From 61fb89721ad4736a66d81575179edf06432a2861 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 7 May 2024 12:19:06 +0100 Subject: [PATCH 1/2] C++: Add 'cpp/uninitialized-local' FP. --- .../semmle/tests/UninitializedLocal.expected | 2 ++ .../CWE/CWE-457/semmle/tests/test.cpp | 23 ++++++++++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected index d27b2c996b3..94d01d0e6c1 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected @@ -13,6 +13,7 @@ nodes | test.cpp:458:6:458:6 | definition of x | semmle.label | definition of x | | test.cpp:464:6:464:6 | definition of x | semmle.label | definition of x | | test.cpp:471:6:471:6 | definition of x | semmle.label | definition of x | +| test.cpp:557:15:557:15 | definition of r | semmle.label | definition of r | #select | test.cpp:12:6:12:8 | foo | test.cpp:11:6:11:8 | definition of foo | test.cpp:11:6:11:8 | definition of foo | The variable $@ may not be initialized at this access. | test.cpp:11:6:11:8 | foo | foo | | test.cpp:113:6:113:8 | foo | test.cpp:111:6:111:8 | definition of foo | test.cpp:111:6:111:8 | definition of foo | The variable $@ may not be initialized at this access. | test.cpp:111:6:111:8 | foo | foo | @@ -27,3 +28,4 @@ nodes | test.cpp:460:7:460:7 | x | test.cpp:458:6:458:6 | definition of x | test.cpp:458:6:458:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:458:6:458:6 | x | x | | test.cpp:467:2:467:2 | x | test.cpp:464:6:464:6 | definition of x | test.cpp:464:6:464:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:464:6:464:6 | x | x | | test.cpp:474:7:474:7 | x | test.cpp:471:6:471:6 | definition of x | test.cpp:471:6:471:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:471:6:471:6 | x | x | +| test.cpp:567:7:567:7 | r | test.cpp:557:15:557:15 | definition of r | test.cpp:557:15:557:15 | definition of r | The variable $@ may not be initialized at this access. | test.cpp:557:15:557:15 | r | r | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/test.cpp index e3489cee4cc..4f56ab1259a 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/test.cpp +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/test.cpp @@ -1,6 +1,6 @@ // Semmle test cases for rule CWE-457. -void use(int data); +void use(...); void test1() { int foo = 1; @@ -544,4 +544,25 @@ class StaticMethodClass{ int static_method_false_positive(){ StaticMethodClass *t; int i = t->get(); // GOOD: the `get` method is static and this is equivalent to StaticMethodClass::get() +} + +struct LinkedList +{ + LinkedList* next; +}; + +bool getBool(); + +void test45() { + LinkedList *r, *s, **rP = &r; + + while(getBool()) + { + s = new LinkedList; + *rP = s; + rP = &s->next; + } + + *rP = NULL; + use(r); // GOOD [FALSE POSITIVE] } \ No newline at end of file From 8e95395382db40ce700ef582998bff933167be9d Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 7 May 2024 12:55:42 +0100 Subject: [PATCH 2/2] C++: Accept more test changes. --- .../CWE/CWE-457/semmle/tests/LoopConditionsConst.expected | 1 + 1 file changed, 1 insertion(+) diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/LoopConditionsConst.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/LoopConditionsConst.expected index 01dbbaa2e65..07ca32b1718 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/LoopConditionsConst.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/LoopConditionsConst.expected @@ -22,3 +22,4 @@ | test.cpp:416:2:418:2 | for(...;...;...) ... | test.cpp:416:18:416:23 | ... < ... | 1 | i | { ... } | i | return ... | | test.cpp:424:2:425:2 | for(...;...;...) ... | test.cpp:424:18:424:23 | ... < ... | 1 | i | { ... } | i | return ... | | test.cpp:433:2:434:2 | for(...;...;...) ... | test.cpp:433:18:433:22 | 0 | 0 | | { ... } | 0 | return ... | +| test.cpp:559:3:564:3 | while (...) ... | test.cpp:559:9:559:15 | call to getBool | | call to getBool | { ... } | call to getBool | ExprStmt |