C++: Accept test changes.

2025-12-23 20:26:32 +01:00 · 2023-01-31 14:15:12 +00:00
parent 88338bdfcf
commit eb31160ae0
5 changed files with 47 additions and 4 deletions
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-359/semmle/tests/PrivateCleartextWrite.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-359/semmle/tests/PrivateCleartextWrite.expected
@@ -2,10 +2,14 @@ edges
 | test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode |
 | test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode |
 | test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode |
+| test.cpp:74:24:74:30 | medical | test.cpp:74:11:74:15 | buff1 |
+| test.cpp:74:24:74:30 | medical | test.cpp:78:11:78:15 | buff2 |
 | test.cpp:74:24:74:30 | medical | test.cpp:78:24:78:27 | temp |
 | test.cpp:74:24:74:30 | medical | test.cpp:81:22:81:28 | medical |
+| test.cpp:77:16:77:22 | medical | test.cpp:78:11:78:15 | buff2 |
 | test.cpp:77:16:77:22 | medical | test.cpp:78:24:78:27 | temp |
 | test.cpp:77:16:77:22 | medical | test.cpp:81:22:81:28 | medical |
+| test.cpp:81:22:81:28 | medical | test.cpp:82:11:82:15 | buff3 |
 | test.cpp:81:22:81:28 | medical | test.cpp:82:24:82:28 | buff5 |
 | test.cpp:96:37:96:46 | theZipcode | test.cpp:96:37:96:46 | theZipcode |
 | test.cpp:96:37:96:46 | theZipcode | test.cpp:96:37:96:46 | theZipcode |
@@ -26,11 +30,14 @@ nodes
 | test.cpp:57:9:57:18 | theZipcode | semmle.label | theZipcode |
 | test.cpp:57:9:57:18 | theZipcode | semmle.label | theZipcode |
 | test.cpp:57:9:57:18 | theZipcode | semmle.label | theZipcode |
+| test.cpp:74:11:74:15 | buff1 | semmle.label | buff1 |
 | test.cpp:74:24:74:30 | medical | semmle.label | medical |
 | test.cpp:74:24:74:30 | medical | semmle.label | medical |
 | test.cpp:77:16:77:22 | medical | semmle.label | medical |
+| test.cpp:78:11:78:15 | buff2 | semmle.label | buff2 |
 | test.cpp:78:24:78:27 | temp | semmle.label | temp |
 | test.cpp:81:22:81:28 | medical | semmle.label | medical |
+| test.cpp:82:11:82:15 | buff3 | semmle.label | buff3 |
 | test.cpp:82:24:82:28 | buff5 | semmle.label | buff5 |
 | test.cpp:96:37:96:46 | theZipcode | semmle.label | theZipcode |
 | test.cpp:96:37:96:46 | theZipcode | semmle.label | theZipcode |
@@ -47,9 +54,15 @@ subpaths
 | test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@. | test.cpp:57:9:57:18 | theZipcode | this source of private data. |
 | test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@. | test.cpp:57:9:57:18 | theZipcode | this source of private data. |
 | test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@. | test.cpp:57:9:57:18 | theZipcode | this source of private data. |
+| test.cpp:74:11:74:15 | buff1 | test.cpp:74:24:74:30 | medical | test.cpp:74:11:74:15 | buff1 | This write into the external location 'buff1' may contain unencrypted data from $@. | test.cpp:74:24:74:30 | medical | this source of private data. |
 | test.cpp:74:24:74:30 | medical | test.cpp:74:24:74:30 | medical | test.cpp:74:24:74:30 | medical | This write into the external location 'medical' may contain unencrypted data from $@. | test.cpp:74:24:74:30 | medical | this source of private data. |
+| test.cpp:78:11:78:15 | buff2 | test.cpp:74:24:74:30 | medical | test.cpp:78:11:78:15 | buff2 | This write into the external location 'buff2' may contain unencrypted data from $@. | test.cpp:74:24:74:30 | medical | this source of private data. |
+| test.cpp:78:11:78:15 | buff2 | test.cpp:77:16:77:22 | medical | test.cpp:78:11:78:15 | buff2 | This write into the external location 'buff2' may contain unencrypted data from $@. | test.cpp:77:16:77:22 | medical | this source of private data. |
 | test.cpp:78:24:78:27 | temp | test.cpp:74:24:74:30 | medical | test.cpp:78:24:78:27 | temp | This write into the external location 'temp' may contain unencrypted data from $@. | test.cpp:74:24:74:30 | medical | this source of private data. |
 | test.cpp:78:24:78:27 | temp | test.cpp:77:16:77:22 | medical | test.cpp:78:24:78:27 | temp | This write into the external location 'temp' may contain unencrypted data from $@. | test.cpp:77:16:77:22 | medical | this source of private data. |
+| test.cpp:82:11:82:15 | buff3 | test.cpp:74:24:74:30 | medical | test.cpp:82:11:82:15 | buff3 | This write into the external location 'buff3' may contain unencrypted data from $@. | test.cpp:74:24:74:30 | medical | this source of private data. |
+| test.cpp:82:11:82:15 | buff3 | test.cpp:77:16:77:22 | medical | test.cpp:82:11:82:15 | buff3 | This write into the external location 'buff3' may contain unencrypted data from $@. | test.cpp:77:16:77:22 | medical | this source of private data. |
+| test.cpp:82:11:82:15 | buff3 | test.cpp:81:22:81:28 | medical | test.cpp:82:11:82:15 | buff3 | This write into the external location 'buff3' may contain unencrypted data from $@. | test.cpp:81:22:81:28 | medical | this source of private data. |
 | test.cpp:82:24:82:28 | buff5 | test.cpp:74:24:74:30 | medical | test.cpp:82:24:82:28 | buff5 | This write into the external location 'buff5' may contain unencrypted data from $@. | test.cpp:74:24:74:30 | medical | this source of private data. |
 | test.cpp:82:24:82:28 | buff5 | test.cpp:77:16:77:22 | medical | test.cpp:82:24:82:28 | buff5 | This write into the external location 'buff5' may contain unencrypted data from $@. | test.cpp:77:16:77:22 | medical | this source of private data. |
 | test.cpp:82:24:82:28 | buff5 | test.cpp:81:22:81:28 | medical | test.cpp:82:24:82:28 | buff5 | This write into the external location 'buff5' may contain unencrypted data from $@. | test.cpp:81:22:81:28 | medical | this source of private data. |
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp
@@ -354,7 +354,7 @@ void test_vector_output_iterator(int b) {
 	for(std::vector<int>::iterator it = v4.begin(); it != v4.end(); ++it) {
 		taint_vector_output_iterator(it);
 	}
-	sink(v4); // $ ast MISSING: ir
+	sink(v4); // $ ast,ir
 	
