hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Add model for std::vector::insert.

Browse Source
This commit is contained in:
Geoffrey White
2020-09-02 16:59:49 +01:00
parent f61c7ffc1a
commit 95ca4b674d
5 changed files with 73 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
View File

@@ -2388,6 +2388,9 @@
| vector.cpp:81:3:81:4 | ref arg v7 | vector.cpp:84:7:84:8 | v7 | |
| vector.cpp:81:3:81:4 | ref arg v7 | vector.cpp:85:7:85:8 | v7 | |
| vector.cpp:81:3:81:4 | ref arg v7 | vector.cpp:101:1:101:1 | v7 | |
| vector.cpp:81:3:81:4 | v7 | vector.cpp:81:6:81:11 | call to insert | TAINT |
| vector.cpp:81:17:81:22 | call to source | vector.cpp:81:3:81:4 | ref arg v7 | TAINT |
| vector.cpp:81:17:81:22 | call to source | vector.cpp:81:6:81:11 | call to insert | TAINT |
| vector.cpp:83:7:83:8 | ref arg v7 | vector.cpp:84:7:84:8 | v7 | |
| vector.cpp:83:7:83:8 | ref arg v7 | vector.cpp:85:7:85:8 | v7 | |
| vector.cpp:83:7:83:8 | ref arg v7 | vector.cpp:101:1:101:1 | v7 | |
@@ -2403,6 +2406,7 @@
| vector.cpp:90:3:90:4 | ref arg v8 | vector.cpp:93:7:93:8 | v8 | |
| vector.cpp:90:3:90:4 | ref arg v8 | vector.cpp:94:7:94:8 | v8 | |
| vector.cpp:90:3:90:4 | ref arg v8 | vector.cpp:101:1:101:1 | v8 | |
| vector.cpp:90:3:90:4 | v8 | vector.cpp:90:6:90:11 | call to insert | TAINT |
| vector.cpp:92:7:92:8 | ref arg v8 | vector.cpp:93:7:93:8 | v8 | |
| vector.cpp:92:7:92:8 | ref arg v8 | vector.cpp:94:7:94:8 | v8 | |
| vector.cpp:92:7:92:8 | ref arg v8 | vector.cpp:101:1:101:1 | v8 | |
@@ -2918,6 +2922,7 @@
| vector.cpp:303:2:303:2 | ref arg d | vector.cpp:312:7:312:7 | d | |
| vector.cpp:303:2:303:2 | ref arg d | vector.cpp:313:1:313:1 | d | |
| vector.cpp:303:14:303:19 | call to source | vector.cpp:303:2:303:2 | ref arg d | TAINT |
| vector.cpp:305:7:305:7 | a | vector.cpp:305:9:305:14 | call to insert | TAINT |
| vector.cpp:305:7:305:7 | ref arg a | vector.cpp:306:7:306:7 | a | |
| vector.cpp:305:7:305:7 | ref arg a | vector.cpp:311:25:311:25 | a | |
| vector.cpp:305:7:305:7 | ref arg a | vector.cpp:311:36:311:36 | a | |
@@ -2932,11 +2937,16 @@
| vector.cpp:305:25:305:25 | b | vector.cpp:305:27:305:31 | call to begin | TAINT |
| vector.cpp:305:25:305:25 | ref arg b | vector.cpp:305:36:305:36 | b | |
| vector.cpp:305:25:305:25 | ref arg b | vector.cpp:313:1:313:1 | b | |
| vector.cpp:305:27:305:31 | call to begin | vector.cpp:305:7:305:7 | ref arg a | TAINT |
| vector.cpp:305:27:305:31 | call to begin | vector.cpp:305:9:305:14 | call to insert | TAINT |
| vector.cpp:305:36:305:36 | b | vector.cpp:305:38:305:40 | call to end | TAINT |
| vector.cpp:305:36:305:36 | ref arg b | vector.cpp:313:1:313:1 | b | |
| vector.cpp:305:38:305:40 | call to end | vector.cpp:305:7:305:7 | ref arg a | TAINT |
