hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' into dataflow-TTwo

Browse Source 
Conflicts:
      cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll
      cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll
      cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll
      cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll
      cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll
      cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll
      cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll
      cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll
      cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll
      cpp/ql/test/library-tests/dataflow/fields/flow.expected
      csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll
      csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll
      csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll
      csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll
      csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll
      java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll
      java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl2.qll
      java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl3.qll
      java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl4.qll
      java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl5.qll
This commit is contained in:
Jonas Jensen
2019-09-08 21:08:43 +02:00
parent 9c9b7ac651 9eebe00b33
commit d51e5212fb
428 changed files with 8105 additions and 2374 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
cpp/ql/test/library-tests/dataflow/dataflow-tests/clang.cpp Normal file
View File

@@ -0,0 +1,53 @@
// semmle-extractor-options: --edg --clang
int source();
void sink(int); void sink(const int *); void sink(int **);
struct twoIntFields {
int m1, m2;
int getFirst() { return m1; }
};
void following_pointers(
int sourceArray1[],
int cleanArray1[],
twoIntFields sourceStruct1,
twoIntFields *sourceStruct1_ptr,
int (*sourceFunctionPointer)())
{
sink(sourceArray1); // flow
sink(sourceArray1[0]); // no flow
sink(*sourceArray1); // no flow
sink(&sourceArray1); // no flow (since sourceArray1 is really a pointer)
sink(sourceStruct1.m1); // no flow
sink(sourceStruct1_ptr->m1); // no flow
sink(sourceStruct1_ptr->getFirst()); // no flow
sourceStruct1_ptr->m1 = source();
sink(sourceStruct1_ptr->m1); // flow
sink(sourceStruct1_ptr->getFirst()); // flow [NOT DETECTED with IR]
sink(sourceStruct1_ptr->m2); // no flow
sink(sourceStruct1.m1); // no flow
twoIntFields s = { source(), source() };
sink(s.m2); // flow
twoIntFields sArray[1] = { { source(), source() } };
// TODO: fix this like above
sink(sArray[0].m2); // flow (AST dataflow misses this due to limitations of the analysis)
twoIntFields sSwapped = { .m2 = source(), .m1 = 0 };
sink(sSwapped.m2); // flow
sink(sourceFunctionPointer()); // no flow
int stackArray[2] = { source(), source() };
stackArray[0] = source();
sink(stackArray); // no flow
}

44
cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow.expected
View File

@@ -37,25 +37,25 @@
| test.cpp:24:10:24:11 | t2 | test.cpp:23:23:23:24 | t1 |
| test.cpp:24:10:24:11 | t2 | test.cpp:24:5:24:11 | ... = ... |
| test.cpp:24:10:24:11 | t2 | test.cpp:26:8:26:9 | t1 |
| test.cpp:430:48:430:54 | source1 | test.cpp:432:17:432:23 | source1 |
| test.cpp:431:12:431:13 | 0 | test.cpp:432:11:432:13 | tmp |
| test.cpp:431:12:431:13 | 0 | test.cpp:432:33:432:35 | tmp |
| test.cpp:431:12:431:13 | 0 | test.cpp:433:8:433:10 | tmp |
| test.cpp:432:10:432:13 | & ... | test.cpp:432:3:432:8 | call to memcpy |
| test.cpp:432:10:432:13 | ref arg & ... | test.cpp:432:3:432:8 | call to memcpy |
| test.cpp:432:10:432:13 | ref arg & ... | test.cpp:432:33:432:35 | tmp |
| test.cpp:432:10:432:13 | ref arg & ... | test.cpp:433:8:433:10 | tmp |
| test.cpp:432:17:432:23 | source1 | test.cpp:432:10:432:13 | ref arg & ... |
| test.cpp:436:53:436:59 | source1 | test.cpp:439:17:439:23 | source1 |
| test.cpp:436:66:436:66 | b | test.cpp:441:7:441:7 | b |
| test.cpp:437:12:437:13 | 0 | test.cpp:438:19:438:21 | tmp |
| test.cpp:437:12:437:13 | 0 | test.cpp:439:11:439:13 | tmp |
| test.cpp:437:12:437:13 | 0 | test.cpp:439:33:439:35 | tmp |
| test.cpp:437:12:437:13 | 0 | test.cpp:440:8:440:10 | tmp |
| test.cpp:437:12:437:13 | 0 | test.cpp:442:10:442:12 | tmp |
| test.cpp:439:10:439:13 | & ... | test.cpp:439:3:439:8 | call to memcpy |
| test.cpp:439:10:439:13 | ref arg & ... | test.cpp:439:3:439:8 | call to memcpy |
| test.cpp:439:10:439:13 | ref arg & ... | test.cpp:439:33:439:35 | tmp |
| test.cpp:439:10:439:13 | ref arg & ... | test.cpp:440:8:440:10 | tmp |
| test.cpp:439:10:439:13 | ref arg & ... | test.cpp:442:10:442:12 | tmp |
| test.cpp:439:17:439:23 | source1 | test.cpp:439:10:439:13 | ref arg & ... |
| test.cpp:382:48:382:54 | source1 | test.cpp:384:17:384:23 | source1 |
| test.cpp:383:12:383:13 | 0 | test.cpp:384:11:384:13 | tmp |
| test.cpp:383:12:383:13 | 0 | test.cpp:384:33:384:35 | tmp |
| test.cpp:383:12:383:13 | 0 | test.cpp:385:8:385:10 | tmp |
| test.cpp:384:10:384:13 | & ... | test.cpp:384:3:384:8 | call to memcpy |
| test.cpp:384:10:384:13 | ref arg & ... | test.cpp:384:3:384:8 | call to memcpy |
| test.cpp:384:10:384:13 | ref arg & ... | test.cpp:384:33:384:35 | tmp |
| test.cpp:384:10:384:13 | ref arg & ... | test.cpp:385:8:385:10 | tmp |
| test.cpp:384:17:384:23 | source1 | test.cpp:384:10:384:13 | ref arg & ... |
| test.cpp:388:53:388:59 | source1 | test.cpp:391:17:391:23 | source1 |
| test.cpp:388:66:388:66 | b | test.cpp:393:7:393:7 | b |
| test.cpp:389:12:389:13 | 0 | test.cpp:390:19:390:21 | tmp |
| test.cpp:389:12:389:13 | 0 | test.cpp:391:11:391:13 | tmp |
| test.cpp:389:12:389:13 | 0 | test.cpp:391:33:391:35 | tmp |
| test.cpp:389:12:389:13 | 0 | test.cpp:392:8:392:10 | tmp |
| test.cpp:389:12:389:13 | 0 | test.cpp:394:10:394:12 | tmp |
| test.cpp:391:10:391:13 | & ... | test.cpp:391:3:391:8 | call to memcpy |
| test.cpp:391:10:391:13 | ref arg & ... | test.cpp:391:3:391:8 | call to memcpy |
| test.cpp:391:10:391:13 | ref arg & ... | test.cpp:391:33:391:35 | tmp |
| test.cpp:391:10:391:13 | ref arg & ... | test.cpp:392:8:392:10 | tmp |
| test.cpp:391:10:391:13 | ref arg & ... | test.cpp:394:10:394:12 | tmp |
| test.cpp:391:17:391:23 | source1 | test.cpp:391:10:391:13 | ref arg & ... |

