hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

finilize tests for zlib

Browse Source
This commit is contained in:
am0o0
2024-09-03 09:12:54 +02:00
parent f97b1039cd
commit 8c1c537150
4 changed files with 118 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.ql
View File

@@ -22,7 +22,7 @@ module DecompressionTaintConfig implements DataFlow::ConfigSig {
predicate isSink(DataFlow::Node sink) {
exists(FunctionCall fc, DecompressionFunction f | fc.getTarget() = f |
fc.getArgument(f.getArchiveParameterIndex()) = sink.asExpr()
fc.getArgument(f.getArchiveParameterIndex()) = [sink.asExpr(), sink.asIndirectExpr()]
)
}

2
cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZlibUncompress.qll
View File

@@ -13,5 +13,5 @@ import DecompressionBomb
class UncompressFunction extends DecompressionFunction {
UncompressFunction() { this.hasGlobalName(["uncompress", "uncompress2"]) }
override int getArchiveParameterIndex() { result = 0 }
override int getArchiveParameterIndex() { result = 2 }
}

93
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.expected Normal file
View File

@@ -0,0 +1,93 @@
edges
| zlibTest.cpp:52:25:52:25 | *a | zlibTest.cpp:63:25:63:35 | *a | provenance | |
| zlibTest.cpp:63:25:63:35 | *a | zlibTest.cpp:52:25:52:25 | *a | provenance | |
| zlibTest.cpp:63:25:63:35 | *a | zlibTest.cpp:69:17:69:26 | & ... | provenance | Config |
| zlibTest.cpp:63:25:63:35 | *a | zlibTest.cpp:70:13:70:22 | & ... | provenance | Config |
| zlibTest.cpp:69:17:69:26 | & ... | zlibTest.cpp:70:13:70:22 | & ... | provenance | |
| zlibTest.cpp:93:24:93:31 | *fileName | zlibTest.cpp:94:29:94:36 | *fileName | provenance | |
| zlibTest.cpp:94:22:94:27 | call to gzopen | zlibTest.cpp:94:22:94:27 | call to gzopen | provenance | |
| zlibTest.cpp:94:22:94:27 | call to gzopen | zlibTest.cpp:101:32:101:38 | inFileZ | provenance | |
| zlibTest.cpp:94:29:94:36 | *fileName | zlibTest.cpp:93:24:93:31 | *fileName | provenance | |
| zlibTest.cpp:94:29:94:36 | *fileName | zlibTest.cpp:94:22:94:27 | call to gzopen | provenance | Config |
| zlibTest.cpp:114:25:114:32 | *fileName | zlibTest.cpp:115:29:115:36 | *fileName | provenance | |
| zlibTest.cpp:115:22:115:27 | call to gzopen | zlibTest.cpp:115:22:115:27 | call to gzopen | provenance | |
| zlibTest.cpp:115:22:115:27 | call to gzopen | zlibTest.cpp:121:38:121:44 | inFileZ | provenance | |
| zlibTest.cpp:115:29:115:36 | *fileName | zlibTest.cpp:114:25:114:32 | *fileName | provenance | |
| zlibTest.cpp:115:29:115:36 | *fileName | zlibTest.cpp:115:22:115:27 | call to gzopen | provenance | Config |
| zlibTest.cpp:131:24:131:31 | *fileName | zlibTest.cpp:132:29:132:36 | *fileName | provenance | |
| zlibTest.cpp:132:22:132:27 | call to gzopen | zlibTest.cpp:132:22:132:27 | call to gzopen | provenance | |
| zlibTest.cpp:132:22:132:27 | call to gzopen | zlibTest.cpp:139:25:139:31 | inFileZ | provenance | |
| zlibTest.cpp:132:29:132:36 | *fileName | zlibTest.cpp:131:24:131:31 | *fileName | provenance | |
| zlibTest.cpp:132:29:132:36 | *fileName | zlibTest.cpp:132:22:132:27 | call to gzopen | provenance | Config |
| zlibTest.cpp:156:41:156:45 | *input | zlibTest.cpp:163:29:163:43 | *input | provenance | |
| zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:169:19:169:25 | *access to array | provenance | |
| zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:170:18:170:24 | *access to array | provenance | |
| zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:171:19:171:25 | *access to array | provenance | |
| zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:172:18:172:24 | *access to array | provenance | |
| zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:174:19:174:66 | *access to array | provenance | |
| zlibTest.cpp:169:19:169:25 | *access to array | zlibTest.cpp:114:25:114:32 | *fileName | provenance | |
