From c6d1ec5f646c1b014635c069b8bf70bb91103510 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 31 Mar 2026 11:06:38 +0100 Subject: [PATCH] C++: Add examples that need taint inheriting content. --- .../dataflow/external-models/sources.expected | 6 ++--- .../dataflow/external-models/windows.cpp | 26 +++++++++++++++++++ 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/external-models/sources.expected b/cpp/ql/test/library-tests/dataflow/external-models/sources.expected index 7ec872eda5c..ca37eaf98b3 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/sources.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/sources.expected @@ -32,6 +32,6 @@ | windows.cpp:669:70:669:79 | WinHttpQueryHeadersEx output argument | remote | | windows.cpp:669:82:669:87 | WinHttpQueryHeadersEx output argument | remote | | windows.cpp:669:105:669:112 | WinHttpQueryHeadersEx output argument | remote | -| windows.cpp:873:64:873:77 | HttpReceiveHttpRequest output argument | remote | -| windows.cpp:881:70:881:75 | HttpReceiveRequestEntityBody output argument | remote | -| windows.cpp:888:70:888:78 | HttpReceiveClientCertificate output argument | remote | +| windows.cpp:897:64:897:77 | HttpReceiveHttpRequest output argument | remote | +| windows.cpp:926:70:926:75 | HttpReceiveRequestEntityBody output argument | remote | +| windows.cpp:933:70:933:78 | HttpReceiveClientCertificate output argument | remote | diff --git a/cpp/ql/test/library-tests/dataflow/external-models/windows.cpp b/cpp/ql/test/library-tests/dataflow/external-models/windows.cpp index a3525a46053..ba068210f3c 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/windows.cpp +++ b/cpp/ql/test/library-tests/dataflow/external-models/windows.cpp @@ -887,6 +887,9 @@ ULONG HttpReceiveClientCertificate( LPOVERLAPPED Overlapped ); +void sink(PCWSTR); +void sink(HANDLE); + void test_http_server_api(HANDLE hRequestQueue) { { HTTP_REQUEST requestBuffer; @@ -895,6 +898,27 @@ void test_http_server_api(HANDLE hRequestQueue) { char* p = reinterpret_cast(&requestBuffer); sink(p); sink(*p); // $ ir + sink(requestBuffer.pRawUrl); + sink(*requestBuffer.pRawUrl); // $ MISSING: ir + sink(requestBuffer.CookedUrl.pFullUrl); + sink(*requestBuffer.CookedUrl.pFullUrl); // $ MISSING: ir + sink(requestBuffer.Headers.KnownHeaders[0].pRawValue); + sink(*requestBuffer.Headers.KnownHeaders[0].pRawValue); // $ MISSING: ir + sink(requestBuffer.Headers.pUnknownHeaders[0].pRawValue); + sink(*requestBuffer.Headers.pUnknownHeaders[0].pRawValue); // $ MISSING: ir + sink(requestBuffer.pEntityChunks->FromFileHandle.FileHandle); // $ MISSING: ir + sink(requestBuffer.pEntityChunks->FromFragmentCache.pFragmentName); + sink(*requestBuffer.pEntityChunks->FromFragmentCache.pFragmentName); // $ MISSING: ir + sink(requestBuffer.pEntityChunks->FromFragmentCacheEx.pFragmentName); + sink(*requestBuffer.pEntityChunks->FromFragmentCacheEx.pFragmentName); // $ MISSING: ir + sink(requestBuffer.pEntityChunks->FromMemory.pBuffer); + sink(*(char*)requestBuffer.pEntityChunks->FromMemory.pBuffer); // $ MISSING: ir + sink(requestBuffer.pSslInfo->pServerCertIssuer); + sink(*requestBuffer.pSslInfo->pServerCertIssuer); // $ MISSING: ir + sink(requestBuffer.pSslInfo->pServerCertSubject); + sink(*requestBuffer.pSslInfo->pServerCertSubject); // $ MISSING: ir + sink(requestBuffer.pSslInfo->pClientCertInfo->pCertEncoded); + sink(*requestBuffer.pSslInfo->pClientCertInfo->pCertEncoded); // $ MISSING: ir } { char buffer[1024]; @@ -910,5 +934,7 @@ void test_http_server_api(HANDLE hRequestQueue) { char* p = reinterpret_cast(&certInfo); sink(p); sink(*p); // $ ir + sink(certInfo.pCertEncoded); + sink(*certInfo.pCertEncoded); // $ MISSING: ir } } \ No newline at end of file