Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 0e33f4d

Browse files
jketemajketema
committed
C++: Re-introduce most of the ast annotation test infrastructure
1 parent bd30176 commit 0e33f4d

3 files changed

Lines changed: 111 additions & 0 deletions

File tree

cpp/ql/test/TestUtilities/dataflow/FlowTestCommon.qll

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313

1414
import cpp
1515
private import semmle.code.cpp.ir.dataflow.DataFlow::DataFlow as IRDataFlow
16+
private import semmle.code.cpp.dataflow.old.DataFlow::DataFlow as AstDataFlow
1617
import TestUtilities.InlineExpectationsTest
1718

1819
class IRFlowTest extends InlineExpectationsTest {
@@ -40,3 +41,34 @@ class IRFlowTest extends InlineExpectationsTest {
4041
)
4142
}
4243
}
44+
45+
class AstFlowTest extends InlineExpectationsTest {
46+
AstFlowTest() { this = "ASTFlowTest" }
47+
48+
override string getARelevantTag() { result = "ast" }
49+
50+
override predicate hasActualResult(Location location, string element, string tag, string value) {
51+
exists(
52+
AstDataFlow::Node source, AstDataFlow::Node sink, AstDataFlow::Configuration conf, int n
53+
|
54+
tag = "ast" and
55+
conf.hasFlow(source, sink) and
56+
n = strictcount(AstDataFlow::Node otherSource | conf.hasFlow(otherSource, sink)) and
57+
(
58+
n = 1 and value = ""
59+
or
60+
// If there is more than one source for this sink
61+
// we specify the source location explicitly.
62+
n > 1 and
63+
value =
64+
source.getLocation().getStartLine().toString() + ":" +
65+
source.getLocation().getStartColumn()
66+
) and
67+
location = sink.getLocation() and
68+
element = sink.toString()
69+
)
70+
}
71+
}
72+
73+
/** DEPRECATED: Alias for AstFlowTest */
74+
deprecated class ASTFlowTest = AstFlowTest;

cpp/ql/test/library-tests/dataflow/dataflow-tests/test.ql

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,49 @@
11
import TestUtilities.dataflow.FlowTestCommon
22

3+
module AstTest {
4+
private import semmle.code.cpp.dataflow.old.DataFlow
5+
private import semmle.code.cpp.controlflow.Guards
6+
7+
/**
8+
* A `BarrierGuard` that stops flow to all occurrences of `x` within statement
9+
* S in `if (guarded(x)) S`.
10+
*/
11+
// This is tested in `BarrierGuard.cpp`.
12+
predicate testBarrierGuard(GuardCondition g, Expr checked, boolean isTrue) {
13+
g.(FunctionCall).getTarget().getName() = "guarded" and
14+
checked = g.(FunctionCall).getArgument(0) and
15+
isTrue = true
16+
}
17+
18+
/** Common data flow configuration to be used by tests. */
19+
class AstTestAllocationConfig extends DataFlow::Configuration {
20+
AstTestAllocationConfig() { this = "ASTTestAllocationConfig" }
21+
22+
override predicate isSource(DataFlow::Node source) {
23+
source.asExpr().(FunctionCall).getTarget().getName() = "source"
24+
or
25+
source.asParameter().getName().matches("source%")
26+
or
27+
source.(DataFlow::DefinitionByReferenceNode).getParameter().getName().matches("ref_source%")
28+
or
29+
// Track uninitialized variables
30+
exists(source.asUninitialized())
31+
}
32+
33+
override predicate isSink(DataFlow::Node sink) {
34+
exists(FunctionCall call |
35+
call.getTarget().getName() = "sink" and
36+
sink.asExpr() = call.getAnArgument()
37+
)
38+
}
39+
40+
override predicate isBarrier(DataFlow::Node barrier) {
41+
barrier.asExpr().(VariableAccess).getTarget().hasName("barrier") or
42+
barrier = DataFlow::BarrierGuard<testBarrierGuard/3>::getABarrierNode()
43+
}
44+
}
45+
}
46+
347
module IRTest {
448
private import semmle.code.cpp.ir.dataflow.DataFlow
549
private import semmle.code.cpp.ir.IR

cpp/ql/test/library-tests/dataflow/taint-tests/taint.ql

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,41 @@ module TaintModels {
3838
}
3939
}
4040

41+
module AstTest {
42+
private import semmle.code.cpp.dataflow.old.TaintTracking
43+
private import semmle.code.cpp.models.interfaces.Taint
44+
45+
/** Common data flow configuration to be used by tests. */
46+
class AstTestAllocationConfig extends TaintTracking::Configuration {
47+
AstTestAllocationConfig() { this = "ASTTestAllocationConfig" }
48+
49+
override predicate isSource(DataFlow::Node source) {
50+
source.asExpr().(FunctionCall).getTarget().getName() = "source"
51+
or
52+
source.asParameter().getName().matches("source%")
53+
or
54+
// Track uninitialized variables
55+
exists(source.asUninitialized())
56+
or
57+
exists(FunctionCall fc |
58+
fc.getAnArgument() = source.asDefiningArgument() and
59+
fc.getTarget().hasName("argument_source")
60+
)
61+
}
62+
63+
override predicate isSink(DataFlow::Node sink) {
64+
exists(FunctionCall call |
65+
call.getTarget().getName() = "sink" and
66+
sink.asExpr() = call.getAnArgument()
67+
)
68+
}
69+
70+
override predicate isSanitizer(DataFlow::Node barrier) {
71+
barrier.asExpr().(VariableAccess).getTarget().hasName("sanitizer")
72+
}
73+
}
74+
}
75+
4176
module IRTest {
4277
private import semmle.code.cpp.ir.IR
4378
private import semmle.code.cpp.ir.dataflow.TaintTracking

0 commit comments

Comments
 (0)