C++: Accept test outputs

2026-04-30 03:05:15 +02:00 · 2020-11-09 13:24:31 -08:00
parent 95ed5465de
commit afbeca0d54
4 changed files with 40 additions and 17 deletions
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected
@@ -1,5 +1,3 @@
-WARNING: Unused predicate sinkInstructionNodes (C:/semmle/code/ql/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql:64,13-33)
-WARNING: Unused predicate sinkOperand (C:/semmle/code/ql/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql:70,13-24)
 edges
 | test.c:9:23:9:26 | argv | test.c:17:11:17:18 | Argument 0 indirection |
 | test.c:9:23:9:26 | argv | test.c:17:11:17:18 | Argument 0 indirection |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/CgiXss.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/CgiXss.expected
@@ -1,30 +1,20 @@
 edges
-| search.c:14:24:14:28 | *query | search.c:17:8:17:12 | (const char *)... |
-| search.c:14:24:14:28 | *query | search.c:17:8:17:12 | query |
 | search.c:14:24:14:28 | query | search.c:17:8:17:12 | (const char *)... |
 | search.c:14:24:14:28 | query | search.c:17:8:17:12 | query |
 | search.c:14:24:14:28 | query | search.c:17:8:17:12 | query |
-| search.c:22:24:22:28 | *query | search.c:23:39:23:43 | query |
-| search.c:22:24:22:28 | *query | search.c:23:39:23:43 | query |
 | search.c:22:24:22:28 | query | search.c:23:39:23:43 | query |
 | search.c:22:24:22:28 | query | search.c:23:39:23:43 | query |
-| search.c:41:21:41:26 | call to getenv | search.c:14:24:14:28 | *query |
-| search.c:41:21:41:26 | call to getenv | search.c:14:24:14:28 | *query |
 | search.c:41:21:41:26 | call to getenv | search.c:14:24:14:28 | query |
 | search.c:41:21:41:26 | call to getenv | search.c:14:24:14:28 | query |
-| search.c:41:21:41:26 | call to getenv | search.c:22:24:22:28 | *query |
-| search.c:41:21:41:26 | call to getenv | search.c:22:24:22:28 | *query |
 | search.c:41:21:41:26 | call to getenv | search.c:22:24:22:28 | query |
 | search.c:41:21:41:26 | call to getenv | search.c:22:24:22:28 | query |
 nodes
-| search.c:14:24:14:28 | *query | semmle.label | *query |
 | search.c:14:24:14:28 | query | semmle.label | query |
 | search.c:17:8:17:12 | (const char *)... | semmle.label | (const char *)... |
 | search.c:17:8:17:12 | (const char *)... | semmle.label | (const char *)... |
 | search.c:17:8:17:12 | query | semmle.label | query |
 | search.c:17:8:17:12 | query | semmle.label | query |
 | search.c:17:8:17:12 | query | semmle.label | query |
-| search.c:22:24:22:28 | *query | semmle.label | *query |
 | search.c:22:24:22:28 | query | semmle.label | query |
 | search.c:23:39:23:43 | query | semmle.label | query |
 | search.c:23:39:23:43 | query | semmle.label | query |
@@ -32,9 +22,7 @@ nodes
 | search.c:41:21:41:26 | call to getenv | semmle.label | call to getenv |
 | search.c:41:21:41:26 | call to getenv | semmle.label | call to getenv |
 | search.c:45:5:45:15 | Argument 0 | semmle.label | Argument 0 |
-| search.c:45:17:45:25 | Argument 0 indirection | semmle.label | Argument 0 indirection |
 | search.c:47:5:47:15 | Argument 0 | semmle.label | Argument 0 |
-| search.c:47:17:47:25 | Argument 0 indirection | semmle.label | Argument 0 indirection |
 #select
 | search.c:17:8:17:12 | query | search.c:41:21:41:26 | call to getenv | search.c:17:8:17:12 | query | Cross-site scripting vulnerability due to $@. | search.c:41:21:41:26 | call to getenv | this query data |
 | search.c:23:39:23:43 | query | search.c:41:21:41:26 | call to getenv | search.c:23:39:23:43 | query | Cross-site scripting vulnerability due to $@. | search.c:41:21:41:26 | call to getenv | this query data |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/UnboundedWrite.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/UnboundedWrite.expected
@@ -7,12 +7,42 @@ edges
 | tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array |
 | tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array |
 | tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array |
+| tests.c:28:22:28:25 | argv | tests.c:31:15:31:23 | Argument 1 indirection |
+| tests.c:28:22:28:25 | argv | tests.c:31:15:31:23 | Argument 1 indirection |
+| tests.c:28:22:28:25 | argv | tests.c:31:15:31:23 | buffer100 |
+| tests.c:28:22:28:25 | argv | tests.c:31:15:31:23 | buffer100 |
+| tests.c:28:22:28:25 | argv | tests.c:33:21:33:29 | Argument 2 indirection |
+| tests.c:28:22:28:25 | argv | tests.c:33:21:33:29 | Argument 2 indirection |
+| tests.c:28:22:28:25 | argv | tests.c:33:21:33:29 | buffer100 |
+| tests.c:28:22:28:25 | argv | tests.c:33:21:33:29 | buffer100 |
 | tests.c:28:22:28:28 | access to array | tests.c:28:22:28:28 | (const char *)... |
 | tests.c:28:22:28:28 | access to array | tests.c:28:22:28:28 | access to array |
+| tests.c:28:22:28:28 | access to array | tests.c:31:15:31:23 | Argument 1 indirection |
+| tests.c:28:22:28:28 | access to array | tests.c:31:15:31:23 | buffer100 |
+| tests.c:28:22:28:28 | access to array | tests.c:33:21:33:29 | Argument 2 indirection |
+| tests.c:28:22:28:28 | access to array | tests.c:33:21:33:29 | buffer100 |
 | tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array |
 | tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array |
 | tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array |
 | tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array |
+| tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array |
+| tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array |
+| tests.c:29:28:29:31 | argv | tests.c:31:15:31:23 | Argument 1 indirection |
+| tests.c:29:28:29:31 | argv | tests.c:31:15:31:23 | Argument 1 indirection |
+| tests.c:29:28:29:31 | argv | tests.c:31:15:31:23 | buffer100 |
+| tests.c:29:28:29:31 | argv | tests.c:31:15:31:23 | buffer100 |
+| tests.c:29:28:29:31 | argv | tests.c:33:21:33:29 | Argument 2 indirection |
+| tests.c:29:28:29:31 | argv | tests.c:33:21:33:29 | Argument 2 indirection |
+| tests.c:29:28:29:31 | argv | tests.c:33:21:33:29 | buffer100 |
+| tests.c:29:28:29:31 | argv | tests.c:33:21:33:29 | buffer100 |
+| tests.c:29:28:29:34 | access to array | tests.c:31:15:31:23 | Argument 1 indirection |
+| tests.c:29:28:29:34 | access to array | tests.c:31:15:31:23 | buffer100 |
+| tests.c:29:28:29:34 | access to array | tests.c:33:21:33:29 | Argument 2 indirection |
+| tests.c:29:28:29:34 | access to array | tests.c:33:21:33:29 | buffer100 |
+| tests.c:31:15:31:23 | buffer100 | tests.c:33:21:33:29 | Argument 2 indirection |
+| tests.c:31:15:31:23 | buffer100 | tests.c:33:21:33:29 | buffer100 |
+| tests.c:31:15:31:23 | scanf output argument | tests.c:33:21:33:29 | Argument 2 indirection |
+| tests.c:31:15:31:23 | scanf output argument | tests.c:33:21:33:29 | buffer100 |
 | tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | (const char *)... |
 | tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | (const char *)... |
 | tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | access to array |
@@ -36,11 +66,16 @@ nodes
 | tests.c:29:28:29:34 | access to array | semmle.label | access to array |
 | tests.c:29:28:29:34 | access to array | semmle.label | access to array |
 | tests.c:29:28:29:34 | access to array | semmle.label | access to array |
+| tests.c:31:15:31:23 | Argument 1 indirection | semmle.label | Argument 1 indirection |
+| tests.c:31:15:31:23 | Argument 1 indirection | semmle.label | Argument 1 indirection |
 | tests.c:31:15:31:23 | array to pointer conversion | semmle.label | array to pointer conversion |
 | tests.c:31:15:31:23 | array to pointer conversion | semmle.label | array to pointer conversion |
 | tests.c:31:15:31:23 | buffer100 | semmle.label | buffer100 |
 | tests.c:31:15:31:23 | buffer100 | semmle.label | buffer100 |
