From 8edf19adc0dbca84dba7decb31987652a6c91927 Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mathiasvp@github.com>
Date: Tue, 30 Jul 2024 10:14:41 +0100
Subject: [PATCH] C++: Add MaD model for 'std::format'.

---
 cpp/ql/lib/ext/std.format.model.yml           | 13 ++++++++++++
 .../taint-tests/test_mad-signatures.expected  | 20 +++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 cpp/ql/lib/ext/std.format.model.yml

diff --git a/cpp/ql/lib/ext/std.format.model.yml b/cpp/ql/lib/ext/std.format.model.yml
new file mode 100644
index 00000000000..dbd54700955
--- /dev/null
+++ b/cpp/ql/lib/ext/std.format.model.yml
@@ -0,0 +1,13 @@
+extensions:
+  - addsTo:
+      pack: codeql/cpp-all
+      extensible: summaryModel
+    data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
+      - ["std", "", False, "format<Args>", "(format_string,Args &&)", "", "Argument[*1]", "ReturnValue.Element[@]", "taint", "manual"]
+      - ["std", "", False, "format<Args>", "(format_string,Args &&)", "", "Argument[*2]", "ReturnValue.Element[@]", "taint", "manual"]
+      - ["std", "", False, "format<Args>", "(format_string,Args &&)", "", "Argument[*3]", "ReturnValue.Element[@]", "taint", "manual"]
+      - ["std", "", False, "format<Args>", "(format_string,Args &&)", "", "Argument[*4]", "ReturnValue.Element[@]", "taint", "manual"]
+      - ["std", "", False, "format<Args>", "(format_string,Args &&)", "", "Argument[*5]", "ReturnValue.Element[@]", "taint", "manual"]
+      - ["std", "", False, "format<Args>", "(format_string,Args &&)", "", "Argument[*6]", "ReturnValue.Element[@]", "taint", "manual"]
+      - ["std", "", False, "format<Args>", "(format_string,Args &&)", "", "Argument[*7]", "ReturnValue.Element[@]", "taint", "manual"]
+      - ["std", "", False, "format<Args>", "(format_string,Args &&)", "", "Argument[*8]", "ReturnValue.Element[@]", "taint", "manual"]
\ No newline at end of file
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected
index 79425ce2d97..d61cbaa1f2c 100644
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected
@@ -175,6 +175,7 @@ signatureMatches
 | stl.h:333:42:333:47 | insert | (const_iterator,InputIt,InputIt) | vector | insert<InputIt> | 1 |
 | stl.h:333:42:333:47 | insert | (const_iterator,InputIt,InputIt) | vector | insert<InputIt> | 2 |
 | stl.h:333:42:333:47 | insert | (const_iterator,InputIt,InputIt) | vector | insert<InputIt> | 2 |
+| stl.h:335:37:335:43 | emplace | (format_string,Args &&) |  | format<Args> | 1 |
 | stl.h:396:3:396:3 | pair | (const deque &,const Allocator &) | deque<T,Allocator> | deque | 1 |
 | stl.h:396:3:396:3 | pair | (const deque &,const Allocator &) | deque<T,Allocator> | deque | 1 |
 | stl.h:396:3:396:3 | pair | (const deque &,const Allocator &) | deque<T,Allocator> | deque | 1 |
@@ -215,6 +216,19 @@ signatureMatches
 | stl.h:396:3:396:3 | pair | (vector &&,const Allocator &) | vector<T,Allocator> | vector | 1 |
 | stl.h:396:3:396:3 | pair | (vector &&,const Allocator &) | vector<T,Allocator> | vector | 1 |
 | stl.h:396:3:396:3 | pair | (vector &&,const Allocator &) | vector<T,Allocator> | vector | 1 |
+| stl.h:440:36:440:47 | emplace_hint | (format_string,Args &&) |  | format<Args> | 1 |
+| stl.h:440:36:440:47 | emplace_hint | (format_string,Args &&) |  | format<Args> | 1 |
