Merge branch 'main' into ihsinme-patch-259

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-020/semmle/tests/LateCheckOfFunctionArgument.expected

@@ -0,0 +1 @@
+| test.c:6:3:6:8 | call to memset | The value of argument '$@' appears to be checked after the call, rather than before it. | test.c:6:17:6:20 | len1 | len1 |

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-020/semmle/tests/LateCheckOfFunctionArgument.qlref

@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-020/semmle/tests/test.c

@@ -0,0 +1,8 @@
+void workFunction_0(char *s) {
+  int len = 5, len1;
+  char buf[80], buf1[8];
+  if(len<0) return;
+  memset(buf,0,len); //GOOD
+  memset(buf1,0,len1); //BAD
+  if(len1<0) return;
+}

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-570/semmle/tests/test.cpp

@@ -14,8 +14,8 @@ using namespace std;
 
 void* operator new(std::size_t _Size);
 void* operator new[](std::size_t _Size);
-void* operator new( std::size_t count, const std::nothrow_t& tag );
-void* operator new[]( std::size_t count, const std::nothrow_t& tag );
+void* operator new( std::size_t count, const std::nothrow_t& tag ) noexcept;
+void* operator new[]( std::size_t count, const std::nothrow_t& tag ) noexcept;
 
 void badNew_0_0()
 {

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-691/semmle/tests/InsufficientControlFlowManagementWhenUsingBitOperations.expected

@@ -0,0 +1,2 @@
+| test.c:8:6:8:51 | ... & ... | This bitwise operation appears in a context where a Boolean operation is expected. |
+| test.c:10:6:10:30 | ... & ... | This bitwise operation appears in a context where a Boolean operation is expected. |

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-691/semmle/tests/InsufficientControlFlowManagementWhenUsingBitOperations.qlref

@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementWhenUsingBitOperations.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-691/semmle/tests/test.c

@@ -5,9 +5,9 @@ void workFunction_0(char *s) {
   int intSize;
   char buf[80];
   if(intSize>0 && intSize<80 && memset(buf,0,intSize)) return; // GOOD
-  if(intSize>0 & intSize<80 & memset(buf,0,intSize)) return; // BAD [NOT DETECTED]
+  if(intSize>0 & intSize<80 & memset(buf,0,intSize)) return; // BAD
   if(intSize>0 && tmpFunction()) return;
-  if(intSize<0 & tmpFunction()) return; // BAD [NOT DETECTED]
+  if(intSize<0 & tmpFunction()) return; // BAD
 }
 void workFunction_1(char *s) {
   int intA,intB;

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/OperatorPrecedenceLogicErrorWhenUseBoolType.expected

@@ -0,0 +1,5 @@
+| test.cpp:10:8:10:10 | - ... | this expression needs attention |
+| test.cpp:12:3:12:6 | ... ++ | this expression needs attention |
+| test.cpp:13:3:13:6 | ++ ... | this expression needs attention |
+| test.cpp:14:6:14:21 | ... = ... | this expression needs attention |
+| test.cpp:16:6:16:21 | ... = ... | this expression needs attention |

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/OperatorPrecedenceLogicErrorWhenUseBoolType.qlref

@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/test.cpp

@@ -0,0 +1,26 @@
+int tmpFunc()
+{
+  return 12;
+}
+void testFunction()
+{
+  int i1,i2,i3;
+  bool b1,b2,b3;
+  char c1,c2,c3;
+  b1 = -b2; //BAD
+  b1 = !b2; //GOOD
+  b1++; //BAD
+  ++b1; //BAD
+  if(i1=tmpFunc()!=i2) //BAD
+    return;
+  if(i1=tmpFunc()!=11) //BAD
+    return;
+  if((i1=tmpFunc())!=i2) //GOOD
+    return;
+  if((i1=tmpFunc())!=11) //GOOD
+    return;
+  if(i1=tmpFunc()!=1) //GOOD
+    return;
+  if(i1=tmpFunc()==b1) //GOOD
+    return;
+}