hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Add tests for bounded hex format values

Browse Source
This commit is contained in:
Robert Marsh
2022-01-07 16:06:58 -05:00
parent d5682f157a
commit fa9242befe
2 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/OverrunWrite.expected
View File

@@ -14,6 +14,13 @@
| tests.c:120:3:120:9 | call to sprintf | This 'call to sprintf' operation requires 17 bytes but the destination is only 1 bytes. |
| tests.c:121:3:121:9 | call to sprintf | This 'call to sprintf' operation requires 17 bytes but the destination is only 16 bytes. |
| tests.c:136:2:136:8 | call to sprintf | This 'call to sprintf' operation requires 11 bytes but the destination is only 10 bytes. |
| tests.c:178:2:178:8 | call to sprintf | This 'call to sprintf' operation requires 9 bytes but the destination is only 2 bytes. |
| tests.c:179:2:179:8 | call to sprintf | This 'call to sprintf' operation requires 9 bytes but the destination is only 3 bytes. |
| tests.c:180:2:180:8 | call to sprintf | This 'call to sprintf' operation requires 9 bytes but the destination is only 5 bytes. |
| tests.c:182:3:182:9 | call to sprintf | This 'call to sprintf' operation requires 9 bytes but the destination is only 2 bytes. |
| tests.c:186:3:186:9 | call to sprintf | This 'call to sprintf' operation requires 9 bytes but the destination is only 2 bytes. |
| tests.c:189:3:189:9 | call to sprintf | This 'call to sprintf' operation requires 9 bytes but the destination is only 2 bytes. |
| tests.c:193:3:193:9 | call to sprintf | This 'call to sprintf' operation requires 9 bytes but the destination is only 5 bytes. |
| unions.c:26:2:26:7 | call to strcpy | This 'call to strcpy' operation requires 21 bytes but the destination is only 16 bytes. |
| unions.c:27:2:27:7 | call to strcpy | This 'call to strcpy' operation requires 21 bytes but the destination is only 15 bytes. |
| unions.c:27:2:27:7 | call to strcpy | This 'call to strcpy' operation requires 21 bytes but the destination is only 16 bytes. |

24
cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/tests.c
View File

@@ -169,3 +169,27 @@ void testVarSizeStruct()
snprintf(s->data, 10, "abcdefghijklmnopqrstuvwxyz"); // GOOD
}
void tesHexBounds(int x) {
char buffer2[2];
char buffer3[3];
char buffer5[5];
sprintf(buffer2, "%x", 1); // GOOD [FALSE POSITIVE]
sprintf(buffer3, "%x", 16); // GOOD [FALSE POSITIVE]
sprintf(buffer5, "%x", (unsigned short)x); // GOOD: bounded by conversion [FALSE POSITIVE]
if (x < 16 && x > 0) {
sprintf(buffer2, "%x", x); // GOOD: bounded by check [FALSE POSITIVE]
}
if (x < 16) {
sprintf(buffer2, "%x", x); // BAD: negative values
}
if (x <= 16 && x > 0) {
sprintf(buffer2, "%x", x); // BAD: bound too loose
}
if(x < 0x10000 && x > 0) {
sprintf(buffer5, "%x", x); // GOOD: bounded by check [FALSE POSITIVE]
}
}