From da54751d8506f8e9d8acc91cc560a1e92e170e87 Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mathiasvp@github.com>
Date: Thu, 22 Jun 2023 17:37:27 +0100
Subject: [PATCH] C++: Add testcase that demonstrate the need for self-flow out
 of indirect parameters.

---
 .../dataflow-consistency.expected             |  2 ++
 .../dataflow-tests/self_parameter_flow.cpp    | 14 ++++++++
 .../test_self_parameter_flow.expected         |  2 ++
 .../test_self_parameter_flow.ql               | 34 +++++++++++++++++++
 4 files changed, 52 insertions(+)
 create mode 100644 cpp/ql/test/library-tests/dataflow/dataflow-tests/self_parameter_flow.cpp
 create mode 100644 cpp/ql/test/library-tests/dataflow/dataflow-tests/test_self_parameter_flow.expected
 create mode 100644 cpp/ql/test/library-tests/dataflow/dataflow-tests/test_self_parameter_flow.ql

diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected
index 6129ed657ac..eb9e8efb1d2 100644
--- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected
+++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected
@@ -67,6 +67,8 @@ postWithInFlow
 | ref.cpp:109:9:109:11 | val [post update] | PostUpdateNode should not be the target of local flow. |
 | ref.cpp:113:11:113:13 | val [post update] | PostUpdateNode should not be the target of local flow. |
 | ref.cpp:115:11:115:13 | val [post update] | PostUpdateNode should not be the target of local flow. |
+| self_parameter_flow.cpp:3:4:3:5 | ps [inner post update] | PostUpdateNode should not be the target of local flow. |
+| self_parameter_flow.cpp:8:9:8:9 | s [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:91:3:91:9 | source1 [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:115:3:115:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:115:4:115:6 | out [inner post update] | PostUpdateNode should not be the target of local flow. |
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/self_parameter_flow.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/self_parameter_flow.cpp
new file mode 100644
index 00000000000..1c9d3aebf99
--- /dev/null
+++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/self_parameter_flow.cpp
@@ -0,0 +1,14 @@
+void incr(unsigned char **ps) // $ ast-def=ps ir-def=*ps ir-def=**ps 
+{
+  *ps += 1;
+}
+
+void callincr(unsigned char *s) // $ ast-def=s 
+{
+  incr(&s);
+}
+
+void test(unsigned char *s) // $ ast-def=s
+{
+  callincr(s); // $ MISSING: flow
+}
\ No newline at end of file
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test_self_parameter_flow.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test_self_parameter_flow.expected
new file mode 100644
index 00000000000..48de9172b36
--- /dev/null
+++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test_self_parameter_flow.expected
@@ -0,0 +1,2 @@
+failures
+testFailures
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test_self_parameter_flow.ql b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test_self_parameter_flow.ql
new file mode 100644
index 00000000000..c6ea9c5c96f
--- /dev/null
+++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test_self_parameter_flow.ql
@@ -0,0 +1,34 @@
+import cpp
+import semmle.code.cpp.dataflow.new.DataFlow
+import TestUtilities.InlineExpectationsTest
+
+module TestConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
+    source.getLocation().getFile().getBaseName() = "self_parameter_flow.cpp" and
+    source.asIndirectArgument() =
+      any(Call call | call.getTarget().hasName("callincr")).getAnArgument()
+  }
+
+  predicate isSink(DataFlow::Node sink) {
+    sink.asDefiningArgument() =
+      any(Call call | call.getTarget().hasName("callincr")).getAnArgument()
+  }
+}
+
+import DataFlow::Global<TestConfig>
+
+module TestSelfParameterFlow implements TestSig {
+  string getARelevantTag() { result = "flow" }
+
+  predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(DataFlow::Node sink |
+      flowTo(sink) and
+      location = sink.getLocation() and
+      element = sink.toString() and
+      tag = "flow" and
+      value = ""
+    )
+  }
+}
+
+import MakeTest<TestSelfParameterFlow>