+| stl.h:448:48:448:58 | try_emplace | (format_string,Args &&) |  | format<Args> | 1 |
+| stl.h:448:48:448:58 | try_emplace | (format_string,Args &&) |  | format<Args> | 1 |
+| stl.h:452:42:452:57 | insert_or_assign | (format_string,Args &&) |  | format<Args> | 1 |
+| stl.h:508:36:508:47 | emplace_hint | (format_string,Args &&) |  | format<Args> | 1 |
+| stl.h:508:36:508:47 | emplace_hint | (format_string,Args &&) |  | format<Args> | 1 |
+| stl.h:516:48:516:58 | try_emplace | (format_string,Args &&) |  | format<Args> | 1 |
+| stl.h:516:48:516:58 | try_emplace | (format_string,Args &&) |  | format<Args> | 1 |
+| stl.h:516:48:516:58 | try_emplace | (format_string,Args &&) |  | format<Args> | 1 |
+| stl.h:516:48:516:58 | try_emplace | (format_string,Args &&) |  | format<Args> | 1 |
+| stl.h:516:48:516:58 | try_emplace | (format_string,Args &&) |  | format<Args> | 1 |
+| stl.h:520:42:520:57 | insert_or_assign | (format_string,Args &&) |  | format<Args> | 1 |
 | stl.h:557:33:557:35 | set | (InputIt,InputIt) | deque | assign<InputIt> | 0 |
 | stl.h:557:33:557:35 | set | (InputIt,InputIt) | deque | assign<InputIt> | 1 |
 | stl.h:557:33:557:35 | set | (InputIt,InputIt) | forward_list | assign<InputIt> | 0 |
@@ -223,6 +237,8 @@ signatureMatches
 | stl.h:557:33:557:35 | set | (InputIt,InputIt) | list | assign<InputIt> | 1 |
 | stl.h:557:33:557:35 | set | (InputIt,InputIt) | vector | assign<InputIt> | 0 |
 | stl.h:557:33:557:35 | set | (InputIt,InputIt) | vector | assign<InputIt> | 1 |
+| stl.h:569:36:569:47 | emplace_hint | (format_string,Args &&) |  | format<Args> | 1 |
+| stl.h:569:36:569:47 | emplace_hint | (format_string,Args &&) |  | format<Args> | 1 |
 | stl.h:574:38:574:43 | insert | (InputIt,InputIt) | deque | assign<InputIt> | 0 |
 | stl.h:574:38:574:43 | insert | (InputIt,InputIt) | deque | assign<InputIt> | 1 |
 | stl.h:574:38:574:43 | insert | (InputIt,InputIt) | forward_list | assign<InputIt> | 0 |
@@ -231,6 +247,8 @@ signatureMatches
 | stl.h:574:38:574:43 | insert | (InputIt,InputIt) | list | assign<InputIt> | 1 |
 | stl.h:574:38:574:43 | insert | (InputIt,InputIt) | vector | assign<InputIt> | 0 |
 | stl.h:574:38:574:43 | insert | (InputIt,InputIt) | vector | assign<InputIt> | 1 |
+| stl.h:623:36:623:47 | emplace_hint | (format_string,Args &&) |  | format<Args> | 1 |
+| stl.h:623:36:623:47 | emplace_hint | (format_string,Args &&) |  | format<Args> | 1 |
 | stl.h:628:38:628:43 | insert | (InputIt,InputIt) | deque | assign<InputIt> | 0 |
 | stl.h:628:38:628:43 | insert | (InputIt,InputIt) | deque | assign<InputIt> | 1 |
 | stl.h:628:38:628:43 | insert | (InputIt,InputIt) | forward_list | assign<InputIt> | 0 |
@@ -315,6 +333,8 @@ getSignatureParameterName
 | (deque &&) | deque | deque | 0 | deque && |
 | (deque &&,const Allocator &) | deque<T,Allocator> | deque | 0 | deque && |
 | (deque &&,const Allocator &) | deque<T,Allocator> | deque | 1 | const class:1 & |
+| (format_string,Args &&) |  | format<Args> | 0 | format_string |
+| (format_string,Args &&) |  | format<Args> | 1 | func:0 && |
 | (forward_list &&) | forward_list | forward_list | 0 | forward_list && |
 | (forward_list &&,const Allocator &) | forward_list<T,Allocator> | forward_list | 0 | forward_list && |
 | (forward_list &&,const Allocator &) | forward_list<T,Allocator> | forward_list | 1 | const class:1 & |