hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into replace-ast-with-ir-use-usedataflow

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2022-10-25 12:51:30 +02:00
parent 500004dbe0 c4ba644dfd
commit b85d3bc829
1394 changed files with 26124 additions and 57694 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.expected Normal file
View File

@@ -0,0 +1,11 @@
edges
| test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | (const char *)... |
| test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | filePath |
nodes
| test.cpp:23:20:23:23 | argv | semmle.label | argv |
| test.cpp:29:13:29:20 | (const char *)... | semmle.label | (const char *)... |
| test.cpp:29:13:29:20 | filePath | semmle.label | filePath |
subpaths
#select
| test.cpp:29:13:29:20 | (const char *)... | test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | (const char *)... | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. |
| test.cpp:29:13:29:20 | filePath | test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | filePath | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. |

1
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.qlref Normal file
View File

@@ -0,0 +1 @@
experimental/Security/CWE/CWE-078/WordexpTainted.ql

45
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/test.cpp Normal file
View File

@@ -0,0 +1,45 @@
#ifdef _MSC_VER
#define restrict __restrict
#else
#define restrict __restrict__
#endif
typedef unsigned long size_t;
typedef struct {
size_t we_wordc;
char **we_wordv;
size_t we_offs;
} wordexp_t;
enum {
WRDE_APPEND = (1 << 1),
WRDE_NOCMD = (1 << 2)
};
int wordexp(const char *restrict s, wordexp_t *restrict p, int flags);
int main(int argc, char** argv) {
char *filePath = argv[2];
{
// BAD: the user string is injected directly into `wordexp` which performs command substitution
wordexp_t we;
wordexp(filePath, &we, 0);
}
{
// GOOD: command substitution is disabled
wordexp_t we;
wordexp(filePath, &we, WRDE_NOCMD);
}
{
// GOOD: command substitution is disabled
wordexp_t we;
wordexp(filePath, &we, WRDE_NOCMD | WRDE_APPEND);
}
}

2
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-703/semmle/tests/FindIncorrectlyUsedExceptions.expected
View File

@@ -1,3 +1,3 @@
| test.cpp:35:3:35:33 | call to runtime_error | Object creation of exception type on stack. Did you forget the throw keyword? |
| test.cpp:41:3:41:11 | call to funcTest1 | There is an exception in the function that requires your attention. |
| test.cpp:42:3:42:9 | call to DllMain | DllMain contains an exeption not wrapped in a try..catch block. |
| test.cpp:42:3:42:9 | call to DllMain | DllMain contains an exception not wrapped in a try..catch block. |