hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 19:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Add a taint test for gets.

Browse Source
This commit is contained in:
Geoffrey White
2020-02-12 18:13:33 +00:00
parent 285be2893c
commit 8dcd46f9e7
4 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cpp/ql/test/library-tests/dataflow/security-taint/tainted.expected
View File

@@ -52,3 +52,9 @@
| test.cpp:75:20:75:25 | call to getenv | test.cpp:75:15:75:18 | call to atoi | |
| test.cpp:75:20:75:25 | call to getenv | test.cpp:75:20:75:25 | call to getenv | |
| test.cpp:75:20:75:25 | call to getenv | test.cpp:75:20:75:45 | (const char *)... | |
| test.cpp:87:12:87:15 | call to gets | test.cpp:85:8:85:14 | pointer | |
| test.cpp:87:12:87:15 | call to gets | test.cpp:87:2:87:8 | pointer | |
| test.cpp:87:12:87:15 | call to gets | test.cpp:87:12:87:15 | call to gets | |
| test.cpp:87:17:87:22 | buffer | test.cpp:80:18:80:18 | s | |
| test.cpp:87:17:87:22 | buffer | test.cpp:84:7:84:12 | buffer | |
| test.cpp:87:17:87:22 | buffer | test.cpp:87:17:87:22 | buffer | |

3
cpp/ql/test/library-tests/dataflow/security-taint/tainted_diff.expected
View File

@@ -8,3 +8,6 @@
| test.cpp:68:28:68:33 | call to getenv | test.cpp:69:10:69:13 | copy | AST only |
| test.cpp:68:28:68:33 | call to getenv | test.cpp:70:12:70:15 | copy | AST only |
| test.cpp:68:28:68:33 | call to getenv | test.cpp:71:12:71:15 | copy | AST only |
| test.cpp:87:12:87:15 | call to gets | test.cpp:87:2:87:8 | pointer | AST only |
| test.cpp:87:17:87:22 | buffer | test.cpp:84:7:84:12 | buffer | AST only |
| test.cpp:87:17:87:22 | buffer | test.cpp:87:17:87:22 | array to pointer conversion | IR only |

5
cpp/ql/test/library-tests/dataflow/security-taint/tainted_ir.expected
View File

@@ -40,3 +40,8 @@
| test.cpp:75:20:75:25 | call to getenv | test.cpp:75:15:75:18 | call to atoi | |
| test.cpp:75:20:75:25 | call to getenv | test.cpp:75:20:75:25 | call to getenv | |
| test.cpp:75:20:75:25 | call to getenv | test.cpp:75:20:75:45 | (const char *)... | |
| test.cpp:87:12:87:15 | call to gets | test.cpp:85:8:85:14 | pointer | |
| test.cpp:87:12:87:15 | call to gets | test.cpp:87:12:87:15 | call to gets | |
| test.cpp:87:17:87:22 | buffer | test.cpp:80:18:80:18 | s | |
| test.cpp:87:17:87:22 | buffer | test.cpp:87:17:87:22 | array to pointer conversion | |
| test.cpp:87:17:87:22 | buffer | test.cpp:87:17:87:22 | buffer | |

10
cpp/ql/test/library-tests/dataflow/security-taint/test.cpp
View File

@@ -76,3 +76,13 @@ void guard() {
if (len > 1000) return;
char **node = (char **) malloc(len * sizeof(char *));
}
char *gets(char *s);
void test_gets()
{
char buffer[1024];
char *pointer;
pointer = gets(buffer);
}