48
cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp
View File

@@ -111,54 +111,6 @@ void local_references(int &source1, int clean1) {
}
}
struct twoIntFields {
int m1, m2;
int getFirst() { return m1; }
};
void following_pointers(
int sourceArray1[],
int cleanArray1[],
twoIntFields sourceStruct1,
twoIntFields *sourceStruct1_ptr,
int (*sourceFunctionPointer)())
{
sink(sourceArray1); // flow
sink(sourceArray1[0]); // no flow
sink(*sourceArray1); // no flow
sink(&sourceArray1); // no flow (since sourceArray1 is really a pointer)
sink(sourceStruct1.m1); // no flow
sink(sourceStruct1_ptr->m1); // no flow
sink(sourceStruct1_ptr->getFirst()); // no flow
sourceStruct1_ptr->m1 = source();
sink(sourceStruct1_ptr->m1); // flow
sink(sourceStruct1_ptr->getFirst()); // flow [NOT DETECTED with IR]
sink(sourceStruct1_ptr->m2); // no flow
sink(sourceStruct1.m1); // no flow
twoIntFields s = { source(), source() };
sink(s.m2); // flow
twoIntFields sArray[1] = { { source(), source() } };
// TODO: fix this like above
sink(sArray[0].m2); // flow (AST dataflow misses this due to limitations of the analysis)
twoIntFields sSwapped = { .m2 = source(), .m1 = 0 };
sink(sSwapped.m2); // flow
sink(sourceFunctionPointer()); // no flow
int stackArray[2] = { source(), source() };
stackArray[0] = source();
sink(stackArray); // no flow
}
int alwaysAssignSource(int *out) {
*out = source();
return 0;

72
cpp/ql/test/library-tests/dataflow/dataflow-tests/test.expected
View File

@@ -1,4 +1,9 @@
| acrossLinkTargets.cpp:12:8:12:8 | x | acrossLinkTargets.cpp:19:27:19:32 | call to source |
| clang.cpp:18:8:18:19 | sourceArray1 | clang.cpp:12:9:12:20 | sourceArray1 |
| clang.cpp:29:27:29:28 | m1 | clang.cpp:28:27:28:32 | call to source |
| clang.cpp:30:27:30:34 | call to getFirst | clang.cpp:28:27:28:32 | call to source |
| clang.cpp:37:10:37:11 | m2 | clang.cpp:34:32:34:37 | call to source |
| clang.cpp:45:17:45:18 | m2 | clang.cpp:43:35:43:40 | call to source |
| lambdas.cpp:14:3:14:6 | t | lambdas.cpp:8:10:8:15 | call to source |
| lambdas.cpp:18:8:18:8 | call to operator() | lambdas.cpp:8:10:8:15 | call to source |
| lambdas.cpp:21:3:21:6 | t | lambdas.cpp:8:10:8:15 | call to source |
@@ -19,42 +24,37 @@
| test.cpp:86:8:86:9 | i1 | test.cpp:83:7:83:8 | u2 |
| test.cpp:90:8:90:14 | source1 | test.cpp:89:28:89:34 | source1 |
| test.cpp:103:10:103:12 | ref | test.cpp:100:13:100:18 | call to source |
| test.cpp:126:8:126:19 | sourceArray1 | test.cpp:120:9:120:20 | sourceArray1 |
| test.cpp:137:27:137:28 | m1 | test.cpp:136:27:136:32 | call to source |
| test.cpp:138:27:138:34 | call to getFirst | test.cpp:136:27:136:32 | call to source |
| test.cpp:145:10:145:11 | m2 | test.cpp:142:32:142:37 | call to source |
| test.cpp:153:17:153:18 | m2 | test.cpp:151:35:151:40 | call to source |
| test.cpp:188:8:188:8 | y | test.cpp:186:27:186:32 | call to source |
| test.cpp:192:8:192:8 | s | test.cpp:199:33:199:38 | call to source |
| test.cpp:200:8:200:8 | y | test.cpp:199:33:199:38 | call to source |
| test.cpp:205:8:205:8 | x | test.cpp:212:34:212:39 | call to source |
| test.cpp:213:8:213:8 | y | test.cpp:212:34:212:39 | call to source |
| test.cpp:226:8:226:8 | y | test.cpp:219:11:219:16 | call to source |
| test.cpp:308:12:308:12 | x | test.cpp:293:14:293:19 | call to source |
| test.cpp:314:12:314:12 | x | test.cpp:313:22:313:27 | call to source |
| test.cpp:337:14:337:14 | x | test.cpp:353:17:353:22 | call to source |
| test.cpp:366:7:366:7 | x | test.cpp:362:4:362:9 | call to source |
| test.cpp:397:10:397:18 | globalVar | test.cpp:395:17:395:22 | call to source |
| test.cpp:413:10:413:14 | field | test.cpp:407:13:407:18 | call to source |
| test.cpp:417:10:417:14 | field | test.cpp:421:13:421:18 | call to source |
| test.cpp:423:10:423:14 | field | test.cpp:421:13:421:18 | call to source |
| test.cpp:433:8:433:10 | tmp | test.cpp:430:48:430:54 | source1 |
| test.cpp:440:8:440:10 | tmp | test.cpp:436:53:436:59 | source1 |
| test.cpp:442:10:442:12 | tmp | test.cpp:436:53:436:59 | source1 |
| test.cpp:449:8:449:10 | tmp | test.cpp:447:7:447:9 | tmp |
| test.cpp:456:8:456:10 | tmp | test.cpp:453:7:453:9 | tmp |
| test.cpp:466:8:466:12 | local | test.cpp:464:7:464:11 | local |
| test.cpp:466:8:466:12 | local | test.cpp:465:16:465:20 | ref arg local |
| test.cpp:472:8:472:12 | local | test.cpp:470:7:470:11 | local |
| test.cpp:472:8:472:12 | local | test.cpp:471:20:471:25 | ref arg & ... |
| test.cpp:478:8:478:12 | local | test.cpp:476:7:476:11 | local |
| test.cpp:478:8:478:12 | local | test.cpp:477:20:477:24 | ref arg local |
| test.cpp:485:8:485:12 | local | test.cpp:483:7:483:11 | local |
| test.cpp:485:8:485:12 | local | test.cpp:484:18:484:23 | ref arg & ... |
| test.cpp:491:8:491:12 | local | test.cpp:489:7:489:11 | local |
| test.cpp:491:8:491:12 | local | test.cpp:490:18:490:22 | ref arg local |
| test.cpp:498:9:498:22 | (statement expression) | test.cpp:497:26:497:32 | source1 |
| test.cpp:509:8:509:12 | local | test.cpp:497:26:497:32 | source1 |
| test.cpp:140:8:140:8 | y | test.cpp:138:27:138:32 | call to source |
| test.cpp:144:8:144:8 | s | test.cpp:151:33:151:38 | call to source |
| test.cpp:152:8:152:8 | y | test.cpp:151:33:151:38 | call to source |
| test.cpp:157:8:157:8 | x | test.cpp:164:34:164:39 | call to source |
| test.cpp:165:8:165:8 | y | test.cpp:164:34:164:39 | call to source |
| test.cpp:178:8:178:8 | y | test.cpp:171:11:171:16 | call to source |
| test.cpp:260:12:260:12 | x | test.cpp:245:14:245:19 | call to source |
| test.cpp:266:12:266:12 | x | test.cpp:265:22:265:27 | call to source |
| test.cpp:289:14:289:14 | x | test.cpp:305:17:305:22 | call to source |
| test.cpp:318:7:318:7 | x | test.cpp:314:4:314:9 | call to source |
| test.cpp:349:10:349:18 | globalVar | test.cpp:347:17:347:22 | call to source |
| test.cpp:365:10:365:14 | field | test.cpp:359:13:359:18 | call to source |
| test.cpp:369:10:369:14 | field | test.cpp:373:13:373:18 | call to source |
| test.cpp:375:10:375:14 | field | test.cpp:373:13:373:18 | call to source |
| test.cpp:385:8:385:10 | tmp | test.cpp:382:48:382:54 | source1 |
| test.cpp:392:8:392:10 | tmp | test.cpp:388:53:388:59 | source1 |
| test.cpp:394:10:394:12 | tmp | test.cpp:388:53:388:59 | source1 |
| test.cpp:401:8:401:10 | tmp | test.cpp:399:7:399:9 | tmp |
| test.cpp:408:8:408:10 | tmp | test.cpp:405:7:405:9 | tmp |
| test.cpp:418:8:418:12 | local | test.cpp:416:7:416:11 | local |
| test.cpp:418:8:418:12 | local | test.cpp:417:16:417:20 | ref arg local |
| test.cpp:424:8:424:12 | local | test.cpp:422:7:422:11 | local |
| test.cpp:424:8:424:12 | local | test.cpp:423:20:423:25 | ref arg & ... |
| test.cpp:430:8:430:12 | local | test.cpp:428:7:428:11 | local |
| test.cpp:430:8:430:12 | local | test.cpp:429:20:429:24 | ref arg local |
| test.cpp:437:8:437:12 | local | test.cpp:435:7:435:11 | local |
| test.cpp:437:8:437:12 | local | test.cpp:436:18:436:23 | ref arg & ... |
| test.cpp:443:8:443:12 | local | test.cpp:441:7:441:11 | local |
| test.cpp:443:8:443:12 | local | test.cpp:442:18:442:22 | ref arg local |
| test.cpp:450:9:450:22 | (statement expression) | test.cpp:449:26:449:32 | source1 |
| test.cpp:461:8:461:12 | local | test.cpp:449:26:449:32 | source1 |
| true_upon_entry.cpp:21:8:21:8 | x | true_upon_entry.cpp:17:11:17:16 | call to source |
| true_upon_entry.cpp:29:8:29:8 | x | true_upon_entry.cpp:27:9:27:14 | call to source |
| true_upon_entry.cpp:39:8:39:8 | x | true_upon_entry.cpp:33:11:33:16 | call to source |

