finilize tests for zlib

2026-04-25 08:45:14 +02:00 · 2024-09-03 09:12:54 +02:00
parent f97b1039cd
commit 8c1c537150
4 changed files with 118 additions and 3 deletions
--- a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.ql
+++ b/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.ql
@@ -22,7 +22,7 @@ module DecompressionTaintConfig implements DataFlow::ConfigSig {

  predicate isSink(DataFlow::Node sink) {
    exists(FunctionCall fc, DecompressionFunction f | fc.getTarget() = f |
-      fc.getArgument(f.getArchiveParameterIndex()) = sink.asExpr() 
+      fc.getArgument(f.getArchiveParameterIndex()) = [sink.asExpr(), sink.asIndirectExpr()]
    )
  }

--- a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZlibUncompress.qll
+++ b/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZlibUncompress.qll
@@ -13,5 +13,5 @@ import DecompressionBomb
 class UncompressFunction extends DecompressionFunction {
  UncompressFunction() { this.hasGlobalName(["uncompress", "uncompress2"]) }

-  override int getArchiveParameterIndex() { result = 0 }
+  override int getArchiveParameterIndex() { result = 2 }
 }