CPP: Add proof of zero-termination to tests.

geoffw0 · geoffw0 · commit 3c9fe91581f8 · 2019-11-20T14:27:19.000Z
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/NoSpaceForZeroTerminator.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/NoSpaceForZeroTerminator.expected
@@ -1,4 +1,4 @@
-| test.c:15:20:15:25 | call to malloc | This allocation does not include space to null-terminate the string. |
-| test.c:29:20:29:25 | call to malloc | This allocation does not include space to null-terminate the string. |
-| test.c:44:20:44:25 | call to malloc | This allocation does not include space to null-terminate the string. |
-| test.cpp:18:35:18:40 | call to malloc | This allocation does not include space to null-terminate the string. |
+| test.c:16:20:16:25 | call to malloc | This allocation does not include space to null-terminate the string. |
+| test.c:32:20:32:25 | call to malloc | This allocation does not include space to null-terminate the string. |
+| test.c:49:20:49:25 | call to malloc | This allocation does not include space to null-terminate the string. |
+| test.cpp:24:35:24:40 | call to malloc | This allocation does not include space to null-terminate the string. |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/test.c b/cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/test.c
@@ -7,18 +7,21 @@
 typedef unsigned long size_t;
 void *malloc(size_t size);
 void free(void *ptr);
+char *strcpy(char *s1, const char *s2);
 
 //// Test code /////
 
 void bad0(char *str) {
     // BAD -- Not allocating space for '\0' terminator
     char *buffer = malloc(strlen(str));
+    strcpy(buffer, str);
     free(buffer);
 }
 
 void good0(char *str) {
     // GOOD -- Allocating extra byte for terminator
     char *buffer = malloc(strlen(str)+1);
+    strcpy(buffer, str);
     free(buffer);
 }
 
@@ -27,13 +30,15 @@ void bad1(char *str) {
     int len = strlen(str);
     // BAD -- Not allocating space for '\0' terminator
     char *buffer = malloc(len);
+    strcpy(buffer, str);
     free(buffer);
 }
 
 void good1(char *str) {
     int len = strlen(str);
     // GOOD -- Allocating extra byte for terminator
     char *buffer = malloc(len+1);
+    strcpy(buffer, str);
     free(buffer);
 }
 
@@ -42,25 +47,29 @@ void bad2(char *str) {
     int len = strlen(str);
     // BAD -- Not allocating space for '\0' terminator
     char *buffer = malloc(len);
+    strcpy(buffer, str);
     free(buffer);
 }
 
 void good2(char *str) {
     int len = strlen(str)+1;
     // GOOD -- Allocating extra byte for terminator
     char *buffer = malloc(len);
+    strcpy(buffer, str);
     free(buffer);
 }
 
 void bad3(char *str) {
     // BAD -- Not allocating space for '\0' terminator [NOT DETECTED]
     char *buffer = malloc(strlen(str) * sizeof(char));
+    strcpy(buffer, str);
     free(buffer);
 }
 
 void good3(char *str) {
     // GOOD -- Allocating extra byte for terminator
     char *buffer = malloc((strlen(str) + 1) * sizeof(char));
+    strcpy(buffer, str);
     free(buffer);
 }
 
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/test.cpp
@@ -10,23 +10,32 @@ typedef unsigned long size_t;
 void *malloc(size_t size);
 void free(void *ptr);
 size_t wcslen(const wchar_t *s);
+wchar_t* wcscpy(wchar_t* s1, const wchar_t* s2);
+
+
+
+
+
 
 //// Test code /////
 
 void bad1(wchar_t *wstr) {
     // BAD -- Not allocating space for '\0' terminator
     wchar_t *wbuffer = (wchar_t *)malloc(wcslen(wstr));
+    wcscpy(wbuffer, wstr);
     free(wbuffer);
 }
 
 void bad2(wchar_t *wstr) {
     // BAD -- Not allocating space for '\0' terminator [NOT DETECTED]
     wchar_t *wbuffer = (wchar_t *)malloc(wcslen(wstr) * sizeof(wchar_t));
+    wcscpy(wbuffer, wstr);
     free(wbuffer);
 }
 
 void good1(wchar_t *wstr) {
     // GOOD -- Allocating extra character for terminator
     wchar_t *wbuffer = (wchar_t *)malloc((wcslen(wstr) + 1) * sizeof(wchar_t));
+    wcscpy(wbuffer, wstr);
     free(wbuffer);
 }