 	std::vector<int>::iterator i5 = v5.begin();
 	*i5 = source();
@@ -389,7 +389,7 @@ void test_vector_output_iterator(int b) {
 	*i9 = source();
 	taint_vector_output_iterator(i9);

-	sink(v9); // $ ast=330:10 ir SPURIOUS: ast=389:8
+	sink(v9); // $ ast=330:10 ir=330:10 SPURIOUS: ast=389:8 ir=389:8

 	std::vector<int>::iterator i10 = v10.begin();
 	vector_iterator_assign_wrapper(i10, 10);
@@ -397,7 +397,7 @@ void test_vector_output_iterator(int b) {

 	std::vector<int>::iterator i11 = v11.begin();
 	vector_iterator_assign_wrapper(i11, source());
-	sink(v11); // $ ast MISSING: ir
+	sink(v11); // $ ast,ir

 	std::vector<int>::iterator i12 = v12.begin();
 	*i12++ = 0;
@@ -529,6 +529,6 @@ void test_vector_iterator() {
 		sink(*it);
 		it += source();
 		sink(*it); // $ ast,ir
-		sink(vs[1]);
+		sink(vs[1]); // $ SPURIOUS: ir
 	}
 }
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected
@@ -1,16 +1,42 @@
 edges
 | tests.cpp:26:15:26:23 | badSource indirection | tests.cpp:51:12:51:20 | call to badSource indirection |
+| tests.cpp:26:32:26:35 | data | tests.cpp:26:15:26:23 | badSource indirection |
+| tests.cpp:26:32:26:35 | data | tests.cpp:38:25:38:36 | strncat output argument |
+| tests.cpp:26:32:26:35 | data indirection | tests.cpp:26:15:26:23 | badSource indirection |
+| tests.cpp:26:32:26:35 | data indirection | tests.cpp:38:25:38:36 | strncat output argument |
 | tests.cpp:33:34:33:39 | call to getenv indirection | tests.cpp:38:39:38:49 | (const char *)... indirection |
 | tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:26:15:26:23 | badSource indirection |
+| tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:26:15:26:23 | badSource indirection |
+| tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:26:15:26:23 | badSource indirection |
+| tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:51:22:51:25 | badSource output argument |
 | tests.cpp:38:39:38:49 | (const char *)... indirection | tests.cpp:38:25:38:36 | strncat output argument |
 | tests.cpp:51:12:51:20 | call to badSource indirection | tests.cpp:53:16:53:19 | (const char *)... indirection |
+| tests.cpp:51:22:51:25 | badSource output argument | tests.cpp:51:22:51:25 | data |
+| tests.cpp:51:22:51:25 | badSource output argument | tests.cpp:51:22:51:25 | data indirection |
+| tests.cpp:51:22:51:25 | data | tests.cpp:26:32:26:35 | data |
+| tests.cpp:51:22:51:25 | data | tests.cpp:51:12:51:20 | call to badSource indirection |
+| tests.cpp:51:22:51:25 | data | tests.cpp:51:22:51:25 | badSource output argument |
+| tests.cpp:51:22:51:25 | data indirection | tests.cpp:26:32:26:35 | data indirection |
+| tests.cpp:51:22:51:25 | data indirection | tests.cpp:51:12:51:20 | call to badSource indirection |
 nodes
 | tests.cpp:26:15:26:23 | badSource indirection | semmle.label | badSource indirection |
+| tests.cpp:26:15:26:23 | badSource indirection | semmle.label | badSource indirection |
+| tests.cpp:26:15:26:23 | badSource indirection | semmle.label | badSource indirection |
+| tests.cpp:26:32:26:35 | data | semmle.label | data |
+| tests.cpp:26:32:26:35 | data indirection | semmle.label | data indirection |
 | tests.cpp:33:34:33:39 | call to getenv indirection | semmle.label | call to getenv indirection |
 | tests.cpp:38:25:38:36 | strncat output argument | semmle.label | strncat output argument |
+| tests.cpp:38:25:38:36 | strncat output argument | semmle.label | strncat output argument |
