hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Add testcase

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2021-03-05 08:06:22 +01:00
parent b399246d7f
commit bd842403c8
3 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
View File

@@ -6245,6 +6245,14 @@
| taint.cpp:657:12:657:15 | call to data | taint.cpp:657:3:657:8 | call to memcpy | |
| taint.cpp:657:20:657:25 | source | taint.cpp:657:3:657:8 | call to memcpy | TAINT |
| taint.cpp:657:20:657:25 | source | taint.cpp:657:12:657:15 | ref arg call to data | TAINT |
| taint.cpp:668:14:668:14 | s | taint.cpp:669:18:669:18 | s | |
| taint.cpp:668:14:668:14 | s | taint.cpp:671:7:671:7 | s | |
| taint.cpp:668:14:668:14 | s | taint.cpp:672:7:672:7 | s | |
| taint.cpp:668:14:668:14 | s | taint.cpp:673:7:673:7 | s | |
| taint.cpp:669:18:669:18 | s [post update] | taint.cpp:671:7:671:7 | s | |
| taint.cpp:669:18:669:18 | s [post update] | taint.cpp:672:7:672:7 | s | |
| taint.cpp:669:18:669:18 | s [post update] | taint.cpp:673:7:673:7 | s | |
| taint.cpp:672:7:672:7 | s [post update] | taint.cpp:673:7:673:7 | s | |
| vector.cpp:16:43:16:49 | source1 | vector.cpp:17:26:17:32 | source1 | |
| vector.cpp:16:43:16:49 | source1 | vector.cpp:31:38:31:44 | source1 | |
| vector.cpp:17:21:17:33 | call to vector | vector.cpp:19:14:19:14 | v | |

15
cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp
View File

@@ -656,4 +656,19 @@ void test_with_const_member(char* source) {
C_const_member_function c;
memcpy(c.data(), source, 16);
sink(c.data()); // $ ast MISSING: ir
}
void argument_source(void*);
struct two_members {
char *x, *y;
};
void test_argument_source_field_to_obj() {
two_members s;
argument_source(s.x);
sink(s); // $ SPURIOUS: ast
sink(s.x); // $ ast MISSING: ir
sink(s.y); // clean
}

10
cpp/ql/test/library-tests/dataflow/taint-tests/taint.ql
View File

@@ -53,6 +53,11 @@ module ASTTest {
or
// Track uninitialized variables
exists(source.asUninitialized())
or
exists(FunctionCall fc |
fc.getAnArgument() = source.asDefiningArgument() and
fc.getTarget().hasName("argument_source")
)
}
override predicate isSink(DataFlow::Node sink) {
@@ -80,6 +85,11 @@ module IRTest {
source.(DataFlow::ExprNode).getConvertedExpr().(FunctionCall).getTarget().getName() = "source"
or
source.asParameter().getName().matches("source%")
or
exists(FunctionCall fc |
fc.getAnArgument() = source.asDefiningArgument() and
fc.getTarget().hasName("argument_source")
)
}
override predicate isSink(DataFlow::Node sink) {