fix tests, it is not fixed 100%

2026-04-27 01:35:13 +02:00 · 2024-07-15 10:13:57 +02:00
parent 87b6495c91
commit a10b5021b4
3 changed files with 21 additions and 18 deletions
--- a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBomb.qll
+++ b/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBomb.qll
@@ -1,5 +1,15 @@
 import cpp
 import semmle.code.cpp.ir.dataflow.TaintTracking
+import MiniZip
+import ZlibGzopen
+import ZlibInflator
+import ZlibUncompress
+import LibArchive
+import LibMiniz
+import XZ
+import ZSTD
+import Bzip2
+import Brotli

 /**
 * The Decompression Sink instances, extend this class to define new decompression sinks.
--- a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.ql
+++ b/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.ql
@@ -15,8 +15,6 @@ import cpp
 import semmle.code.cpp.ir.dataflow.TaintTracking
 import semmle.code.cpp.security.FlowSources
 import semmle.code.cpp.commons.File
-import MiniZip
-import ZlibGzopen
 import DecompressionBomb

 module DecompressionTaintConfig implements DataFlow::ConfigSig {
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/zlibTest.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/zlibTest.cpp
@@ -50,15 +50,12 @@ namespace std {
    extern ostream cout;
 }

-int UnsafeInflate(int argc, char *argv[]) {
-    // original string len = 36
-    char a[50] = "Hello Hello Hello Hello Hello Hello!";
+int UnsafeInflate(char *a) {
    // placeholder for the compressed (deflated) version of "a"
    char b[50];
    // placeholder for the Uncompressed (inflated) version of "b"
    char c[50];

-
    // STEP 1.
    // zlib struct
    z_stream defstream;
@@ -117,12 +114,7 @@ void gzclose(gzFile gz_file);
 std::ostream operator<<(const std::ostream &lhs, unsigned char rhs);


-int send(int, const void *, int, int);
-
-
-int UnsafeGzread(char **argv) {
-    char *fileName;
-    send(0, fileName, 0, 0);
+int UnsafeGzread(char *fileName) {
    gzFile inFileZ = gzopen(fileName, "rb");
    if (&inFileZ == nullptr) {
        exit(0);
@@ -143,9 +135,7 @@ int UnsafeGzread(char **argv) {

 bool gzfread(char *str, int i, int i1, gzFile gz_file);

-int UnsafeGzfread(char **argv) {
-    char *fileName;
-    send(0, fileName, 0, 0);
+int UnsafeGzfread(char *fileName) {
    gzFile inFileZ = gzopen(fileName, "rb");
    if (&inFileZ == nullptr) {
        exit(0);
@@ -162,9 +152,7 @@ int UnsafeGzfread(char **argv) {

 char *gzgets(gzFile gz_file, char *buffer, int i);

-int UnsafeGzgets(char **argv) {
-    char *fileName;
-    send(0, fileName, 0, 0);
+int UnsafeGzgets(char *fileName) {
    gzFile inFileZ = gzopen(fileName, "rb");
    if (&inFileZ == nullptr) {
        exit(0);
@@ -180,3 +168,10 @@ int UnsafeGzgets(char **argv) {
    }
    return 0;
 }
+
+int main(int argc, char **argv) {
+    UnsafeGzfread(argv[2]);
+    UnsafeGzgets(argv[2]);
+    UnsafeInflate(argv[2]);
+    UnsafeGzread(argv[2]);
+}