hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: require that other operands be predictable

Browse Source 
This brings back a constraint that was lost when switching
DefaultTaintTracking to use a TaintTracking::Configuration
This commit is contained in:
Robert Marsh
2020-04-30 14:25:17 -07:00
parent 7d79be71d1
commit fbe857d1fa
3 changed files with 19 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/uncontrolled/ArithmeticUncontrolled.expected
View File

@@ -35,14 +35,6 @@ edges
| test.c:75:13:75:19 | ... ^ ... | test.c:77:9:77:9 | r |
| test.c:75:13:75:19 | ... ^ ... | test.c:77:9:77:9 | r |
| test.c:75:13:75:19 | ... ^ ... | test.c:77:9:77:9 | r |
| test.c:81:14:81:17 | call to rand | test.c:83:9:83:9 | r |
| test.c:81:14:81:17 | call to rand | test.c:83:9:83:9 | r |
| test.c:81:14:81:17 | call to rand | test.c:83:9:83:9 | r |
| test.c:81:14:81:17 | call to rand | test.c:83:9:83:9 | r |
| test.c:81:23:81:26 | call to rand | test.c:83:9:83:9 | r |
| test.c:81:23:81:26 | call to rand | test.c:83:9:83:9 | r |
| test.c:81:23:81:26 | call to rand | test.c:83:9:83:9 | r |
| test.c:81:23:81:26 | call to rand | test.c:83:9:83:9 | r |
| test.c:99:14:99:19 | call to rand | test.c:100:5:100:5 | r |
| test.c:99:14:99:19 | call to rand | test.c:100:5:100:5 | r |
| test.c:99:14:99:19 | call to rand | test.c:100:5:100:5 | r |
@@ -110,13 +102,6 @@ nodes
| test.c:77:9:77:9 | r | semmle.label | r |
| test.c:77:9:77:9 | r | semmle.label | r |
| test.c:77:9:77:9 | r | semmle.label | r |
| test.c:81:14:81:17 | call to rand | semmle.label | call to rand |
| test.c:81:14:81:17 | call to rand | semmle.label | call to rand |
| test.c:81:23:81:26 | call to rand | semmle.label | call to rand |
| test.c:81:23:81:26 | call to rand | semmle.label | call to rand |
| test.c:83:9:83:9 | r | semmle.label | r |
| test.c:83:9:83:9 | r | semmle.label | r |
| test.c:83:9:83:9 | r | semmle.label | r |
| test.c:99:14:99:19 | call to rand | semmle.label | call to rand |
| test.c:99:14:99:19 | call to rand | semmle.label | call to rand |
| test.c:100:5:100:5 | r | semmle.label | r |
@@ -155,8 +140,6 @@ nodes
| test.c:56:5:56:5 | r | test.c:54:13:54:16 | call to rand | test.c:56:5:56:5 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:54:13:54:16 | call to rand | Uncontrolled value |
| test.c:67:5:67:5 | r | test.c:66:13:66:16 | call to rand | test.c:67:5:67:5 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:66:13:66:16 | call to rand | Uncontrolled value |
| test.c:77:9:77:9 | r | test.c:75:13:75:19 | ... ^ ... | test.c:77:9:77:9 | r | $@ flows to here and is used in arithmetic, potentially causing an underflow. | test.c:75:13:75:19 | ... ^ ... | Uncontrolled value |
| test.c:83:9:83:9 | r | test.c:81:14:81:17 | call to rand | test.c:83:9:83:9 | r | $@ flows to here and is used in arithmetic, potentially causing an underflow. | test.c:81:14:81:17 | call to rand | Uncontrolled value |
| test.c:83:9:83:9 | r | test.c:81:23:81:26 | call to rand | test.c:83:9:83:9 | r | $@ flows to here and is used in arithmetic, potentially causing an underflow. | test.c:81:23:81:26 | call to rand | Uncontrolled value |
| test.c:100:5:100:5 | r | test.c:99:14:99:19 | call to rand | test.c:100:5:100:5 | r | $@ flows to here and is used in arithmetic, potentially causing an underflow. | test.c:99:14:99:19 | call to rand | Uncontrolled value |
| test.cpp:25:7:25:7 | r | test.cpp:8:9:8:12 | call to rand | test.cpp:25:7:25:7 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.cpp:8:9:8:12 | call to rand | Uncontrolled value |
| test.cpp:31:7:31:7 | r | test.cpp:13:10:13:13 | call to rand | test.cpp:31:7:31:7 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.cpp:13:10:13:13 | call to rand | Uncontrolled value |

