C++: Update test annotations for use-use dataflow

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser/test.cpp

@@ -19,7 +19,7 @@ void test1(int p)
 {
 	sys_somesystemcall(&p);
 
-	unsafe_put_user(123, &p); // BAD
+	unsafe_put_user(123, &p); // BAD [NOT DETECTED]
 }
 
 void test2(int p)
@@ -40,7 +40,7 @@ void test3()
 
 	sys_somesystemcall(&v);
 
-	unsafe_put_user(123, &v); // BAD
+	unsafe_put_user(123, &v); // BAD [NOT DETECTED]
 }
 
 void test4()
@@ -68,7 +68,7 @@ void test5()
 
 	sys_somesystemcall(&myData);
 
-	unsafe_put_user(123, &(myData.x)); // BAD
+	unsafe_put_user(123, &(myData.x)); // BAD [NOT DETECTED]
 }
 
 void test6()

cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/test.cpp

@@ -48,7 +48,7 @@ int main(int argc, char **argv) {
   printf(choose_message(argc - 1), argc - 1); // GOOD
   printf(messages[1]); // GOOD
   printf(message); // GOOD
-  printf(make_message(argc - 1)); // BAD
+  printf(make_message(argc - 1)); // BAD  [NOT DETECTED]
   printf("Hello, World\n"); // GOOD
   printf(_("Hello, World\n")); // GOOD
   {
@@ -97,7 +97,7 @@ int main(int argc, char **argv) {
     const char *hello = "Hello, World\n";
     const char **p = &hello;
     (*p)++;
-    printf(hello); // BAD [NOT DETECTED]
+    printf(hello); // BAD
   }
   {
     // Same as above block but through a C++ reference
@@ -112,7 +112,7 @@ int main(int argc, char **argv) {
   {
     const char *hello = "Hello, World\n";
     const char *const *p = &hello; // harmless reference to const pointer
-    printf(hello); // GOOD
+    printf(hello); // GOOD [FALSE POSITIVE]
     hello++; // modification comes after use and so does no harm
   }
   printf(argc > 2 ? "More than one\n" : _("Only one\n")); // GOOD

cpp/ql/test/query-tests/Likely Bugs/Protocols/test.cpp

@@ -8,13 +8,13 @@ void SetOptionsNoOldTls(boost::asio::ssl::context& ctx)
 
 void TestProperConfiguration_inter_CorrectUsage01()
 {
-	boost::asio::ssl::context ctx(boost::asio::ssl::context::tls_client);
+	boost::asio::ssl::context ctx(boost::asio::ssl::context::tls_client); // GOOD [FALSE POSITIVE]
 	SetOptionsNoOldTls(ctx);
 }
 
 void TestProperConfiguration_inter_CorrectUsage02()
 {
-	boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23);
+	boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23); // GOOD [FALSE POSITIVE]
 	ctx.set_options(boost::asio::ssl::context::no_tlsv1 | 
 		boost::asio::ssl::context::no_tlsv1_1 | 
 		boost::asio::ssl::context::no_sslv3);
@@ -22,23 +22,23 @@ void TestProperConfiguration_inter_CorrectUsage02()
 
 void TestProperConfiguration_inter_IncorrectUsage01()
 {
-	boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23);	// BUG - missing disable SSLv3
+	boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23);	// BAD - missing disable SSLv3
 	SetOptionsNoOldTls(ctx);
 }
 
 void TestProperConfiguration_IncorrectUsage01()
 {
-	boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23);	// BUG
+	boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23);	// BAD
 }
 
 void TestProperConfiguration_IncorrectUsage02()
 {
-	boost::asio::ssl::context ctx(boost::asio::ssl::context::tls);	// BUG
+	boost::asio::ssl::context ctx(boost::asio::ssl::context::tls);	// BAD
 }
 
 void TestProperConfiguration_IncorrectUsage03()
 {
-	boost::asio::ssl::context ctx(boost::asio::ssl::context::tls);	// BUG
+	boost::asio::ssl::context ctx(boost::asio::ssl::context::tls);	// BAD
 	SetOptionsNoOldTls(ctx);
 	ctx.set_options(boost::asio::ssl::context::no_tlsv1 |
 		boost::asio::ssl::context::no_tlsv1_2 );			// BUG - disabling TLS 1.2

cpp/ql/test/query-tests/Likely Bugs/Protocols/test2.cpp

@@ -2,7 +2,7 @@
 
 void good1()
 {
-	// GOOD
+	// GOOD [FALSE POSITIVE]
 	boost::asio::ssl::context::method m = boost::asio::ssl::context::sslv23;
 	boost::asio::ssl::context ctx(m);
 	ctx.set_options(boost::asio::ssl::context::no_tlsv1 | boost::asio::ssl::context::no_tlsv1_1 | boost::asio::ssl::context::no_sslv3);
@@ -34,7 +34,7 @@ void bad2()
 