 | tests.c:31:15:31:23 | buffer100 | semmle.label | buffer100 |
+| tests.c:31:15:31:23 | scanf output argument | semmle.label | scanf output argument |
+| tests.c:33:21:33:29 | Argument 2 indirection | semmle.label | Argument 2 indirection |
+| tests.c:33:21:33:29 | Argument 2 indirection | semmle.label | Argument 2 indirection |
 | tests.c:33:21:33:29 | array to pointer conversion | semmle.label | array to pointer conversion |
 | tests.c:33:21:33:29 | array to pointer conversion | semmle.label | array to pointer conversion |
 | tests.c:33:21:33:29 | buffer100 | semmle.label | buffer100 |
@@ -56,6 +91,11 @@ nodes
 #select
 | tests.c:28:3:28:9 | call to sprintf | tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array | This 'call to sprintf' with input from $@ may overflow the destination. | tests.c:28:22:28:25 | argv | argv |
 | tests.c:29:3:29:9 | call to sprintf | tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array | This 'call to sprintf' with input from $@ may overflow the destination. | tests.c:29:28:29:31 | argv | argv |
+| tests.c:31:15:31:23 | buffer100 | tests.c:28:22:28:25 | argv | tests.c:31:15:31:23 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:28:22:28:25 | argv | argv |
+| tests.c:31:15:31:23 | buffer100 | tests.c:29:28:29:31 | argv | tests.c:31:15:31:23 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:29:28:29:31 | argv | argv |
 | tests.c:31:15:31:23 | buffer100 | tests.c:31:15:31:23 | buffer100 | tests.c:31:15:31:23 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:31:15:31:23 | buffer100 | buffer100 |
+| tests.c:33:21:33:29 | buffer100 | tests.c:28:22:28:25 | argv | tests.c:33:21:33:29 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:28:22:28:25 | argv | argv |
+| tests.c:33:21:33:29 | buffer100 | tests.c:29:28:29:31 | argv | tests.c:33:21:33:29 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:29:28:29:31 | argv | argv |
+| tests.c:33:21:33:29 | buffer100 | tests.c:31:15:31:23 | buffer100 | tests.c:33:21:33:29 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:31:15:31:23 | buffer100 | buffer100 |
 | tests.c:33:21:33:29 | buffer100 | tests.c:33:21:33:29 | buffer100 | tests.c:33:21:33:29 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:33:21:33:29 | buffer100 | buffer100 |
 | tests.c:34:25:34:33 | buffer100 | tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | access to array | This 'sscanf string argument' with input from $@ may overflow the destination. | tests.c:34:10:34:13 | argv | argv |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/globalVars/UncontrolledFormatStringThroughGlobalVar.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/globalVars/UncontrolledFormatStringThroughGlobalVar.expected
@@ -17,8 +17,6 @@ edges
 | globalVars.c:12:2:12:15 | Store | globalVars.c:8:7:8:10 | copy |
 | globalVars.c:15:21:15:23 | val | globalVars.c:16:2:16:12 | Store |
 | globalVars.c:16:2:16:12 | Store | globalVars.c:9:7:9:11 | copy2 |
-| globalVars.c:24:11:24:14 | argv | globalVars.c:11:22:11:25 | *argv |
-| globalVars.c:24:11:24:14 | argv | globalVars.c:11:22:11:25 | *argv |
 | globalVars.c:24:11:24:14 | argv | globalVars.c:11:22:11:25 | argv |
 | globalVars.c:24:11:24:14 | argv | globalVars.c:11:22:11:25 | argv |
 | globalVars.c:27:9:27:12 | copy | globalVars.c:27:9:27:12 | (const char *)... |
@@ -36,7 +34,6 @@ nodes
 | globalVars.c:15:21:15:23 | val | semmle.label | val |
 | globalVars.c:16:2:16:12 | Store | semmle.label | Store |
 | globalVars.c:24:2:24:9 | Argument 0 | semmle.label | Argument 0 |
-| globalVars.c:24:11:24:14 | Argument 0 indirection | semmle.label | Argument 0 indirection |
 | globalVars.c:24:11:24:14 | argv | semmle.label | argv |
 | globalVars.c:24:11:24:14 | argv | semmle.label | argv |
 | globalVars.c:27:9:27:12 | (const char *)... | semmle.label | (const char *)... |