| zlibTest.cpp:169:19:169:25 | *access to array | zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | provenance | |
| zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | zlibTest.cpp:170:18:170:24 | *access to array | provenance | |
| zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | zlibTest.cpp:171:19:171:25 | *access to array | provenance | |
| zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | zlibTest.cpp:172:18:172:24 | *access to array | provenance | |
| zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | zlibTest.cpp:174:19:174:66 | *access to array | provenance | |
| zlibTest.cpp:170:18:170:24 | *access to array | zlibTest.cpp:131:24:131:31 | *fileName | provenance | |
| zlibTest.cpp:170:18:170:24 | *access to array | zlibTest.cpp:170:18:170:24 | UnsafeGzgets output argument | provenance | |
| zlibTest.cpp:170:18:170:24 | UnsafeGzgets output argument | zlibTest.cpp:171:19:171:25 | *access to array | provenance | |
| zlibTest.cpp:170:18:170:24 | UnsafeGzgets output argument | zlibTest.cpp:172:18:172:24 | *access to array | provenance | |
| zlibTest.cpp:170:18:170:24 | UnsafeGzgets output argument | zlibTest.cpp:174:19:174:66 | *access to array | provenance | |
| zlibTest.cpp:171:19:171:25 | *access to array | zlibTest.cpp:52:25:52:25 | *a | provenance | |
| zlibTest.cpp:171:19:171:25 | *access to array | zlibTest.cpp:171:19:171:25 | UnsafeInflate output argument | provenance | |
| zlibTest.cpp:171:19:171:25 | UnsafeInflate output argument | zlibTest.cpp:172:18:172:24 | *access to array | provenance | |
| zlibTest.cpp:171:19:171:25 | UnsafeInflate output argument | zlibTest.cpp:174:19:174:66 | *access to array | provenance | |
| zlibTest.cpp:172:18:172:24 | *access to array | zlibTest.cpp:93:24:93:31 | *fileName | provenance | |
| zlibTest.cpp:172:18:172:24 | *access to array | zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument | provenance | |
| zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument | zlibTest.cpp:174:19:174:66 | *access to array | provenance | |
| zlibTest.cpp:174:19:174:66 | *access to array | zlibTest.cpp:156:41:156:45 | *input | provenance | |
nodes
| zlibTest.cpp:52:25:52:25 | *a | semmle.label | *a |
| zlibTest.cpp:52:25:52:25 | *a | semmle.label | *a |
| zlibTest.cpp:63:25:63:35 | *a | semmle.label | *a |
| zlibTest.cpp:69:17:69:26 | & ... | semmle.label | & ... |
| zlibTest.cpp:70:13:70:22 | & ... | semmle.label | & ... |
| zlibTest.cpp:93:24:93:31 | *fileName | semmle.label | *fileName |
| zlibTest.cpp:93:24:93:31 | *fileName | semmle.label | *fileName |
| zlibTest.cpp:94:22:94:27 | call to gzopen | semmle.label | call to gzopen |
| zlibTest.cpp:94:22:94:27 | call to gzopen | semmle.label | call to gzopen |
| zlibTest.cpp:94:29:94:36 | *fileName | semmle.label | *fileName |
| zlibTest.cpp:101:32:101:38 | inFileZ | semmle.label | inFileZ |
| zlibTest.cpp:114:25:114:32 | *fileName | semmle.label | *fileName |
| zlibTest.cpp:114:25:114:32 | *fileName | semmle.label | *fileName |
| zlibTest.cpp:115:22:115:27 | call to gzopen | semmle.label | call to gzopen |
| zlibTest.cpp:115:22:115:27 | call to gzopen | semmle.label | call to gzopen |
| zlibTest.cpp:115:29:115:36 | *fileName | semmle.label | *fileName |
| zlibTest.cpp:121:38:121:44 | inFileZ | semmle.label | inFileZ |
| zlibTest.cpp:131:24:131:31 | *fileName | semmle.label | *fileName |
| zlibTest.cpp:131:24:131:31 | *fileName | semmle.label | *fileName |
| zlibTest.cpp:132:22:132:27 | call to gzopen | semmle.label | call to gzopen |
| zlibTest.cpp:132:22:132:27 | call to gzopen | semmle.label | call to gzopen |
| zlibTest.cpp:132:29:132:36 | *fileName | semmle.label | *fileName |
| zlibTest.cpp:139:25:139:31 | inFileZ | semmle.label | inFileZ |
| zlibTest.cpp:156:41:156:45 | *input | semmle.label | *input |