 void good3()
 {
-	// GOOD
+	// GOOD [FALSE POSITIVE]
 	boost::asio::ssl::context *ctx = new boost::asio::ssl::context(boost::asio::ssl::context::sslv23);
 	ctx->set_options(boost::asio::ssl::context::no_tlsv1 | boost::asio::ssl::context::no_tlsv1_1 | boost::asio::ssl::context::no_sslv3);
 }

cpp/ql/test/query-tests/Likely Bugs/Protocols/test3.cpp

@@ -13,7 +13,7 @@ void useTLS_bad()
 void useTLS_good()
 {
 	boost::asio::ssl::context ctx(boost::asio::ssl::context::tls);
-	ctx.set_options(boost::asio::ssl::context::no_tlsv1 | boost::asio::ssl::context::no_tlsv1_1); // GOOD
+	ctx.set_options(boost::asio::ssl::context::no_tlsv1 | boost::asio::ssl::context::no_tlsv1_1); // GOOD [FALSE POSITIVE]
 
 	// ...
 }

cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp

@@ -20,7 +20,7 @@ void test1()
 	char bigbuffer[20];
 	
 	memcpy(bigbuffer, smallbuffer, sizeof(smallbuffer)); // GOOD
-	memcpy(bigbuffer, smallbuffer, sizeof(bigbuffer)); // BAD: over-read [NOT DETECTED]
+	memcpy(bigbuffer, smallbuffer, sizeof(bigbuffer)); // BAD: over-read
 	memcpy(smallbuffer, bigbuffer, sizeof(smallbuffer)); // GOOD
 	memcpy(smallbuffer, bigbuffer, sizeof(bigbuffer)); // BAD: over-write
 }

cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/unions.c

@@ -29,5 +29,5 @@ void unions_test(MyUnion *mu)
 	mu->ptr = buffer;
 	strcpy(mu->ptr, "1234567890"); // GOOD
 	strcpy(mu->ptr, "12345678901234567890"); // GOOD
-	strcpy(mu->ptr, "123456789012345678901234567890"); // BAD
+	strcpy(mu->ptr, "123456789012345678901234567890"); // BAD [NOT DETECTED]
 }

cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.c

@@ -150,14 +150,14 @@ int main(int argc, char **argv) {
 	printf(i8);
 	printWrapper(i8);
 
-	// BAD: i9 value comes from argv
+	// BAD: i9 value comes from argv [NOT DETECTED]
 	char i9buf[32];
 	char *i9 = i9buf;
 	memcpy(1 ? ++i9 : 0, argv[1], 1);
 	printf(i9);
 	printWrapper(i9);
 
-	// BAD: i91 value comes from argv
+	// BAD: i91 value comes from argv [NOT DETECTED]
 	char i91buf[64];
 	char *i91 = &i91buf[0];
 	memcpy(0 ? 0 : i91, argv[1] + 1, 1);

cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/test.cpp

@@ -21,7 +21,7 @@ void doNothing(char *url)
 {
 }
 
-const char *url_g = "http://example.com"; // BAD [NOT DETECTED]
+const char *url_g = "http://example.com"; // BAD
 
 void test()
 {

cpp/ql/test/query-tests/Security/CWE/CWE-611/tests3.cpp

@@ -22,7 +22,7 @@ public:
 void test3_1(InputSource &data) {
 	SAX2XMLReader *p = XMLReaderFactory::createXMLReader();
 
-	p->parse(data); // BAD (parser not correctly configured) [NOT DETECTED]
+	p->parse(data); // BAD (parser not correctly configured)
 }
 
 void test3_2(InputSource &data) {
@@ -35,14 +35,14 @@ void test3_2(InputSource &data) {
 SAX2XMLReader *p_3_3 = XMLReaderFactory::createXMLReader();
 
 void test3_3(InputSource &data) {
-	p_3_3->parse(data); // BAD (parser not correctly configured)
+	p_3_3->parse(data); // BAD (parser not correctly configured) [NOT DETECTED]
 }
 
 SAX2XMLReader *p_3_4 = XMLReaderFactory::createXMLReader();
 
 void test3_4(InputSource &data) {
 	p_3_4->setFeature(XMLUni::fgXercesDisableDefaultEntityResolution, true);
-	p_3_4->parse(data); // GOOD [FALSE POSITIVE]
+	p_3_4->parse(data); // GOOD
 }
 
 SAX2XMLReader *p_3_5 = XMLReaderFactory::createXMLReader();
@@ -53,7 +53,7 @@ void test3_5_init() {
 
 void test3_5(InputSource &data) {
 	test3_5_init();
-	p_3_5->parse(data); // GOOD [FALSE POSITIVE]
+	p_3_5->parse(data); // GOOD
 }
 
 void test3_6(InputSource &data) {

cpp/ql/test/query-tests/Security/CWE/CWE-611/tests5.cpp

@@ -73,7 +73,7 @@ void test5_6_init() {
 void test5_6() {
 	test5_6_init();
 
-	g_p1->parse(*g_data); // GOOD [FALSE POSITIVE]
+	g_p1->parse(*g_data); // GOOD
 	g_p2->parse(*g_data); // BAD (parser not correctly configured)
 }