Merge branch 'main' into rdmarsh2/cpp/output-iterators-2

Resolve merge conflict in tests
2026-04-30 19:26:02 +02:00 · 2020-10-23 13:50:15 -07:00
parent 413c845e97 6218a48e88
commit aab9797c2f
115 changed files with 8830 additions and 444 deletions
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
@@ -7208,3 +7208,52 @@
 | vector.cpp:449:6:449:7 | it | vector.cpp:449:4:449:4 | call to operator++ |  |
 | vector.cpp:449:11:449:16 | call to source | vector.cpp:449:3:449:3 | ref arg call to operator* | TAINT |
 | vector.cpp:450:8:450:10 | ref arg out | vector.cpp:451:2:451:2 | out |  |
+| vector.cpp:467:22:467:25 | call to vector | vector.cpp:471:8:471:8 | v |  |
+| vector.cpp:467:22:467:25 | call to vector | vector.cpp:472:11:472:11 | v |  |
+| vector.cpp:467:22:467:25 | call to vector | vector.cpp:473:8:473:8 | v |  |
+| vector.cpp:467:22:467:25 | call to vector | vector.cpp:474:2:474:2 | v |  |
+| vector.cpp:468:11:468:16 | call to source | vector.cpp:472:18:472:18 | s |  |
+| vector.cpp:469:10:469:11 | 0 | vector.cpp:472:13:472:13 | i |  |
+| vector.cpp:471:8:471:8 | ref arg v | vector.cpp:472:11:472:11 | v |  |
+| vector.cpp:471:8:471:8 | ref arg v | vector.cpp:473:8:473:8 | v |  |
+| vector.cpp:471:8:471:8 | ref arg v | vector.cpp:474:2:474:2 | v |  |
+| vector.cpp:472:10:472:14 | & ... | vector.cpp:472:3:472:8 | call to memcpy |  |
+| vector.cpp:472:10:472:14 | ref arg & ... | vector.cpp:472:12:472:12 | call to operator[] [inner post update] |  |
+| vector.cpp:472:11:472:11 | ref arg v | vector.cpp:473:8:473:8 | v |  |
+| vector.cpp:472:11:472:11 | ref arg v | vector.cpp:474:2:474:2 | v |  |
+| vector.cpp:472:11:472:11 | v | vector.cpp:472:12:472:12 | call to operator[] | TAINT |
+| vector.cpp:472:12:472:12 | call to operator[] | vector.cpp:472:10:472:14 | & ... |  |
+| vector.cpp:472:12:472:12 | call to operator[] [inner post update] | vector.cpp:472:11:472:11 | ref arg v | TAINT |
+| vector.cpp:472:17:472:18 | & ... | vector.cpp:472:3:472:8 | call to memcpy | TAINT |
+| vector.cpp:472:17:472:18 | & ... | vector.cpp:472:10:472:14 | ref arg & ... | TAINT |
+| vector.cpp:472:18:472:18 | s | vector.cpp:472:10:472:14 | ref arg & ... |  |
+| vector.cpp:472:18:472:18 | s | vector.cpp:472:17:472:18 | & ... |  |
+| vector.cpp:473:8:473:8 | ref arg v | vector.cpp:474:2:474:2 | v |  |
+| vector.cpp:477:24:477:27 | call to vector | vector.cpp:483:8:483:9 | cs |  |
+| vector.cpp:477:24:477:27 | call to vector | vector.cpp:484:11:484:12 | cs |  |
+| vector.cpp:477:24:477:27 | call to vector | vector.cpp:486:8:486:9 | cs |  |
+| vector.cpp:477:24:477:27 | call to vector | vector.cpp:487:2:487:2 | cs |  |
+| vector.cpp:478:21:478:37 | call to source | vector.cpp:480:22:480:24 | src |  |
+| vector.cpp:478:21:478:37 | call to source | vector.cpp:482:8:482:10 | src |  |
+| vector.cpp:478:21:478:37 | call to source | vector.cpp:484:25:484:27 | src |  |
+| vector.cpp:478:21:478:37 | call to source | vector.cpp:485:8:485:10 | src |  |
+| vector.cpp:479:23:479:24 | 10 | vector.cpp:484:14:484:17 | offs |  |
+| vector.cpp:480:26:480:31 | call to length | vector.cpp:484:38:484:40 | len |  |
+| vector.cpp:482:8:482:10 | ref arg src | vector.cpp:484:25:484:27 | src |  |
+| vector.cpp:482:8:482:10 | ref arg src | vector.cpp:485:8:485:10 | src |  |
+| vector.cpp:483:8:483:9 | ref arg cs | vector.cpp:484:11:484:12 | cs |  |
+| vector.cpp:483:8:483:9 | ref arg cs | vector.cpp:486:8:486:9 | cs |  |
+| vector.cpp:483:8:483:9 | ref arg cs | vector.cpp:487:2:487:2 | cs |  |
+| vector.cpp:484:10:484:22 | & ... | vector.cpp:484:3:484:8 | call to memcpy |  |
+| vector.cpp:484:10:484:22 | ref arg & ... | vector.cpp:484:13:484:13 | call to operator[] [inner post update] |  |
+| vector.cpp:484:11:484:12 | cs | vector.cpp:484:13:484:13 | call to operator[] | TAINT |