10
cpp/ql/test/query-tests/Security/CWE/CWE-807/semmle/TaintedCondition/TaintedCondition.expected
View File

@@ -7,25 +7,15 @@ edges
| test.cpp:20:29:20:47 | (const char *)... | test.cpp:24:11:24:16 | call to strcmp |
| test.cpp:20:29:20:47 | (const char *)... | test.cpp:41:10:41:38 | ! ... |
| test.cpp:20:29:20:47 | (const char *)... | test.cpp:41:11:41:16 | call to strcmp |
| test.cpp:29:27:29:32 | call to getenv | test.cpp:30:10:30:37 | ! ... |
| test.cpp:29:27:29:32 | call to getenv | test.cpp:30:11:30:16 | call to strcmp |
| test.cpp:29:27:29:42 | (const char *)... | test.cpp:30:10:30:37 | ! ... |
| test.cpp:29:27:29:42 | (const char *)... | test.cpp:30:11:30:16 | call to strcmp |
nodes
| test.cpp:20:29:20:34 | call to getenv | semmle.label | call to getenv |
| test.cpp:20:29:20:47 | (const char *)... | semmle.label | (const char *)... |
| test.cpp:24:10:24:35 | ! ... | semmle.label | ! ... |
| test.cpp:24:11:24:16 | call to strcmp | semmle.label | call to strcmp |
| test.cpp:24:11:24:16 | call to strcmp | semmle.label | call to strcmp |
| test.cpp:29:27:29:32 | call to getenv | semmle.label | call to getenv |
| test.cpp:29:27:29:42 | (const char *)... | semmle.label | (const char *)... |
| test.cpp:30:10:30:37 | ! ... | semmle.label | ! ... |
| test.cpp:30:11:30:16 | call to strcmp | semmle.label | call to strcmp |
| test.cpp:30:11:30:16 | call to strcmp | semmle.label | call to strcmp |
| test.cpp:41:10:41:38 | ! ... | semmle.label | ! ... |
| test.cpp:41:11:41:16 | call to strcmp | semmle.label | call to strcmp |
| test.cpp:41:11:41:16 | call to strcmp | semmle.label | call to strcmp |
#select
| test.cpp:24:10:24:35 | ! ... | test.cpp:20:29:20:34 | call to getenv | test.cpp:24:10:24:35 | ! ... | Reliance on untrusted input $@ to raise privilege at $@ | test.cpp:20:29:20:34 | call to getenv | call to getenv | test.cpp:25:9:25:27 | ... = ... | ... = ... |
| test.cpp:30:10:30:37 | ! ... | test.cpp:29:27:29:32 | call to getenv | test.cpp:30:10:30:37 | ! ... | Reliance on untrusted input $@ to raise privilege at $@ | test.cpp:29:27:29:32 | call to getenv | call to getenv | test.cpp:31:9:31:27 | ... = ... | ... = ... |
| test.cpp:41:10:41:38 | ! ... | test.cpp:20:29:20:34 | call to getenv | test.cpp:41:10:41:38 | ! ... | Reliance on untrusted input $@ to raise privilege at $@ | test.cpp:20:29:20:34 | call to getenv | call to getenv | test.cpp:42:8:42:26 | ... = ... | ... = ... |