44
cpp/ql/test/library-tests/dataflow/dataflow-tests/test_diff.expected
View File

@@ -1,3 +1,6 @@
| clang.cpp:28:27:28:32 | clang.cpp:29:27:29:28 | AST only |
| clang.cpp:28:27:28:32 | clang.cpp:30:27:30:34 | AST only |
| clang.cpp:39:42:39:47 | clang.cpp:41:18:41:19 | IR only |
| lambdas.cpp:8:10:8:15 | lambdas.cpp:14:3:14:6 | AST only |
| lambdas.cpp:8:10:8:15 | lambdas.cpp:18:8:18:8 | AST only |
| lambdas.cpp:8:10:8:15 | lambdas.cpp:21:3:21:6 | AST only |
@@ -7,28 +10,25 @@
| test.cpp:89:28:89:34 | test.cpp:92:8:92:14 | IR only |
| test.cpp:100:13:100:18 | test.cpp:103:10:103:12 | AST only |
| test.cpp:109:9:109:14 | test.cpp:110:10:110:12 | IR only |
| test.cpp:136:27:136:32 | test.cpp:137:27:137:28 | AST only |
| test.cpp:136:27:136:32 | test.cpp:138:27:138:34 | AST only |
| test.cpp:147:42:147:47 | test.cpp:149:18:149:19 | IR only |
| test.cpp:395:17:395:22 | test.cpp:397:10:397:18 | AST only |
| test.cpp:407:13:407:18 | test.cpp:413:10:413:14 | AST only |
| test.cpp:421:13:421:18 | test.cpp:417:10:417:14 | AST only |
| test.cpp:421:13:421:18 | test.cpp:423:10:423:14 | AST only |
| test.cpp:430:48:430:54 | test.cpp:433:8:433:10 | AST only |
| test.cpp:436:53:436:59 | test.cpp:440:8:440:10 | AST only |
| test.cpp:436:53:436:59 | test.cpp:442:10:442:12 | AST only |
| test.cpp:447:7:447:9 | test.cpp:449:8:449:10 | AST only |
| test.cpp:453:7:453:9 | test.cpp:456:8:456:10 | AST only |
| test.cpp:464:7:464:11 | test.cpp:466:8:466:12 | AST only |
| test.cpp:465:16:465:20 | test.cpp:466:8:466:12 | AST only |
| test.cpp:470:7:470:11 | test.cpp:472:8:472:12 | AST only |
| test.cpp:471:20:471:25 | test.cpp:472:8:472:12 | AST only |
| test.cpp:476:7:476:11 | test.cpp:478:8:478:12 | AST only |
| test.cpp:477:20:477:24 | test.cpp:478:8:478:12 | AST only |
| test.cpp:483:7:483:11 | test.cpp:485:8:485:12 | AST only |
| test.cpp:484:18:484:23 | test.cpp:485:8:485:12 | AST only |
| test.cpp:489:7:489:11 | test.cpp:491:8:491:12 | AST only |
| test.cpp:490:18:490:22 | test.cpp:491:8:491:12 | AST only |
| test.cpp:347:17:347:22 | test.cpp:349:10:349:18 | AST only |
| test.cpp:359:13:359:18 | test.cpp:365:10:365:14 | AST only |
| test.cpp:373:13:373:18 | test.cpp:369:10:369:14 | AST only |
| test.cpp:373:13:373:18 | test.cpp:375:10:375:14 | AST only |
| test.cpp:382:48:382:54 | test.cpp:385:8:385:10 | AST only |
| test.cpp:388:53:388:59 | test.cpp:392:8:392:10 | AST only |
| test.cpp:388:53:388:59 | test.cpp:394:10:394:12 | AST only |
| test.cpp:399:7:399:9 | test.cpp:401:8:401:10 | AST only |
| test.cpp:405:7:405:9 | test.cpp:408:8:408:10 | AST only |
| test.cpp:416:7:416:11 | test.cpp:418:8:418:12 | AST only |
| test.cpp:417:16:417:20 | test.cpp:418:8:418:12 | AST only |
| test.cpp:422:7:422:11 | test.cpp:424:8:424:12 | AST only |
| test.cpp:423:20:423:25 | test.cpp:424:8:424:12 | AST only |
| test.cpp:428:7:428:11 | test.cpp:430:8:430:12 | AST only |
| test.cpp:429:20:429:24 | test.cpp:430:8:430:12 | AST only |
| test.cpp:435:7:435:11 | test.cpp:437:8:437:12 | AST only |
| test.cpp:436:18:436:23 | test.cpp:437:8:437:12 | AST only |
| test.cpp:441:7:441:11 | test.cpp:443:8:443:12 | AST only |
| test.cpp:442:18:442:22 | test.cpp:443:8:443:12 | AST only |
| true_upon_entry.cpp:9:11:9:16 | true_upon_entry.cpp:13:8:13:8 | IR only |
| true_upon_entry.cpp:62:11:62:16 | true_upon_entry.cpp:66:8:66:8 | IR only |
| true_upon_entry.cpp:98:11:98:16 | true_upon_entry.cpp:105:8:105:8 | IR only |