| zlibTest.cpp:163:29:163:43 | *input | semmle.label | *input |
| zlibTest.cpp:168:27:168:30 | **argv | semmle.label | **argv |
| zlibTest.cpp:169:19:169:25 | *access to array | semmle.label | *access to array |
| zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | semmle.label | UnsafeGzfread output argument |
| zlibTest.cpp:170:18:170:24 | *access to array | semmle.label | *access to array |
| zlibTest.cpp:170:18:170:24 | UnsafeGzgets output argument | semmle.label | UnsafeGzgets output argument |
| zlibTest.cpp:171:19:171:25 | *access to array | semmle.label | *access to array |
| zlibTest.cpp:171:19:171:25 | UnsafeInflate output argument | semmle.label | UnsafeInflate output argument |
| zlibTest.cpp:172:18:172:24 | *access to array | semmle.label | *access to array |
| zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument | semmle.label | UnsafeGzread output argument |
| zlibTest.cpp:174:19:174:66 | *access to array | semmle.label | *access to array |
subpaths
| zlibTest.cpp:169:19:169:25 | *access to array | zlibTest.cpp:114:25:114:32 | *fileName | zlibTest.cpp:114:25:114:32 | *fileName | zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument |
| zlibTest.cpp:170:18:170:24 | *access to array | zlibTest.cpp:131:24:131:31 | *fileName | zlibTest.cpp:131:24:131:31 | *fileName | zlibTest.cpp:170:18:170:24 | UnsafeGzgets output argument |
| zlibTest.cpp:171:19:171:25 | *access to array | zlibTest.cpp:52:25:52:25 | *a | zlibTest.cpp:52:25:52:25 | *a | zlibTest.cpp:171:19:171:25 | UnsafeInflate output argument |
| zlibTest.cpp:172:18:172:24 | *access to array | zlibTest.cpp:93:24:93:31 | *fileName | zlibTest.cpp:93:24:93:31 | *fileName | zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument |
#select
| zlibTest.cpp:70:13:70:22 | & ... | zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:70:13:70:22 | & ... | This Decompression output $@. | zlibTest.cpp:168:27:168:30 | **argv | is not limited |
| zlibTest.cpp:101:32:101:38 | inFileZ | zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:101:32:101:38 | inFileZ | This Decompression output $@. | zlibTest.cpp:168:27:168:30 | **argv | is not limited |
| zlibTest.cpp:121:38:121:44 | inFileZ | zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:121:38:121:44 | inFileZ | This Decompression output $@. | zlibTest.cpp:168:27:168:30 | **argv | is not limited |
| zlibTest.cpp:139:25:139:31 | inFileZ | zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:139:25:139:31 | inFileZ | This Decompression output $@. | zlibTest.cpp:168:27:168:30 | **argv | is not limited |
| zlibTest.cpp:163:29:163:43 | *input | zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:163:29:163:43 | *input | This Decompression output $@. | zlibTest.cpp:168:27:168:30 | **argv | is not limited |

24
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/zlibTest.cpp
View File

@@ -1,4 +1,3 @@
#define Z_NULL 0
# define FAR
typedef unsigned char Byte;
@@ -145,9 +144,32 @@ int UnsafeGzgets(char *fileName) {
return 0;
}
typedef unsigned long uLong;
typedef long unsigned int size_t;
typedef uLong uLongf;
typedef unsigned char Bytef;
#define Z_OK 0
int uncompress(Bytef *dest, uLongf *destLen,
const Bytef *source, uLong sourceLen) { return 0; }
bool InflateString(const unsigned char *input, const unsigned char *output, size_t output_length) {
uLong source_length;
source_length = (uLong) 500;
uLong destination_length;
destination_length = (uLong) output_length;
int result = uncompress((Bytef *) output, &destination_length,
(Bytef *) input, source_length);
return result == Z_OK;
}
int main(int argc, char **argv) {
UnsafeGzfread(argv[2]);
UnsafeGzgets(argv[2]);
UnsafeInflate(argv[2]);
UnsafeGzread(argv[2]);
const unsigned char *output;
InflateString(reinterpret_cast<const unsigned char *>(argv[1]), output, 1024 * 1024 * 1024);
}