hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-31 04:38:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
59eec7ffa2ec135cd91347e8868eaeb65ef1c45f
codeql/cpp/ql/test/library-tests/dataflow/models-as-data/testModels.ql
Owen Mansel-Chan 8a99ef4531 Update csv model tests to use MaD
2026-03-26 16:44:58 +00:00

75 lines
2.4 KiB
Plaintext
Raw Blame History

import semmle.code.cpp.ir.dataflow.internal.DataFlowImplConsistency::Consistency
import semmle.code.cpp.ir.dataflow.internal.DataFlowNodes
import semmle.code.cpp.ir.dataflow.internal.DataFlowPrivate
import semmle.code.cpp.ir.dataflow.internal.DataFlowUtil
import semmle.code.cpp.security.FlowSources
import utils.test.dataflow.FlowTestCommon
module InterpretElementTest implements TestSig {
string getARelevantTag() { result = "interpretElement" }
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(Element e |
e = interpretElement(_, _, _, _, _, _) and
location = e.getLocation() and
element = e.toString() and
tag = "interpretElement" and
value = ""
)
}
}
query predicate summaryCalls(SummaryCall c) { any() }
query predicate summarizedCallables(SummarizedCallable c) { any() }
query predicate sourceCallables(SourceCallable c) { c.getLocation().getFile().toString() != "" }
module IRTest {
private import semmle.code.cpp.ir.IR
private import semmle.code.cpp.ir.dataflow.TaintTracking
/** Common data flow configuration to be used by tests. */
module TestAllocationConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
source instanceof FlowSource
or
source.asExpr().(FunctionCall).getTarget().getName() =
["source", "source2", "source3", "sourcePtr"]
or
source.asIndirectExpr(1).(FunctionCall).getTarget().getName() = "sourceIndirect"
}
predicate isSink(DataFlow::Node sink) {
sinkNode(sink, "test-sink")
or
exists(FunctionCall call |
call.getTarget().getName() = "sink" and
sink.asExpr() = call.getAnArgument()
)
}
}
module IRFlow = TaintTracking::Global<TestAllocationConfig>;
}
import MakeTest<MergeTests<IRFlowTest<IRTest::IRFlow>, InterpretElementTest>>
string describe(DataFlow::Node n) {
n instanceof ParameterNode and result = "ParameterNode"
or
n instanceof PostUpdateNode and result = "PostUpdateNode"
or
n instanceof ArgumentNode and result = "ArgumentNode"
or
n instanceof ReturnNode and result = "ReturnNode"
or
n instanceof OutNode and result = "OutNode"
}
query predicate flowSummaryNode(FlowSummaryNode n, string str1, string str2, string str3) {
str1 = concat(describe(n), ", ") and
str2 = concat(n.getSummarizedCallable().toString(), ", ") and
str3 = concat(n.getEnclosingCallable().toString(), ", ")
}
Reference in New Issue View Git Blame Copy Permalink