34
cpp/ql/test/library-tests/dataflow/dataflow-tests/test_ir.expected
View File

@@ -1,5 +1,10 @@
| acrossLinkTargets.cpp:12:8:12:8 | Convert: (int)... | acrossLinkTargets.cpp:19:27:19:32 | Call: call to source |
| acrossLinkTargets.cpp:12:8:12:8 | Load: x | acrossLinkTargets.cpp:19:27:19:32 | Call: call to source |
| clang.cpp:18:8:18:19 | Convert: (const int *)... | clang.cpp:12:9:12:20 | InitializeParameter: sourceArray1 |
| clang.cpp:18:8:18:19 | Load: sourceArray1 | clang.cpp:12:9:12:20 | InitializeParameter: sourceArray1 |
| clang.cpp:37:10:37:11 | Load: m2 | clang.cpp:34:32:34:37 | Call: call to source |
| clang.cpp:41:18:41:19 | Load: m2 | clang.cpp:39:42:39:47 | Call: call to source |
| clang.cpp:45:17:45:18 | Load: m2 | clang.cpp:43:35:43:40 | Call: call to source |
| test.cpp:7:8:7:9 | Load: t1 | test.cpp:6:12:6:17 | Call: call to source |
| test.cpp:9:8:9:9 | Load: t1 | test.cpp:6:12:6:17 | Call: call to source |
| test.cpp:10:8:10:9 | Load: t2 | test.cpp:6:12:6:17 | Call: call to source |
@@ -15,23 +20,18 @@
| test.cpp:90:8:90:14 | Load: source1 | test.cpp:89:28:89:34 | InitializeParameter: source1 |
| test.cpp:92:8:92:14 | Load: source1 | test.cpp:89:28:89:34 | InitializeParameter: source1 |
| test.cpp:110:10:110:12 | Load: (reference dereference) | test.cpp:109:9:109:14 | Call: call to source |
| test.cpp:126:8:126:19 | Convert: (const int *)... | test.cpp:120:9:120:20 | InitializeParameter: sourceArray1 |
| test.cpp:126:8:126:19 | Load: sourceArray1 | test.cpp:120:9:120:20 | InitializeParameter: sourceArray1 |
| test.cpp:145:10:145:11 | Load: m2 | test.cpp:142:32:142:37 | Call: call to source |
| test.cpp:149:18:149:19 | Load: m2 | test.cpp:147:42:147:47 | Call: call to source |
| test.cpp:153:17:153:18 | Load: m2 | test.cpp:151:35:151:40 | Call: call to source |
| test.cpp:188:8:188:8 | Load: y | test.cpp:186:27:186:32 | Call: call to source |
| test.cpp:192:8:192:8 | Load: s | test.cpp:199:33:199:38 | Call: call to source |
| test.cpp:200:8:200:8 | Load: y | test.cpp:199:33:199:38 | Call: call to source |
| test.cpp:205:8:205:8 | Load: x | test.cpp:212:34:212:39 | Call: call to source |
| test.cpp:213:8:213:8 | Load: y | test.cpp:212:34:212:39 | Call: call to source |
| test.cpp:226:8:226:8 | Load: y | test.cpp:219:11:219:16 | Call: call to source |
| test.cpp:308:12:308:12 | Load: x | test.cpp:293:14:293:19 | Call: call to source |
| test.cpp:314:12:314:12 | Load: x | test.cpp:313:22:313:27 | Call: call to source |
| test.cpp:337:14:337:14 | Load: x | test.cpp:353:17:353:22 | Call: call to source |
| test.cpp:366:7:366:7 | Load: x | test.cpp:362:4:362:9 | Call: call to source |
| test.cpp:498:9:498:22 | CopyValue: (statement expression) | test.cpp:497:26:497:32 | InitializeParameter: source1 |
| test.cpp:509:8:509:12 | Load: local | test.cpp:497:26:497:32 | InitializeParameter: source1 |
| test.cpp:140:8:140:8 | Load: y | test.cpp:138:27:138:32 | Call: call to source |
| test.cpp:144:8:144:8 | Load: s | test.cpp:151:33:151:38 | Call: call to source |
| test.cpp:152:8:152:8 | Load: y | test.cpp:151:33:151:38 | Call: call to source |
| test.cpp:157:8:157:8 | Load: x | test.cpp:164:34:164:39 | Call: call to source |
| test.cpp:165:8:165:8 | Load: y | test.cpp:164:34:164:39 | Call: call to source |
| test.cpp:178:8:178:8 | Load: y | test.cpp:171:11:171:16 | Call: call to source |
| test.cpp:260:12:260:12 | Load: x | test.cpp:245:14:245:19 | Call: call to source |
| test.cpp:266:12:266:12 | Load: x | test.cpp:265:22:265:27 | Call: call to source |
| test.cpp:289:14:289:14 | Load: x | test.cpp:305:17:305:22 | Call: call to source |
| test.cpp:318:7:318:7 | Load: x | test.cpp:314:4:314:9 | Call: call to source |
| test.cpp:450:9:450:22 | CopyValue: (statement expression) | test.cpp:449:26:449:32 | InitializeParameter: source1 |
| test.cpp:461:8:461:12 | Load: local | test.cpp:449:26:449:32 | InitializeParameter: source1 |
| true_upon_entry.cpp:13:8:13:8 | Load: x | true_upon_entry.cpp:9:11:9:16 | Call: call to source |
| true_upon_entry.cpp:21:8:21:8 | Load: x | true_upon_entry.cpp:17:11:17:16 | Call: call to source |
| true_upon_entry.cpp:29:8:29:8 | Load: x | true_upon_entry.cpp:27:9:27:14 | Call: call to source |

