C++: Add MaD model for 'CUrl'.

MathiasVP · MathiasVP · commit 300e3eaba681 · 2024-11-27T16:41:45.000Z
diff --git a/cpp/ql/lib/ext/CUrl.model.yml b/cpp/ql/lib/ext/CUrl.model.yml
@@ -0,0 +1,21 @@
+extensions:
+  - addsTo:
+      pack: codeql/cpp-all
+      extensible: summaryModel
+    data: # TODO this model can be improved a lot once we have MapKey content # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
+      - ["", "CUrl", True, "CUrl", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
+      - ["", "CUrl", True, "CrackUrl", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
+      - ["", "CUrl", True, "CreateUrl", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]
+      - ["", "CUrl", True, "GetExtraInfo", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
+      - ["", "CUrl", True, "GetHostName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
+      - ["", "CUrl", True, "GetPassword", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
+      - ["", "CUrl", True, "GetSchemeName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
+      - ["", "CUrl", True, "GetUrlPath", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
+      - ["", "CUrl", True, "GetUserName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
+      - ["", "CUrl", True, "SetExtraInfo", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
+      - ["", "CUrl", True, "SetHostName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
+      - ["", "CUrl", True, "SetPassword", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
+      - ["", "CUrl", True, "SetSchemeName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
+      - ["", "CUrl", True, "SetUrlPath", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
+      - ["", "CUrl", True, "SetUserName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
+      - ["", "CUrl", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp
@@ -850,50 +850,50 @@ void test_CUrl() {
   char* x = indirect_source<char>();
   CUrl url;
   url.CrackUrl(x, 0);
-  sink(url); // $ MISSING: ir
-  sink(url.GetExtraInfo()); // $ MISSING: ir
-  sink(url.GetHostName()); // $ MISSING: ir
-  sink(url.GetPassword()); // $ MISSING: ir
-  sink(url.GetSchemeName()); // $ MISSING: ir
-  sink(url.GetUrlPath()); // $ MISSING: ir
-  sink(url.GetUserName()); // $ MISSING: ir
+  sink(url); // $ ir
+  sink(url.GetExtraInfo()); // $ ir
+  sink(url.GetHostName()); // $ ir
+  sink(url.GetPassword()); // $ ir
+  sink(url.GetSchemeName()); // $ ir
+  sink(url.GetUrlPath()); // $ ir
+  sink(url.GetUserName()); // $ ir
 
   {
     CUrl url2;
     DWORD len;
     char buffer[1024];
     url2.CrackUrl(x, 0);
     url2.CreateUrl(buffer, &len, 0);
-    sink(buffer); // $ ast MISSING: ir
+    sink(buffer); // $ ast ir
   }
   {
     CUrl url2;
     url2.SetExtraInfo(x);
-    sink(url2); // $ MISSING: ir
+    sink(url2); // $ ir
   }
   {
     CUrl url2;
     url2.SetHostName(x);
-    sink(url2); // $ MISSING: ir
+    sink(url2); // $ ir
   }
   {
     CUrl url2;
     url2.SetPassword(x);
-    sink(url2); // $ MISSING: ir
+    sink(url2); // $ ir
   }
   {
     CUrl url2;
     url2.SetSchemeName(x);
-    sink(url2); // $ MISSING: ir
+    sink(url2); // $ ir
   }
   {
     CUrl url2;
     url2.SetUrlPath(x);
-    sink(url2); // $ MISSING: ir
+    sink(url2); // $ ir
   }
   {
     CUrl url2;
     url2.SetUserName(x);
-    sink(url2); // $ MISSING: ir
+    sink(url2); // $ ir
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -850,50 +850,50 @@ void test_CUrl() {`
`850`	`850`	`char* x = indirect_source<char>();`
`851`	`851`	`CUrl url;`
`852`	`852`	`url.CrackUrl(x, 0);`
`853`		`- sink(url); // $ MISSING: ir`
`854`		`- sink(url.GetExtraInfo()); // $ MISSING: ir`
`855`		`- sink(url.GetHostName()); // $ MISSING: ir`
`856`		`- sink(url.GetPassword()); // $ MISSING: ir`
`857`		`- sink(url.GetSchemeName()); // $ MISSING: ir`
`858`		`- sink(url.GetUrlPath()); // $ MISSING: ir`
`859`		`- sink(url.GetUserName()); // $ MISSING: ir`
	`853`	`+ sink(url); // $ ir`
	`854`	`+ sink(url.GetExtraInfo()); // $ ir`
	`855`	`+ sink(url.GetHostName()); // $ ir`
	`856`	`+ sink(url.GetPassword()); // $ ir`
	`857`	`+ sink(url.GetSchemeName()); // $ ir`
	`858`	`+ sink(url.GetUrlPath()); // $ ir`
	`859`	`+ sink(url.GetUserName()); // $ ir`
`860`	`860`
`861`	`861`	`{`
`862`	`862`	`CUrl url2;`
`863`	`863`	`DWORD len;`
`864`	`864`	`char buffer[1024];`
`865`	`865`	`url2.CrackUrl(x, 0);`
`866`	`866`	`url2.CreateUrl(buffer, &len, 0);`
`867`		`- sink(buffer); // $ ast MISSING: ir`
	`867`	`+ sink(buffer); // $ ast ir`
`868`	`868`	`}`
`869`	`869`	`{`
`870`	`870`	`CUrl url2;`
`871`	`871`	`url2.SetExtraInfo(x);`
`872`		`- sink(url2); // $ MISSING: ir`
	`872`	`+ sink(url2); // $ ir`
`873`	`873`	`}`
`874`	`874`	`{`
`875`	`875`	`CUrl url2;`
`876`	`876`	`url2.SetHostName(x);`
`877`		`- sink(url2); // $ MISSING: ir`
	`877`	`+ sink(url2); // $ ir`
`878`	`878`	`}`
`879`	`879`	`{`
`880`	`880`	`CUrl url2;`
`881`	`881`	`url2.SetPassword(x);`
`882`		`- sink(url2); // $ MISSING: ir`
	`882`	`+ sink(url2); // $ ir`
`883`	`883`	`}`
`884`	`884`	`{`
`885`	`885`	`CUrl url2;`
`886`	`886`	`url2.SetSchemeName(x);`
`887`		`- sink(url2); // $ MISSING: ir`
	`887`	`+ sink(url2); // $ ir`
`888`	`888`	`}`
`889`	`889`	`{`
`890`	`890`	`CUrl url2;`
`891`	`891`	`url2.SetUrlPath(x);`
`892`		`- sink(url2); // $ MISSING: ir`
	`892`	`+ sink(url2); // $ ir`
`893`	`893`	`}`
`894`	`894`	`{`
`895`	`895`	`CUrl url2;`
`896`	`896`	`url2.SetUserName(x);`
`897`		`- sink(url2); // $ MISSING: ir`
	`897`	`+ sink(url2); // $ ir`
`898`	`898`	`}`
`899`	`899`	`}`