| vector.cpp:305:38:305:40 | call to end | vector.cpp:305:9:305:14 | call to insert | TAINT |
| vector.cpp:306:7:306:7 | ref arg a | vector.cpp:311:25:311:25 | a | |
| vector.cpp:306:7:306:7 | ref arg a | vector.cpp:311:36:311:36 | a | |
| vector.cpp:306:7:306:7 | ref arg a | vector.cpp:313:1:313:1 | a | |
| vector.cpp:308:7:308:7 | c | vector.cpp:308:9:308:14 | call to insert | TAINT |
| vector.cpp:308:7:308:7 | ref arg c | vector.cpp:309:7:309:7 | c | |
| vector.cpp:308:7:308:7 | ref arg c | vector.cpp:313:1:313:1 | c | |
| vector.cpp:308:16:308:16 | c | vector.cpp:308:18:308:20 | call to end | TAINT |
@@ -2950,12 +2960,17 @@
| vector.cpp:308:25:308:25 | ref arg d | vector.cpp:311:16:311:16 | d | |
| vector.cpp:308:25:308:25 | ref arg d | vector.cpp:312:7:312:7 | d | |
| vector.cpp:308:25:308:25 | ref arg d | vector.cpp:313:1:313:1 | d | |
| vector.cpp:308:27:308:31 | call to begin | vector.cpp:308:7:308:7 | ref arg c | TAINT |
| vector.cpp:308:27:308:31 | call to begin | vector.cpp:308:9:308:14 | call to insert | TAINT |
| vector.cpp:308:36:308:36 | d | vector.cpp:308:38:308:40 | call to end | TAINT |
| vector.cpp:308:36:308:36 | ref arg d | vector.cpp:311:7:311:7 | d | |
| vector.cpp:308:36:308:36 | ref arg d | vector.cpp:311:16:311:16 | d | |
| vector.cpp:308:36:308:36 | ref arg d | vector.cpp:312:7:312:7 | d | |
| vector.cpp:308:36:308:36 | ref arg d | vector.cpp:313:1:313:1 | d | |
| vector.cpp:308:38:308:40 | call to end | vector.cpp:308:7:308:7 | ref arg c | TAINT |
| vector.cpp:308:38:308:40 | call to end | vector.cpp:308:9:308:14 | call to insert | TAINT |
| vector.cpp:309:7:309:7 | ref arg c | vector.cpp:313:1:313:1 | c | |
| vector.cpp:311:7:311:7 | d | vector.cpp:311:9:311:14 | call to insert | TAINT |
| vector.cpp:311:7:311:7 | ref arg d | vector.cpp:312:7:312:7 | d | |
| vector.cpp:311:7:311:7 | ref arg d | vector.cpp:313:1:313:1 | d | |
| vector.cpp:311:16:311:16 | d | vector.cpp:311:18:311:20 | call to end | TAINT |
@@ -2966,6 +2981,10 @@
| vector.cpp:311:25:311:25 | a | vector.cpp:311:27:311:31 | call to begin | TAINT |
| vector.cpp:311:25:311:25 | ref arg a | vector.cpp:311:36:311:36 | a | |
| vector.cpp:311:25:311:25 | ref arg a | vector.cpp:313:1:313:1 | a | |
| vector.cpp:311:27:311:31 | call to begin | vector.cpp:311:7:311:7 | ref arg d | TAINT |
| vector.cpp:311:27:311:31 | call to begin | vector.cpp:311:9:311:14 | call to insert | TAINT |
| vector.cpp:311:36:311:36 | a | vector.cpp:311:38:311:40 | call to end | TAINT |
| vector.cpp:311:36:311:36 | ref arg a | vector.cpp:313:1:313:1 | a | |
| vector.cpp:311:38:311:40 | call to end | vector.cpp:311:7:311:7 | ref arg d | TAINT |
| vector.cpp:311:38:311:40 | call to end | vector.cpp:311:9:311:14 | call to insert | TAINT |
| vector.cpp:312:7:312:7 | ref arg d | vector.cpp:313:1:313:1 | d | |

