add zlib tests with stubs :)

2026-04-21 06:55:31 +02:00 · 2024-07-14 21:10:56 +02:00
parent 361ad6be6a
commit 87b6495c91
2 changed files with 183 additions and 0 deletions
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.qlref
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.qlref
@@ -0,0 +1 @@
+experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.ql
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/zlibTest.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/zlibTest.cpp
@@ -0,0 +1,182 @@
+
+#define Z_NULL  0
+#  define FAR
+typedef unsigned char Byte;
+typedef Byte FAR Bytef;
+typedef unsigned int uInt;
+#define Z_BEST_COMPRESSION       9
+#define Z_FINISH        4
+#define Z_NO_FLUSH      0
+
+
+typedef struct {
+    int *zalloc;
+    int *zfree;
+    Bytef *next_in;
+    Bytef *next_out;
+    int *opaque;
+    uInt avail_out;
+    uInt avail_in;
+} z_stream;
+
+
+void deflateInit(z_stream *defstream, int i);
+
+void deflate(z_stream *defstream, int i);
+
+void deflateEnd(z_stream *defstream);
+
+void inflateInit(z_stream *infstream);
+
+void inflate(z_stream *infstream, int i);
+
+void inflateEnd(z_stream *infstream);
+
+namespace std {
+    template<class charT>
+    struct char_traits;
+
+    template<class charT, class traits = char_traits<charT> >
+    class basic_ostream {
+    public:
+        typedef charT char_type;
+    };
+
+    template<class charT, class traits>
+    basic_ostream<charT, traits> &operator<<(basic_ostream<charT, traits> &, const charT *);
+
+    typedef basic_ostream<char> ostream;
+
+    extern ostream cout;
+}
+
+int UnsafeInflate(int argc, char *argv[]) {
+    // original string len = 36
+    char a[50] = "Hello Hello Hello Hello Hello Hello!";
+    // placeholder for the compressed (deflated) version of "a"
+    char b[50];
+    // placeholder for the Uncompressed (inflated) version of "b"
+    char c[50];
+
+
+    // STEP 1.
+    // zlib struct
+    z_stream defstream;
+    defstream.zalloc = Z_NULL;
+    defstream.zfree = Z_NULL;
+    defstream.opaque = Z_NULL;
+    // setup "a" as the input and "b" as the compressed output
+    defstream.avail_in = (uInt) 50 + 1; // size of input, string + terminator
+    defstream.next_in = (Bytef *) a; // input char array
+    defstream.avail_out = (uInt) sizeof(b); // size of output
+    defstream.next_out = (Bytef *) b; // output char array
+
+    // the actual compression work.
+    deflateInit(&defstream, Z_BEST_COMPRESSION);
+    deflate(&defstream, Z_FINISH);
+    deflateEnd(&defstream);
+
+    // This is one way of getting the size of the output
+    // STEP 2.
+    // inflate b into c
+    // zlib struct
+    z_stream infstream;
+    infstream.zalloc = Z_NULL;
+    infstream.zfree = Z_NULL;
+    infstream.opaque = Z_NULL;
+    // setup "b" as the input and "c" as the compressed output
+    // TOTHINK: Here we can add additional step from Right operand to z_stream variable access
+    infstream.avail_in = (uInt) ((char *) defstream.next_out - b); // size of input
+    infstream.next_in = (Bytef *) b; // input char array
+    infstream.avail_out = (uInt) sizeof(c); // size of output
+    infstream.next_out = (Bytef *) c; // output char array
+
+    // uLong  total_out; /* total number of bytes output so far */
+    // the actual DE-compression work.
+    inflateInit(&infstream);
+    inflate(&infstream, Z_NO_FLUSH);
+    inflateEnd(&infstream);
+
+
+    return 0;
+}
+
+
+typedef struct {
+} gzFile;
+
+gzFile gzopen(char *str, const char *rb);
+
+
+void exit(int i);
+
+unsigned int gzread(gzFile gz_file, unsigned char *str, int i);
+
+void gzclose(gzFile gz_file);
+
+std::ostream operator<<(const std::ostream &lhs, unsigned char rhs);
+
+
+int send(int, const void *, int, int);
+
+
+int UnsafeGzread(char **argv) {
+    char *fileName;
+    send(0, fileName, 0, 0);
+    gzFile inFileZ = gzopen(fileName, "rb");
+    if (&inFileZ == nullptr) {
+        exit(0);
+    }
+    unsigned char unzipBuffer[8192];
+    unsigned int unzippedBytes;
+    while (true) {
+        unzippedBytes = gzread(inFileZ, unzipBuffer, 8192);
+        if (unzippedBytes > 0) {
+            std::cout << unzippedBytes;
+        } else {
+            break;
+        }
+    }
+    gzclose(inFileZ);
+    return 0;
+}
+
+bool gzfread(char *str, int i, int i1, gzFile gz_file);
+
+int UnsafeGzfread(char **argv) {
+    char *fileName;
+    send(0, fileName, 0, 0);
+    gzFile inFileZ = gzopen(fileName, "rb");
+    if (&inFileZ == nullptr) {
+        exit(0);
+    }
+    while (true) {
+        char buffer[1000];
+        if (!gzfread(buffer, 999, 1, inFileZ)) {
+            break;
+        }
+    }
+    gzclose(inFileZ);
+    return 0;
+}
+
+char *gzgets(gzFile gz_file, char *buffer, int i);
+
+int UnsafeGzgets(char **argv) {
+    char *fileName;
+    send(0, fileName, 0, 0);
+    gzFile inFileZ = gzopen(fileName, "rb");
+    if (&inFileZ == nullptr) {
+        exit(0);
+    }
+    char *buffer = new char[4000000000];
+    char *result;
+    result = gzgets(inFileZ, buffer, 1000000000);
+    while (true) {
+        result = gzgets(inFileZ, buffer, 1000000000);
+        if (result == nullptr) {
+            break;
+        }
+    }
+    return 0;
+}
				`@@ -0,0 +1 @@`
				`experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.ql`