C++: Add more tests for uncommon cases.

2026-05-02 12:15:17 +02:00 · 2024-03-25 11:33:43 +00:00
parent 46b8e3be66
commit 88ea9197d9
2 changed files with 33 additions and 3 deletions
--- a/cpp/ql/test/library-tests/dataflow/models-as-data/testModels.qll
+++ b/cpp/ql/test/library-tests/dataflow/models-as-data/testModels.qll
@@ -16,7 +16,7 @@ private class TestSources extends SourceModelCsv {
        ";;false;remoteMadSourceIndirectArg0;;;Argument[*0];remote",
        ";;false;remoteMadSourceIndirectArg1;;;Argument[*1];remote",
        ";;false;remoteMadSourceVar;;;;remote",
-        ";;false;remoteMadSourceVarIndirect;;;*;remote",
+        ";;false;remoteMadSourceVarIndirect;;;*;remote", // not correctly expressed
        ";;false;remoteMadSourceParam0;;;Parameter[0];remote",
        "MyNamespace;;false;namespaceLocalMadSource;;;ReturnValue;local",
        "MyNamespace;;false;namespaceLocalMadSourceVar;;;;local",
@@ -47,7 +47,7 @@ private class TestSinks extends SinkModelCsv {
        ";;false;madSinkIndirectArg0;;;Argument[*0];test-sink",
        ";;false;madSinkDoubleIndirectArg0;;;Argument[**0];test-sink",
        ";;false;madSinkVar;;;;test-sink",
-        ";;false;madSinkVarIndirect;;;*;test-sink",
+        ";;false;madSinkVarIndirect;;;*;test-sink", // not correctly expressed
        ";;false;madSinkParam0;;;Parameter[0];test-sink",
        ";MyClass;true;memberMadSinkArg0;;;Argument[0];test-sink",
        ";MyClass;true;memberMadSinkVar;;;;test-sink",
@@ -77,13 +77,16 @@ private class TestSummaries extends SummaryModelCsv {
        ";;false;madArg0NotIndirectToReturn;;;Argument[0];ReturnValue;taint",
        ";;false;madArg0ToArg1Indirect;;;Argument[0];Argument[*1];taint",
        ";;false;madArg0IndirectToArg1Indirect;;;Argument[*0];Argument[*1];taint",
+        ";;false;madArgsComplex;;;Argument[*0..1,2];ReturnValue;taint",
        ";;false;madArg0FieldToReturn;;;Argument[0].value;ReturnValue;taint",
        ";;false;madArg0IndirectFieldToReturn;;;Argument[*0].value;ReturnValue;taint",
        ";;false;madArg0FieldIndirectToReturn;;;Argument[0].ptr[*];ReturnValue;taint",
        ";;false;madArg0ToReturnField;;;Argument[0];ReturnValue.value;taint",
        ";;false;madArg0ToReturnIndirectField;;;Argument[0];ReturnValue[*].value;taint",
        ";;false;madArg0ToReturnFieldIndirect;;;Argument[0];ReturnValue.ptr[*];taint",
-        ";;false;madArg0ToReturnFieldNotIndirect;;;Argument[0];ReturnValue.ptr[*];taint",
+        ";;false;madFieldToFieldVar;;;value;value2;taint",
+        ";;false;madFieldToIndirectFieldVar;;;value;ptr[*];taint",
+        ";;false;madIndirectFieldToFieldVar;;;;value;value2;taint", // not correctly expressed
        ";MyClass;true;madArg0ToSelf;;;Argument[0];Argument[-1];taint",
        ";MyClass;true;madSelfToReturn;;;Argument[-1];ReturnValue;taint",
        ";MyClass;true;madArg0ToField;;;Argument[0];Argument[-1].val;taint",
--- a/cpp/ql/test/library-tests/dataflow/models-as-data/tests.cpp
+++ b/cpp/ql/test/library-tests/dataflow/models-as-data/tests.cpp
@@ -122,6 +122,7 @@ void madSinkParam0(int x) { // $ interpretElement

 struct MyContainer {
 	int value;
+	int value2;
 	int *ptr;
 };

@@ -134,6 +135,7 @@ int madArg0DoubleIndirectToReturn(int **x); // $ interpretElement
 int madArg0NotIndirectToReturn(int *x); // $ interpretElement
 void madArg0ToArg1Indirect(int x, int &y); // $ interpretElement
 void madArg0IndirectToArg1Indirect(const int *x, int *y); // $ interpretElement
+int madArgsComplex(int *a, int *b, int c, int d);

 int madArg0FieldToReturn(MyContainer mc); // $ interpretElement
 int madArg0IndirectFieldToReturn(MyContainer *mc); // $ interpretElement
@@ -142,6 +144,10 @@ MyContainer madArg0ToReturnField(int x); // $ interpretElement
 MyContainer *madArg0ToReturnIndirectField(int x); // $ interpretElement
 MyContainer madArg0ToReturnFieldIndirect(int x); // $ interpretElement

+MyContainer madFieldToFieldVar; // $ interpretElement
+MyContainer madFieldToIndirectFieldVar; // $ interpretElement
+MyContainer *madIndirectFieldToFieldVar; // $ interpretElement
+
 void test_summaries() {
 	// test summaries

@@ -171,6 +177,14 @@ void test_summaries() {
 	madArg0IndirectToArg1Indirect(&a, &c);
 	sink(c); // $ ir

+	sink(madArgsComplex(0, 0, 0, 0));
+	sink(madArgsComplex(sourceIndirect(), 0, 0, 0)); // $ ir
+	sink(madArgsComplex(0, sourceIndirect(), 0, 0)); // $ ir
+	sink(madArgsComplex(0, 0, source(), 0)); // $ ir
+	sink(madArgsComplex(0, 0, 0, source()));
+
+	// test summaries involving structs / fields
+
 	MyContainer mc1, mc2;

 	d = 0;
@@ -197,6 +211,19 @@ void test_summaries() {
 	int *rtn2_ptr = rtn2.ptr;
 	sink(*rtn2_ptr); // $ ir

+	// test global variable summaries
+
+	madFieldToFieldVar.value = source();
+	sink(madFieldToFieldVar.value2); // $ MISSING: ir
+
+	madFieldToIndirectFieldVar.value = source();
+	sink(madFieldToFieldVar.ptr);
+	sink(*(madFieldToFieldVar.ptr)); // $ MISSING: ir
+
+	madIndirectFieldToFieldVar->value = source();
+	sink((*madIndirectFieldToFieldVar).value2); // $ MISSING: ir
+	sink(madIndirectFieldToFieldVar->value2); // $ MISSING: ir
+
 	// test source + sinks + summaries together

 	madSinkArg0(madArg0ToReturn(remoteMadSource())); // $ ir