Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 6119bf3

Browse files
geoffw0geoffw0
committed
C++: Model begin and end.
1 parent 25e0c68 commit 6119bf3

6 files changed

Lines changed: 79 additions & 12 deletions

File tree

cpp/ql/src/semmle/code/cpp/models/implementations/StdMap.qll

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,3 +23,20 @@ class StdMapInsert extends TaintFunction {
2323
)
2424
}
2525
}
26+
27+
/**
28+
* The standard map `begin` and `end` functions and their
29+
* variants.
30+
*/
31+
class StdMapBeginEnd extends TaintFunction {
32+
StdMapBeginEnd() {
33+
this.hasQualifiedName("std", ["map", "unordered_map"], ["begin", "end", "cbegin", "cend"])
34+
or
35+
this.hasQualifiedName("std", "map", ["rbegin", "crbegin", "rend", "crend"])
36+
}
37+
38+
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
39+
input.isQualifierObject() and
40+
output.isReturnValue()
41+
}
42+
}

cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -657,6 +657,7 @@
657657
| map.cpp:107:7:107:8 | ref arg m4 | map.cpp:119:7:119:8 | m4 | |
658658
| map.cpp:107:7:107:8 | ref arg m4 | map.cpp:125:7:125:8 | m4 | |
659659
| map.cpp:107:7:107:8 | ref arg m4 | map.cpp:249:1:249:1 | m4 | |
660+
| map.cpp:107:17:107:18 | m4 | map.cpp:107:20:107:24 | call to begin | TAINT |
660661
| map.cpp:107:17:107:18 | ref arg m4 | map.cpp:107:7:107:8 | m4 | |
661662
| map.cpp:107:17:107:18 | ref arg m4 | map.cpp:113:7:113:8 | m4 | |
662663
| map.cpp:107:17:107:18 | ref arg m4 | map.cpp:119:7:119:8 | m4 | |
@@ -677,6 +678,7 @@
677678
| map.cpp:109:7:109:8 | ref arg m6 | map.cpp:121:7:121:8 | m6 | |
678679
| map.cpp:109:7:109:8 | ref arg m6 | map.cpp:127:7:127:8 | m6 | |
679680
| map.cpp:109:7:109:8 | ref arg m6 | map.cpp:249:1:249:1 | m6 | |
681+
| map.cpp:109:27:109:28 | m6 | map.cpp:109:30:109:34 | call to begin | TAINT |
680682
| map.cpp:109:27:109:28 | ref arg m6 | map.cpp:109:7:109:8 | m6 | |
681683
| map.cpp:109:27:109:28 | ref arg m6 | map.cpp:115:7:115:8 | m6 | |
682684
| map.cpp:109:27:109:28 | ref arg m6 | map.cpp:121:7:121:8 | m6 | |
@@ -760,6 +762,7 @@
760762
| map.cpp:137:7:137:8 | ref arg m7 | map.cpp:249:1:249:1 | m7 | |
761763
| map.cpp:138:7:138:8 | ref arg m8 | map.cpp:249:1:249:1 | m8 | |
762764
| map.cpp:139:7:139:8 | ref arg m9 | map.cpp:249:1:249:1 | m9 | |
765+
| map.cpp:143:12:143:13 | m1 | map.cpp:143:15:143:19 | call to begin | TAINT |
763766
| map.cpp:143:12:143:13 | ref arg m1 | map.cpp:143:30:143:31 | m1 | |
764767
| map.cpp:143:12:143:13 | ref arg m1 | map.cpp:249:1:249:1 | m1 | |
765768
| map.cpp:143:15:143:19 | call to begin | map.cpp:143:7:143:21 | ... = ... | |
@@ -768,6 +771,7 @@
768771
| map.cpp:143:15:143:19 | call to begin | map.cpp:145:9:145:10 | i1 | |
769772
| map.cpp:143:15:143:19 | call to begin | map.cpp:146:8:146:9 | i1 | |
770773
| map.cpp:143:15:143:19 | call to begin | map.cpp:147:8:147:9 | i1 | |
774+
| map.cpp:143:30:143:31 | m1 | map.cpp:143:33:143:35 | call to end | TAINT |
771775
| map.cpp:143:30:143:31 | ref arg m1 | map.cpp:143:30:143:31 | m1 | |
772776
| map.cpp:143:30:143:31 | ref arg m1 | map.cpp:249:1:249:1 | m1 | |
773777
| map.cpp:143:40:143:41 | i1 | map.cpp:143:42:143:42 | call to operator++ | |
@@ -780,6 +784,7 @@
780784
| map.cpp:145:9:145:10 | i1 | map.cpp:145:8:145:8 | call to operator* | TAINT |
781785
| map.cpp:146:8:146:9 | i1 | map.cpp:146:10:146:10 | call to operator-> | TAINT |
782786
| map.cpp:147:8:147:9 | i1 | map.cpp:147:10:147:10 | call to operator-> | TAINT |
787+
| map.cpp:149:12:149:13 | m2 | map.cpp:149:15:149:19 | call to begin | TAINT |
783788