+| tests.cpp:38:25:38:36 | strncat output argument | semmle.label | strncat output argument |
 | tests.cpp:38:39:38:49 | (const char *)... indirection | semmle.label | (const char *)... indirection |
 | tests.cpp:51:12:51:20 | call to badSource indirection | semmle.label | call to badSource indirection |
+| tests.cpp:51:22:51:25 | badSource output argument | semmle.label | badSource output argument |
+| tests.cpp:51:22:51:25 | data | semmle.label | data |
+| tests.cpp:51:22:51:25 | data indirection | semmle.label | data indirection |
 | tests.cpp:53:16:53:19 | (const char *)... indirection | semmle.label | (const char *)... indirection |
 subpaths
+| tests.cpp:51:22:51:25 | data | tests.cpp:26:32:26:35 | data | tests.cpp:26:15:26:23 | badSource indirection | tests.cpp:51:12:51:20 | call to badSource indirection |
+| tests.cpp:51:22:51:25 | data | tests.cpp:26:32:26:35 | data | tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:51:22:51:25 | badSource output argument |
+| tests.cpp:51:22:51:25 | data indirection | tests.cpp:26:32:26:35 | data indirection | tests.cpp:26:15:26:23 | badSource indirection | tests.cpp:51:12:51:20 | call to badSource indirection |
 #select
 | tests.cpp:53:16:53:19 | data | tests.cpp:33:34:33:39 | call to getenv indirection | tests.cpp:53:16:53:19 | (const char *)... indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | tests.cpp:33:34:33:39 | call to getenv indirection | user input (an environment variable) | tests.cpp:38:25:38:36 | strncat output argument | strncat output argument |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
@@ -46,6 +46,9 @@ edges
 | test.cpp:186:47:186:54 | filename indirection | test.cpp:188:20:188:24 | (const char *)... indirection |
 | test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:11:188:17 | strncat output argument |
 | test.cpp:187:18:187:25 | (const char *)... indirection | test.cpp:187:11:187:15 | strncat output argument |
+| test.cpp:188:11:188:17 | strncat output argument | test.cpp:188:11:188:17 | strncat output argument |
+| test.cpp:188:11:188:17 | strncat output argument | test.cpp:188:11:188:17 | strncat output argument |
+| test.cpp:188:11:188:17 | strncat output argument | test.cpp:188:11:188:17 | strncat output argument |
 | test.cpp:188:20:188:24 | (const char *)... indirection | test.cpp:188:11:188:17 | strncat output argument |
 | test.cpp:188:20:188:24 | (const char *)... indirection | test.cpp:188:11:188:17 | strncat output argument |
 | test.cpp:194:9:194:16 | fread output argument | test.cpp:196:26:196:33 | array to pointer conversion indirection |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
@@ -17,6 +17,7 @@ edges
 | overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:54:9:54:12 | memcpy output argument |
 | overflowdestination.cpp:50:52:50:54 | src indirection | overflowdestination.cpp:53:15:53:17 | src |
 | overflowdestination.cpp:53:9:53:12 | memcpy output argument | overflowdestination.cpp:54:9:54:12 | memcpy output argument |
+| overflowdestination.cpp:54:9:54:12 | memcpy output argument | overflowdestination.cpp:54:9:54:12 | memcpy output argument |
 | overflowdestination.cpp:57:52:57:54 | src | overflowdestination.cpp:64:16:64:19 | src2 |
 | overflowdestination.cpp:57:52:57:54 | src indirection | overflowdestination.cpp:64:16:64:19 | src2 |
 | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:75:30:75:32 | array to pointer conversion indirection |