34
cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected
View File

@@ -1,20 +1,20 @@
| test.cpp:75:7:75:8 | u1 | test.cpp:76:8:76:9 | u1 |
| test.cpp:83:7:83:8 | u2 | test.cpp:84:13:84:14 | u2 |
| test.cpp:83:7:83:8 | u2 | test.cpp:85:8:85:9 | u2 |
| test.cpp:447:7:447:9 | tmp | test.cpp:448:11:448:13 | tmp |
| test.cpp:447:7:447:9 | tmp | test.cpp:449:8:449:10 | tmp |
| test.cpp:453:7:453:9 | tmp | test.cpp:454:19:454:21 | tmp |
| test.cpp:453:7:453:9 | tmp | test.cpp:455:11:455:13 | tmp |
| test.cpp:453:7:453:9 | tmp | test.cpp:456:8:456:10 | tmp |
| test.cpp:464:7:464:11 | local | test.cpp:465:16:465:20 | local |
| test.cpp:464:7:464:11 | local | test.cpp:466:8:466:12 | local |
| test.cpp:470:7:470:11 | local | test.cpp:471:21:471:25 | local |
| test.cpp:470:7:470:11 | local | test.cpp:472:8:472:12 | local |
| test.cpp:476:7:476:11 | local | test.cpp:477:20:477:24 | local |
| test.cpp:476:7:476:11 | local | test.cpp:478:8:478:12 | local |
| test.cpp:476:7:476:11 | local | test.cpp:479:9:479:13 | local |
| test.cpp:483:7:483:11 | local | test.cpp:484:19:484:23 | local |
| test.cpp:483:7:483:11 | local | test.cpp:485:8:485:12 | local |
| test.cpp:489:7:489:11 | local | test.cpp:490:18:490:22 | local |
| test.cpp:489:7:489:11 | local | test.cpp:491:8:491:12 | local |
| test.cpp:489:7:489:11 | local | test.cpp:492:9:492:13 | local |
| test.cpp:399:7:399:9 | tmp | test.cpp:400:11:400:13 | tmp |
| test.cpp:399:7:399:9 | tmp | test.cpp:401:8:401:10 | tmp |
| test.cpp:405:7:405:9 | tmp | test.cpp:406:19:406:21 | tmp |
| test.cpp:405:7:405:9 | tmp | test.cpp:407:11:407:13 | tmp |
| test.cpp:405:7:405:9 | tmp | test.cpp:408:8:408:10 | tmp |
| test.cpp:416:7:416:11 | local | test.cpp:417:16:417:20 | local |
| test.cpp:416:7:416:11 | local | test.cpp:418:8:418:12 | local |
| test.cpp:422:7:422:11 | local | test.cpp:423:21:423:25 | local |
| test.cpp:422:7:422:11 | local | test.cpp:424:8:424:12 | local |
| test.cpp:428:7:428:11 | local | test.cpp:429:20:429:24 | local |
| test.cpp:428:7:428:11 | local | test.cpp:430:8:430:12 | local |
| test.cpp:428:7:428:11 | local | test.cpp:431:9:431:13 | local |
| test.cpp:435:7:435:11 | local | test.cpp:436:19:436:23 | local |
| test.cpp:435:7:435:11 | local | test.cpp:437:8:437:12 | local |
| test.cpp:441:7:441:11 | local | test.cpp:442:18:442:22 | local |
| test.cpp:441:7:441:11 | local | test.cpp:443:8:443:12 | local |
| test.cpp:441:7:441:11 | local | test.cpp:444:9:444:13 | local |

4
cpp/ql/test/library-tests/dataflow/fields/A.cpp
View File

@@ -129,7 +129,7 @@ public:
{
B *b = new B();
f7(b);
sink(b->c); // flow [NOT DETECTED]
sink(b->c); // flow
}
class D
@@ -151,7 +151,7 @@ public:
D *d = new D(b, r());
sink(d->b); // flow x2
sink(d->b->c); // flow
sink(b->c); // flow [NOT DETECTED]
sink(b->c); // flow
}
void f10()

31
cpp/ql/test/library-tests/dataflow/fields/aliasing.cpp
View File

@@ -61,3 +61,34 @@ void assignBeforeCopy() {
S copy2 = s2;
sink(copy2.m1); // flow
}
struct Wrapper {
S s;
};
void copyIntermediate() {
Wrapper w = { { 0, 0 } };
S s = w.s;
s.m1 = user_input();
sink(w.s.m1); // no flow
}
void pointerIntermediate() {
Wrapper w = { { 0, 0 } };
S *s = &w.s;
s->m1 = user_input();
sink(w.s.m1); // flow [FALSE NEGATIVE]
}
void referenceIntermediate() {
Wrapper w = { { 0, 0 } };
S &s = w.s;
s.m1 = user_input();
sink(w.s.m1); // flow [FALSE NEGATIVE]
}
void nestedAssign() {
Wrapper w = { { 0, 0 } };
w.s.m1 = user_input();
sink(w.s.m1); // flow
}

12
cpp/ql/test/library-tests/dataflow/fields/complex.cpp
View File

@@ -33,8 +33,16 @@ void sink(int x)
void bar(Bar &b)
{
sink(b.f.a()); // flow (through `b1.f.setA` and `b3.f.setA`) [NOT DETECTED]
sink(b.f.b()); // flow (through `b2.f.setB` and `b3.f.setB`) [NOT DETECTED]
// The library correctly finds that the four `user_input` sources can make it
// to the `sink` calls, but it also finds some source/sink combinations that
// are impossible. Those false positives here are a consequence of how the
// shared data flow library overapproximates field flow. The library only
// tracks the head (`f`) and the length (2) of the field access path, and
// then it tracks that both `a_` and `b_` have followed `f` in _some_ access
// path somewhere in the search. That makes the library conclude that there
// could be flow to `b.f.a_` even when the flow was actually to `b.f.b_`.
sink(b.f.a()); // flow [FALSE POSITIVE through `b2.f.setB` and `b3.f.setB`]
sink(b.f.b()); // flow [FALSE POSITIVE through `b1.f.setA` and `b3.f.setA`]
}
void foo()