+| vector.cpp:484:11:484:12 | ref arg cs | vector.cpp:486:8:486:9 | cs |  |
+| vector.cpp:484:11:484:12 | ref arg cs | vector.cpp:487:2:487:2 | cs |  |
+| vector.cpp:484:13:484:13 | call to operator[] | vector.cpp:484:10:484:22 | & ... |  |
+| vector.cpp:484:13:484:13 | call to operator[] [inner post update] | vector.cpp:484:11:484:12 | ref arg cs | TAINT |
+| vector.cpp:484:14:484:17 | offs | vector.cpp:484:14:484:21 | ... + ... | TAINT |
+| vector.cpp:484:21:484:21 | 1 | vector.cpp:484:14:484:21 | ... + ... | TAINT |
+| vector.cpp:484:25:484:27 | src | vector.cpp:484:29:484:33 | call to c_str | TAINT |
+| vector.cpp:484:29:484:33 | call to c_str | vector.cpp:484:3:484:8 | call to memcpy | TAINT |
+| vector.cpp:484:29:484:33 | call to c_str | vector.cpp:484:10:484:22 | ref arg & ... | TAINT |
+| vector.cpp:486:8:486:9 | ref arg cs | vector.cpp:487:2:487:2 | cs |  |
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp
@@ -192,7 +192,7 @@ void *memcpy(void *dest, void *src, int len);
 void test_memcpy(int *source) {
 	int x;
 	memcpy(&x, source, sizeof(int));
-	sink(x);
+	sink(x); // tainted
 }

 // --- std::swap ---
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.expected
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.expected
@@ -662,3 +662,7 @@
 | vector.cpp:436:8:436:10 | out | vector.cpp:435:11:435:16 | call to source |
 | vector.cpp:443:8:443:10 | out | vector.cpp:417:33:417:45 | source_string |
 | vector.cpp:450:8:450:10 | out | vector.cpp:449:11:449:16 | call to source |
+| vector.cpp:473:8:473:8 | v | vector.cpp:468:11:468:16 | call to source |
+| vector.cpp:482:8:482:10 | src | vector.cpp:478:21:478:37 | call to source |
+| vector.cpp:485:8:485:10 | src | vector.cpp:478:21:478:37 | call to source |
+| vector.cpp:486:8:486:9 | cs | vector.cpp:478:21:478:37 | call to source |
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_diff.expected
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_diff.expected
@@ -388,3 +388,5 @@
 | vector.cpp:436:8:436:10 | vector.cpp:435:11:435:16 | AST only |
 | vector.cpp:443:8:443:10 | vector.cpp:417:33:417:45 | AST only |
 | vector.cpp:450:8:450:10 | vector.cpp:449:11:449:16 | AST only |
+| vector.cpp:473:8:473:8 | vector.cpp:468:11:468:16 | AST only |
+| vector.cpp:486:8:486:9 | vector.cpp:478:21:478:37 | AST only |
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_ir.expected
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_ir.expected
@@ -416,3 +416,5 @@
 | vector.cpp:312:7:312:7 | Argument 0 indirection | vector.cpp:303:14:303:19 | call to source |
 | vector.cpp:324:7:324:8 | Argument 0 indirection | vector.cpp:318:15:318:20 | call to source |
 | vector.cpp:326:7:326:8 | Argument 0 indirection | vector.cpp:318:15:318:20 | call to source |
+| vector.cpp:482:8:482:10 | Argument 0 indirection | vector.cpp:478:21:478:37 | call to source |
+| vector.cpp:485:8:485:10 | Argument 0 indirection | vector.cpp:478:21:478:37 | call to source |
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp
@@ -450,3 +450,39 @@ void test_vector_inserter(char *source_string) {
 		sink(out); // tainted [NOT DETECTED by IR]
 	}
 }
+
+void *memcpy(void *s1, const void *s2, size_t n);
+
+namespace ns_string
+{
+	std::string source();
+}
+
+void sink(std::vector<char> &);
+void sink(std::string &);
+
+void test_vector_memcpy()
+{
+	{
+		std::vector<int> v(100);
+		int s = source();
+		int i = 0;
+
+		sink(v);
+		memcpy(&v[i], &s, sizeof(int));
+		sink(v); // tainted [NOT DETECTED by IR]
+	}
+
+	{
+		std::vector<char> cs(100);
+		std::string src = ns_string::source();
+		const size_t offs = 10;
+		const size_t len = src.length();
+
+		sink(src); // tainted
+		sink(cs);
+		memcpy(&cs[offs + 1], src.c_str(), len);
+		sink(src); // tainted
+		sink(cs); // tainted [NOT DETECTED by IR]
+	}
+}