
+			int constraint = 0); // simplified
+	};
+};
+
+// --- test code ---
+
+char *source();
+void sink(char *);
+void sink(std::string);
+void sink(boost::asio::streambuf);
+void sink(boost::asio::mutable_buffer);
+
+char *getenv(const char *name);
+int send(int, const void*, int, int);
+
+void test(boost::asio::ip::tcp::socket &socket) {
+	boost::asio::streambuf recv_buffer;
+	boost::system::error_code error;
+
+	boost::asio::read_until(socket, recv_buffer, '\0', error);
+	if (error) {
+		// ...
+	}
+	sink(recv_buffer); // $ MISSING: ir
+
+	boost::asio::write(socket, recv_buffer, error); // $ MISSING: ir
+
+	// ---
+
+	std::string send_str = std::string(source());
+	sink(send_str); // $ ir
+
+	boost::asio::mutable_buffer send_buffer = boost::asio::buffer(send_str);
+	sink(send_buffer); // $ MISSING: ir
+
+	boost::asio::write(socket, send_buffer, error); // $ MISSING: ir
+	if (error) {
+		// ...
+	}
+}
--- a/cpp/ql/test/library-tests/dataflow/external-models/flow.ql
+++ b/cpp/ql/test/library-tests/dataflow/external-models/flow.ql
@@ -1,7 +1,7 @@
 import TestUtilities.dataflow.FlowTestCommon
 import cpp
 import semmle.code.cpp.ir.dataflow.DataFlow
-import semmle.code.cpp.dataflow.ExternalFlow
+import semmle.code.cpp.security.FlowSources

 module IRTest {
  private import semmle.code.cpp.ir.IR
@@ -10,11 +10,22 @@ module IRTest {
  /** Common data flow configuration to be used by tests. */
  module TestAllocationConfig implements DataFlow::ConfigSig {
    predicate isSource(DataFlow::Node source) {
+      // external flow source node
      sourceNode(source, _)
+      or
+      // test source function
+      source.asExpr().(FunctionCall).getTarget().getName() = "source"
    }

    predicate isSink(DataFlow::Node sink) {
-      sinkNode(sink, "test-sink")
+      // external flow sink node
+      sinkNode(sink, _)
+      or
+      // test sink function
+      exists(FunctionCall call |
+        call.getTarget().getName() = "sink" and
+        sink.asExpr() = call.getAnArgument()
+      )
    }
  }