42
cpp/ql/test/library-tests/dataflow/fields/flow.expected
View File

@@ -24,7 +24,12 @@ edges
| A.cpp:103:14:103:14 | c [a] | A.cpp:120:12:120:13 | c1 [a] |
| A.cpp:107:12:107:13 | c1 [a] | A.cpp:107:16:107:16 | a |
| A.cpp:120:12:120:13 | c1 [a] | A.cpp:120:16:120:16 | a |
| A.cpp:126:5:126:5 | b [post update] [c] | A.cpp:131:8:131:8 | ref arg b [c] |
| A.cpp:126:12:126:18 | new | A.cpp:126:5:126:5 | b [post update] [c] |
| A.cpp:131:8:131:8 | ref arg b [c] | A.cpp:132:10:132:10 | b [c] |
| A.cpp:132:10:132:10 | b [c] | A.cpp:132:13:132:13 | c |
| A.cpp:142:7:142:7 | b [post update] [c] | A.cpp:143:7:143:31 | ... = ... [c] |
| A.cpp:142:7:142:7 | b [post update] [c] | A.cpp:151:18:151:18 | ref arg b [c] |
| A.cpp:142:7:142:20 | ... = ... | A.cpp:142:7:142:7 | b [post update] [c] |
| A.cpp:142:14:142:20 | new | A.cpp:142:7:142:20 | ... = ... |
| A.cpp:143:7:143:10 | this [post update] [b, c] | A.cpp:151:12:151:24 | call to D [b, c] |
@@ -36,9 +41,11 @@ edges
| A.cpp:151:12:151:24 | call to D [b, c] | A.cpp:153:10:153:10 | d [b, c] |
| A.cpp:151:12:151:24 | call to D [b] | A.cpp:152:10:152:10 | d [b] |
| A.cpp:151:18:151:18 | b | A.cpp:151:12:151:24 | call to D [b] |
| A.cpp:151:18:151:18 | ref arg b [c] | A.cpp:154:10:154:10 | b [c] |
| A.cpp:152:10:152:10 | d [b] | A.cpp:152:13:152:13 | b |
| A.cpp:153:10:153:10 | d [b, c] | A.cpp:153:13:153:13 | b [c] |
| A.cpp:153:13:153:13 | b [c] | A.cpp:153:16:153:16 | c |
| A.cpp:154:10:154:10 | b [c] | A.cpp:154:13:154:13 | c |
| A.cpp:159:12:159:18 | new | A.cpp:160:29:160:29 | b |
| A.cpp:160:18:160:60 | call to MyList [head] | A.cpp:161:38:161:39 | l1 [head] |
| A.cpp:160:29:160:29 | b | A.cpp:160:18:160:60 | call to MyList [head] |
@@ -96,6 +103,34 @@ edges
| aliasing.cpp:60:3:60:22 | ... = ... | aliasing.cpp:60:3:60:4 | s2 [post update] [m1] |
| aliasing.cpp:60:11:60:20 | call to user_input | aliasing.cpp:60:3:60:22 | ... = ... |
| aliasing.cpp:62:8:62:12 | copy2 [m1] | aliasing.cpp:62:14:62:15 | m1 |
| aliasing.cpp:92:3:92:3 | w [post update] [s, m1] | aliasing.cpp:93:8:93:8 | w [s, m1] |
| aliasing.cpp:92:3:92:23 | ... = ... | aliasing.cpp:92:5:92:5 | s [post update] [m1] |
| aliasing.cpp:92:5:92:5 | s [post update] [m1] | aliasing.cpp:92:3:92:3 | w [post update] [s, m1] |
| aliasing.cpp:92:12:92:21 | call to user_input | aliasing.cpp:92:3:92:23 | ... = ... |
| aliasing.cpp:93:8:93:8 | w [s, m1] | aliasing.cpp:93:10:93:10 | s [m1] |
| aliasing.cpp:93:10:93:10 | s [m1] | aliasing.cpp:93:12:93:13 | m1 |
| complex.cpp:34:15:34:15 | b [f, a_] | complex.cpp:44:8:44:8 | b [f, a_] |
| complex.cpp:34:15:34:15 | b [f, b_] | complex.cpp:45:8:45:8 | b [f, b_] |
| complex.cpp:44:8:44:8 | b [f, a_] | complex.cpp:44:10:44:10 | f [a_] |
| complex.cpp:44:10:44:10 | f [a_] | complex.cpp:44:12:44:12 | call to a |
| complex.cpp:45:8:45:8 | b [f, b_] | complex.cpp:45:10:45:10 | f [b_] |
| complex.cpp:45:10:45:10 | f [b_] | complex.cpp:45:12:45:12 | call to b |
| complex.cpp:55:3:55:4 | b1 [post update] [f, a_] | complex.cpp:61:7:61:8 | b1 [f, a_] |
| complex.cpp:55:6:55:6 | f [post update] [a_] | complex.cpp:55:3:55:4 | b1 [post update] [f, a_] |
| complex.cpp:55:13:55:22 | call to user_input | complex.cpp:55:6:55:6 | f [post update] [a_] |
| complex.cpp:56:3:56:4 | b2 [post update] [f, b_] | complex.cpp:64:7:64:8 | b2 [f, b_] |
| complex.cpp:56:6:56:6 | f [post update] [b_] | complex.cpp:56:3:56:4 | b2 [post update] [f, b_] |
| complex.cpp:56:13:56:22 | call to user_input | complex.cpp:56:6:56:6 | f [post update] [b_] |
| complex.cpp:57:3:57:4 | b3 [post update] [f, a_] | complex.cpp:67:7:67:8 | b3 [f, a_] |
| complex.cpp:57:6:57:6 | f [post update] [a_] | complex.cpp:57:3:57:4 | b3 [post update] [f, a_] |
| complex.cpp:57:13:57:22 | call to user_input | complex.cpp:57:6:57:6 | f [post update] [a_] |
| complex.cpp:58:3:58:4 | b3 [post update] [f, b_] | complex.cpp:67:7:67:8 | b3 [f, b_] |
| complex.cpp:58:6:58:6 | f [post update] [b_] | complex.cpp:58:3:58:4 | b3 [post update] [f, b_] |
| complex.cpp:58:13:58:22 | call to user_input | complex.cpp:58:6:58:6 | f [post update] [b_] |
| complex.cpp:61:7:61:8 | b1 [f, a_] | complex.cpp:34:15:34:15 | b [f, a_] |
| complex.cpp:64:7:64:8 | b2 [f, b_] | complex.cpp:34:15:34:15 | b [f, b_] |
| complex.cpp:67:7:67:8 | b3 [f, a_] | complex.cpp:34:15:34:15 | b [f, a_] |
| complex.cpp:67:7:67:8 | b3 [f, b_] | complex.cpp:34:15:34:15 | b [f, b_] |
| constructors.cpp:26:15:26:15 | f [a_] | constructors.cpp:28:10:28:10 | f [a_] |
| constructors.cpp:26:15:26:15 | f [b_] | constructors.cpp:29:10:29:10 | f [b_] |
| constructors.cpp:28:10:28:10 | f [a_] | constructors.cpp:28:12:28:12 | call to a |
@@ -145,9 +180,11 @@ edges
| A.cpp:75:14:75:14 | c | A.cpp:73:25:73:32 | new | A.cpp:75:14:75:14 | c | c flows from $@ | A.cpp:73:25:73:32 | new | new |
| A.cpp:107:16:107:16 | a | A.cpp:98:12:98:18 | new | A.cpp:107:16:107:16 | a | a flows from $@ | A.cpp:98:12:98:18 | new | new |
| A.cpp:120:16:120:16 | a | A.cpp:98:12:98:18 | new | A.cpp:120:16:120:16 | a | a flows from $@ | A.cpp:98:12:98:18 | new | new |
| A.cpp:132:13:132:13 | c | A.cpp:126:12:126:18 | new | A.cpp:132:13:132:13 | c | c flows from $@ | A.cpp:126:12:126:18 | new | new |
| A.cpp:152:13:152:13 | b | A.cpp:143:25:143:31 | new | A.cpp:152:13:152:13 | b | b flows from $@ | A.cpp:143:25:143:31 | new | new |
| A.cpp:152:13:152:13 | b | A.cpp:150:12:150:18 | new | A.cpp:152:13:152:13 | b | b flows from $@ | A.cpp:150:12:150:18 | new | new |
| A.cpp:153:16:153:16 | c | A.cpp:142:14:142:20 | new | A.cpp:153:16:153:16 | c | c flows from $@ | A.cpp:142:14:142:20 | new | new |
| A.cpp:154:13:154:13 | c | A.cpp:142:14:142:20 | new | A.cpp:154:13:154:13 | c | c flows from $@ | A.cpp:142:14:142:20 | new | new |
| A.cpp:165:26:165:29 | head | A.cpp:159:12:159:18 | new | A.cpp:165:26:165:29 | head | head flows from $@ | A.cpp:159:12:159:18 | new | new |
| A.cpp:169:15:169:18 | head | A.cpp:159:12:159:18 | new | A.cpp:169:15:169:18 | head | head flows from $@ | A.cpp:159:12:159:18 | new | new |
| B.cpp:9:20:9:24 | elem1 | B.cpp:6:15:6:24 | new | B.cpp:9:20:9:24 | elem1 | elem1 flows from $@ | B.cpp:6:15:6:24 | new | new |
@@ -157,6 +194,11 @@ edges
| aliasing.cpp:29:11:29:12 | m1 | aliasing.cpp:9:11:9:20 | call to user_input | aliasing.cpp:29:11:29:12 | m1 | m1 flows from $@ | aliasing.cpp:9:11:9:20 | call to user_input | call to user_input |
| aliasing.cpp:30:11:30:12 | m1 | aliasing.cpp:13:10:13:19 | call to user_input | aliasing.cpp:30:11:30:12 | m1 | m1 flows from $@ | aliasing.cpp:13:10:13:19 | call to user_input | call to user_input |
| aliasing.cpp:62:14:62:15 | m1 | aliasing.cpp:60:11:60:20 | call to user_input | aliasing.cpp:62:14:62:15 | m1 | m1 flows from $@ | aliasing.cpp:60:11:60:20 | call to user_input | call to user_input |
| aliasing.cpp:93:12:93:13 | m1 | aliasing.cpp:92:12:92:21 | call to user_input | aliasing.cpp:93:12:93:13 | m1 | m1 flows from $@ | aliasing.cpp:92:12:92:21 | call to user_input | call to user_input |
| complex.cpp:44:12:44:12 | call to a | complex.cpp:55:13:55:22 | call to user_input | complex.cpp:44:12:44:12 | call to a | call to a flows from $@ | complex.cpp:55:13:55:22 | call to user_input | call to user_input |
| complex.cpp:44:12:44:12 | call to a | complex.cpp:57:13:57:22 | call to user_input | complex.cpp:44:12:44:12 | call to a | call to a flows from $@ | complex.cpp:57:13:57:22 | call to user_input | call to user_input |
| complex.cpp:45:12:45:12 | call to b | complex.cpp:56:13:56:22 | call to user_input | complex.cpp:45:12:45:12 | call to b | call to b flows from $@ | complex.cpp:56:13:56:22 | call to user_input | call to user_input |
| complex.cpp:45:12:45:12 | call to b | complex.cpp:58:13:58:22 | call to user_input | complex.cpp:45:12:45:12 | call to b | call to b flows from $@ | complex.cpp:58:13:58:22 | call to user_input | call to user_input |
| constructors.cpp:28:12:28:12 | call to a | constructors.cpp:34:11:34:20 | call to user_input | constructors.cpp:28:12:28:12 | call to a | call to a flows from $@ | constructors.cpp:34:11:34:20 | call to user_input | call to user_input |
| constructors.cpp:28:12:28:12 | call to a | constructors.cpp:36:11:36:20 | call to user_input | constructors.cpp:28:12:28:12 | call to a | call to a flows from $@ | constructors.cpp:36:11:36:20 | call to user_input | call to user_input |
| constructors.cpp:29:12:29:12 | call to b | constructors.cpp:35:14:35:23 | call to user_input | constructors.cpp:29:12:29:12 | call to b | call to b flows from $@ | constructors.cpp:35:14:35:23 | call to user_input | call to user_input |