6
cpp/ql/test/library-tests/dataflow/taint-tests/taint.expected
View File

@@ -263,6 +263,9 @@
| vector.cpp:72:10:72:13 | call to back | vector.cpp:69:15:69:20 | call to source |
| vector.cpp:75:7:75:8 | v6 | vector.cpp:74:17:74:22 | call to source |
| vector.cpp:76:7:76:18 | access to array | vector.cpp:74:17:74:22 | call to source |
| vector.cpp:83:7:83:8 | v7 | vector.cpp:81:17:81:22 | call to source |
| vector.cpp:84:10:84:14 | call to front | vector.cpp:81:17:81:22 | call to source |
| vector.cpp:85:10:85:13 | call to back | vector.cpp:81:17:81:22 | call to source |
| vector.cpp:97:7:97:8 | v9 | vector.cpp:96:13:96:18 | call to source |
| vector.cpp:98:10:98:11 | call to at | vector.cpp:96:13:96:18 | call to source |
| vector.cpp:99:10:99:11 | call to at | vector.cpp:96:13:96:18 | call to source |
@@ -297,4 +300,7 @@
| vector.cpp:290:7:290:8 | v2 | vector.cpp:289:17:289:30 | call to source |
| vector.cpp:291:10:291:13 | call to data | vector.cpp:289:17:289:30 | call to source |
| vector.cpp:292:7:292:18 | access to array | vector.cpp:289:17:289:30 | call to source |
| vector.cpp:308:9:308:14 | call to insert | vector.cpp:303:14:303:19 | call to source |
| vector.cpp:309:7:309:7 | c | vector.cpp:303:14:303:19 | call to source |
| vector.cpp:311:9:311:14 | call to insert | vector.cpp:303:14:303:19 | call to source |
| vector.cpp:312:7:312:7 | d | vector.cpp:303:14:303:19 | call to source |

6
cpp/ql/test/library-tests/dataflow/taint-tests/test_diff.expected
View File

@@ -211,6 +211,9 @@
| vector.cpp:72:10:72:13 | vector.cpp:69:15:69:20 | AST only |
| vector.cpp:75:7:75:8 | vector.cpp:74:17:74:22 | AST only |
| vector.cpp:76:7:76:18 | vector.cpp:74:17:74:22 | AST only |
| vector.cpp:83:7:83:8 | vector.cpp:81:17:81:22 | AST only |
| vector.cpp:84:10:84:14 | vector.cpp:81:17:81:22 | AST only |
| vector.cpp:85:10:85:13 | vector.cpp:81:17:81:22 | AST only |
| vector.cpp:97:7:97:8 | vector.cpp:96:13:96:18 | AST only |
| vector.cpp:98:10:98:11 | vector.cpp:96:13:96:18 | AST only |
| vector.cpp:99:10:99:11 | vector.cpp:96:13:96:18 | AST only |
@@ -246,4 +249,7 @@
| vector.cpp:290:7:290:8 | vector.cpp:289:17:289:30 | AST only |
| vector.cpp:291:10:291:13 | vector.cpp:289:17:289:30 | AST only |
| vector.cpp:292:7:292:18 | vector.cpp:289:17:289:30 | AST only |
| vector.cpp:308:9:308:14 | vector.cpp:303:14:303:19 | AST only |
| vector.cpp:309:7:309:7 | vector.cpp:303:14:303:19 | AST only |
| vector.cpp:311:9:311:14 | vector.cpp:303:14:303:19 | AST only |
| vector.cpp:312:7:312:7 | vector.cpp:303:14:303:19 | AST only |

12
cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp
View File

@@ -80,9 +80,9 @@ void test_element_taint(int x) {
std::vector<int>::const_iterator it = v7.begin();
v7.insert(it, source());
}
sink(v7); // tainted [NOT DETECTED]
sink(v7.front()); // tainted [NOT DETECTED]
sink(v7.back());
sink(v7); // tainted
sink(v7.front()); // tainted
sink(v7.back()); // [FALSE POSITIVE]
{
const std::vector<int> &v8c = v8;
@@ -305,9 +305,9 @@ void test_vector_insert() {
sink(a.insert(a.end(), b.begin(), b.end()));
sink(a);
sink(c.insert(c.end(), d.begin(), d.end())); // tainted [NOT DETECTED]
sink(c); // tainted [NOT DETECTED]
sink(c.insert(c.end(), d.begin(), d.end())); // tainted
sink(c); // tainted
sink(d.insert(d.end(), a.begin(), a.end())); // tainted [NOT DETECTED]
sink(d.insert(d.end(), a.begin(), a.end())); // tainted
sink(d); // tainted
}