hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
6bcc1a0220512b3bb93751aca99e02d1bbca590d
codeql/cpp/ql/test/library-tests/dataflow/dataflow-tests/clang.cpp
Jonas Jensen 5f0d283212 Merge remote-tracking branch 'upstream/master' into dataflow-indirect-args 
The conflicts came from how `this` is now a parameter but not a
`Parameter` on `master`.

Conflicts:
	cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/defaulttainttracking.cpp
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/tainted.expected
	cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/test_diff.expected
	cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected
	cpp/ql/test/library-tests/dataflow/fields/ir-flow.expected
	cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected
2020-06-02 15:35:02 +02:00

54 lines
1.3 KiB
C++
Raw Blame History

// semmle-extractor-options: --edg --clang
int source();
void sink(int); void sink(const int *); void sink(int **);
struct twoIntFields {
int m1, m2;
int getFirst() { return m1; }
};
void following_pointers(
int sourceArray1[],
int cleanArray1[],
twoIntFields sourceStruct1,
twoIntFields *sourceStruct1_ptr,
int (*sourceFunctionPointer)())
{
sink(sourceArray1); // flow
sink(sourceArray1[0]); // no flow
sink(*sourceArray1); // no flow
sink(&sourceArray1); // flow (should probably be taint only)
sink(sourceStruct1.m1); // no flow
sink(sourceStruct1_ptr->m1); // no flow
sink(sourceStruct1_ptr->getFirst()); // no flow
sourceStruct1_ptr->m1 = source();
sink(sourceStruct1_ptr->m1); // flow
sink(sourceStruct1_ptr->getFirst()); // flow
sink(sourceStruct1_ptr->m2); // no flow
sink(sourceStruct1.m1); // no flow
twoIntFields s = { source(), source() };
sink(s.m2); // flow
twoIntFields sArray[1] = { { source(), source() } };
// TODO: fix this like above
sink(sArray[0].m2); // flow (AST dataflow misses this due to limitations of the analysis)
twoIntFields sSwapped = { .m2 = source(), .m1 = 0 };
sink(sSwapped.m2); // flow
sink(sourceFunctionPointer()); // no flow
int stackArray[2] = { source(), source() };
stackArray[0] = source();
sink(stackArray); // no flow
}
Reference in New Issue View Git Blame Copy Permalink