16
cpp/ql/test/library-tests/dataflow/partialdefinitions/partialdefinitions.cpp Normal file
View File

@@ -0,0 +1,16 @@
struct MyStruct
{
int x;
struct MySubStruct {
int z;
} y;
};
void test()
{
MyStruct s;
s.x = 1;
s.y.z = 1;
}

3
cpp/ql/test/library-tests/dataflow/partialdefinitions/partialdefinitions.expected Normal file
View File

@@ -0,0 +1,3 @@
| partialdefinitions.cpp:14:2:14:2 | partial def of s | partialdefinitions.cpp:14:2:14:2 | s | partialdefinitions.cpp:14:2:14:8 | ... = ... |
| partialdefinitions.cpp:15:2:15:2 | partial def of s | partialdefinitions.cpp:15:2:15:2 | s | partialdefinitions.cpp:15:2:15:10 | ... = ... |
| partialdefinitions.cpp:15:4:15:4 | partial def of y | partialdefinitions.cpp:15:4:15:4 | y | partialdefinitions.cpp:15:2:15:10 | ... = ... |

4
cpp/ql/test/library-tests/dataflow/partialdefinitions/partialdefinitions.ql Normal file
View File

@@ -0,0 +1,4 @@
import semmle.code.cpp.dataflow.internal.FlowVar
from PartialDefinition def
select def, def.getDefinedExpr(), def.getSubBasicBlockStart()

9
cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
View File

@@ -133,6 +133,7 @@
| taint.cpp:165:22:165:25 | {...} | taint.cpp:172:10:172:15 | buffer | |
| taint.cpp:165:22:165:25 | {...} | taint.cpp:173:8:173:13 | buffer | |
| taint.cpp:165:24:165:24 | 0 | taint.cpp:165:22:165:25 | {...} | TAINT |
| taint.cpp:168:8:168:14 | ref arg tainted | taint.cpp:172:18:172:24 | tainted | |
| taint.cpp:170:10:170:15 | buffer | taint.cpp:170:3:170:8 | call to strcpy | |
| taint.cpp:170:10:170:15 | ref arg buffer | taint.cpp:170:3:170:8 | call to strcpy | |
| taint.cpp:170:10:170:15 | ref arg buffer | taint.cpp:171:8:171:13 | buffer | |
@@ -188,11 +189,11 @@
| taint.cpp:228:11:228:11 | Unknown literal | taint.cpp:228:11:228:11 | constructor init of field t | TAINT |
| taint.cpp:228:11:228:11 | Unknown literal | taint.cpp:228:11:228:11 | constructor init of field u | TAINT |
| taint.cpp:228:11:228:11 | `this` parameter in (constructor) | taint.cpp:228:11:228:11 | constructor init of field t [pre-this] | |
| taint.cpp:228:11:228:11 | `this` parameter in (constructor) | taint.cpp:243:11:243:11 | constructor init of field t [pre-this] | |
| taint.cpp:228:11:228:11 | constructor init of field t [post-this] | taint.cpp:228:11:228:11 | constructor init of field u [pre-this] | |
| taint.cpp:228:11:228:11 | constructor init of field t [pre-this] | taint.cpp:228:11:228:11 | constructor init of field u [pre-this] | |
| taint.cpp:228:11:232:2 | [...](...){...} | taint.cpp:233:7:233:7 | a | |
| taint.cpp:228:11:232:2 | {...} | taint.cpp:228:11:232:2 | [...](...){...} | |
| taint.cpp:228:17:228:17 | `this` parameter in operator() | taint.cpp:229:3:229:6 | this | |
| taint.cpp:228:17:228:17 | `this` parameter in operator() | taint.cpp:244:3:244:6 | this | |
| taint.cpp:229:3:229:6 | this | taint.cpp:230:3:230:6 | this | |
| taint.cpp:230:3:230:6 | this | taint.cpp:231:3:231:11 | this | |
| taint.cpp:235:11:235:11 | Unknown literal | taint.cpp:235:11:235:11 | constructor init of field t | TAINT |
@@ -211,11 +212,11 @@
| taint.cpp:238:7:238:12 | call to source | taint.cpp:238:3:238:14 | ... = ... | |
| taint.cpp:243:11:243:11 | Unknown literal | taint.cpp:243:11:243:11 | constructor init of field t | TAINT |
| taint.cpp:243:11:243:11 | Unknown literal | taint.cpp:243:11:243:11 | constructor init of field u | TAINT |
| taint.cpp:243:11:243:11 | `this` parameter in (constructor) | taint.cpp:228:11:228:11 | constructor init of field t [pre-this] | |
| taint.cpp:243:11:243:11 | `this` parameter in (constructor) | taint.cpp:243:11:243:11 | constructor init of field t [pre-this] | |
| taint.cpp:243:11:243:11 | constructor init of field t [post-this] | taint.cpp:243:11:243:11 | constructor init of field u [pre-this] | |
| taint.cpp:243:11:243:11 | constructor init of field t [pre-this] | taint.cpp:243:11:243:11 | constructor init of field u [pre-this] | |
| taint.cpp:243:11:246:2 | [...](...){...} | taint.cpp:247:2:247:2 | c | |
| taint.cpp:243:11:246:2 | {...} | taint.cpp:243:11:246:2 | [...](...){...} | |
| taint.cpp:243:15:243:15 | `this` parameter in operator() | taint.cpp:229:3:229:6 | this | |
| taint.cpp:243:15:243:15 | `this` parameter in operator() | taint.cpp:244:3:244:6 | this | |
| taint.cpp:244:3:244:6 | this | taint.cpp:245:3:245:6 | this | |
| taint.cpp:249:11:252:2 | [...](...){...} | taint.cpp:253:2:253:2 | d | |

3
cpp/ql/test/query-tests/Likely Bugs/Japanese Era/ConstructorOrMethodWithExactDate.cpp → cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/ConstructorOrMethodWithExactDate.cpp
View File

@@ -37,4 +37,7 @@ int Main()
// GOOD: method call with the same parameters in a different order (we only track year, month, day)
EraInfo * pDateTimeUtil4 = EraInfo::EraInfoFromDate(1, 2, 8, 1, 1989, L"\u5e73\u6210");
// BAD: constructor creating a EraInfo with exact Reiwa era start date
EraInfo * pDateTimeUtil5 = new EraInfo(2019, 5, 1);
}

7
cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/JapaneseEraDate.expected Normal file
View File

@@ -0,0 +1,7 @@
| ConstructorOrMethodWithExactDate.cpp:27:31:27:53 | call to EraInfo | Call that appears to have hard-coded Japanese era start date as parameter. |
| ConstructorOrMethodWithExactDate.cpp:30:32:30:77 | call to EraInfo | Call that appears to have hard-coded Japanese era start date as parameter. |
| ConstructorOrMethodWithExactDate.cpp:36:32:36:55 | call to EraInfoFromDate | Call that appears to have hard-coded Japanese era start date as parameter. |
| ConstructorOrMethodWithExactDate.cpp:42:32:42:54 | call to EraInfo | Call that appears to have hard-coded Japanese era start date as parameter. |
| StructWithExactDate.cpp:31:13:31:19 | tm_year | A time struct that is initialized with exact Japanese calendar era start date. |
| StructWithExactDate.cpp:46:8:46:12 | wYear | A time struct that is initialized with exact Japanese calendar era start date. |
| StructWithExactDate.cpp:60:9:60:13 | wYear | A time struct that is initialized with exact Japanese calendar era start date. |

1
cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/JapaneseEraDate.qlref Normal file
View File

@@ -0,0 +1 @@
Best Practices/Magic Constants/JapaneseEraDate.ql

7
cpp/ql/test/query-tests/Likely Bugs/Japanese Era/StructWithExactDate.cpp → cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/StructWithExactDate.cpp
View File

@@ -52,6 +52,13 @@ int main()
st1.wMonth = 1;
st1.wYear = 1990;
// BAD: Creation of SYSTEMTIME stuct corresponding to the beginning of Reiwa era
SYSTEMTIME st2;
st2.wDay = 1;
st2.wMonth = 5;
st2.wYear = 2019;
return 0;
}

3
cpp/ql/test/query-tests/Likely Bugs/Japanese Era/ConstructorOrMethodWithExactEraDate.expected
View File

@@ -1,3 +0,0 @@
| ConstructorOrMethodWithExactDate.cpp:27:31:27:53 | call to EraInfo | Call that appears to have hard-coded Japanese era start date as parameter. |
| ConstructorOrMethodWithExactDate.cpp:30:32:30:77 | call to EraInfo | Call that appears to have hard-coded Japanese era start date as parameter. |
| ConstructorOrMethodWithExactDate.cpp:36:32:36:55 | call to EraInfoFromDate | Call that appears to have hard-coded Japanese era start date as parameter. |

1
cpp/ql/test/query-tests/Likely Bugs/Japanese Era/ConstructorOrMethodWithExactEraDate.qlref
View File

@@ -1 +0,0 @@
Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql

2
cpp/ql/test/query-tests/Likely Bugs/Japanese Era/StructWithExactEraDate.expected
View File

@@ -1,2 +0,0 @@
| StructWithExactDate.cpp:31:13:31:19 | tm_year | A time struct that is initialized with exact Japanese calendar era start date. |
| StructWithExactDate.cpp:46:8:46:12 | wYear | A time struct that is initialized with exact Japanese calendar era start date. |

1
cpp/ql/test/query-tests/Likely Bugs/Japanese Era/StructWithExactEraDate.qlref
View File

@@ -1 +0,0 @@
Likely Bugs/JapaneseEra/StructWithExactEraDate.ql