| map.cpp:149:12:149:13 | ref arg m2 | map.cpp:149:30:149:31 | m2 | |
784789
| map.cpp:149:12:149:13 | ref arg m2 | map.cpp:179:7:179:8 | m2 | |
785790
| map.cpp:149:12:149:13 | ref arg m2 | map.cpp:180:7:180:8 | m2 | |
@@ -796,6 +801,7 @@
796801
| map.cpp:149:15:149:19 | call to begin | map.cpp:153:8:153:9 | i2 | |
797802
| map.cpp:149:15:149:19 | call to begin | map.cpp:158:8:158:9 | i2 | |
798803
| map.cpp:149:15:149:19 | call to begin | map.cpp:159:8:159:9 | i2 | |
804+
| map.cpp:149:30:149:31 | m2 | map.cpp:149:33:149:35 | call to end | TAINT |
799805
| map.cpp:149:30:149:31 | ref arg m2 | map.cpp:149:30:149:31 | m2 | |
800806
| map.cpp:149:30:149:31 | ref arg m2 | map.cpp:179:7:179:8 | m2 | |
801807
| map.cpp:149:30:149:31 | ref arg m2 | map.cpp:180:7:180:8 | m2 | |
@@ -816,12 +822,14 @@
816822
| map.cpp:151:9:151:10 | i2 | map.cpp:151:8:151:8 | call to operator* | TAINT |
817823
| map.cpp:152:8:152:9 | i2 | map.cpp:152:10:152:10 | call to operator-> | TAINT |
818824
| map.cpp:153:8:153:9 | i2 | map.cpp:153:10:153:10 | call to operator-> | TAINT |
825+
| map.cpp:155:12:155:13 | m3 | map.cpp:155:15:155:19 | call to begin | TAINT |
819826
| map.cpp:155:12:155:13 | ref arg m3 | map.cpp:155:30:155:31 | m3 | |
820827
| map.cpp:155:12:155:13 | ref arg m3 | map.cpp:249:1:249:1 | m3 | |
821828
| map.cpp:155:15:155:19 | call to begin | map.cpp:155:7:155:21 | ... = ... | |
822829
| map.cpp:155:15:155:19 | call to begin | map.cpp:155:24:155:25 | i3 | |
823830
| map.cpp:155:15:155:19 | call to begin | map.cpp:155:40:155:41 | i3 | |
824831
| map.cpp:155:15:155:19 | call to begin | map.cpp:157:9:157:10 | i3 | |
832+
| map.cpp:155:30:155:31 | m3 | map.cpp:155:33:155:35 | call to end | TAINT |
825833
| map.cpp:155:30:155:31 | ref arg m3 | map.cpp:155:30:155:31 | m3 | |
826834
| map.cpp:155:30:155:31 | ref arg m3 | map.cpp:249:1:249:1 | m3 | |
827835
| map.cpp:155:40:155:41 | i3 | map.cpp:155:42:155:42 | call to operator++ | |
@@ -1084,6 +1092,7 @@
10841092
| map.cpp:223:7:223:9 | ref arg m23 | map.cpp:225:2:225:4 | m23 | |
10851093
| map.cpp:223:7:223:9 | ref arg m23 | map.cpp:226:7:226:9 | m23 | |
10861094
| map.cpp:223:7:223:9 | ref arg m23 | map.cpp:249:1:249:1 | m23 | |
1095+
| map.cpp:223:17:223:19 | m23 | map.cpp:223:21:223:25 | call to begin | TAINT |
10871096
| map.cpp:223:17:223:19 | ref arg m23 | map.cpp:223:7:223:9 | m23 | |
10881097
| map.cpp:223:17:223:19 | ref arg m23 | map.cpp:224:7:224:9 | m23 | |
10891098
| map.cpp:223:17:223:19 | ref arg m23 | map.cpp:225:2:225:4 | m23 | |
@@ -1120,6 +1129,7 @@
11201129
| map.cpp:234:7:234:9 | ref arg m25 | map.cpp:236:24:236:26 | m25 | |
11211130
| map.cpp:234:7:234:9 | ref arg m25 | map.cpp:237:7:237:9 | m25 | |
11221131
| map.cpp:234:7:234:9 | ref arg m25 | map.cpp:249:1:249:1 | m25 | |
1132+
| map.cpp:234:24:234:26 | m25 | map.cpp:234:28:234:32 | call to begin | TAINT |
11231133
| map.cpp:234:24:234:26 | ref arg m25 | map.cpp:234:7:234:9 | m25 | |
11241134
| map.cpp:234:24:234:26 | ref arg m25 | map.cpp:235:7:235:9 | m25 | |
11251135
| map.cpp:234:24:234:26 | ref arg m25 | map.cpp:236:7:236:9 | m25 | |
@@ -1130,6 +1140,7 @@
11301140
| map.cpp:235:7:235:9 | m25 | map.cpp:235:7:235:9 | call to map | |
11311141
| map.cpp:236:7:236:9 | ref arg m25 | map.cpp:237:7:237:9 | m25 | |
11321142
| map.cpp:236:7:236:9 | ref arg m25 | map.cpp:249:1:249:1 | m25 | |
1143+
| map.cpp:236:24:236:26 | m25 | map.cpp:236:28:236:32 | call to begin | TAINT |
11331144
| map.cpp:236:24:236:26 | ref arg m25 | map.cpp:236:7:236:9 | m25 | |
11341145
| map.cpp:236:24:236:26 | ref arg m25 | map.cpp:237:7:237:9 | m25 | |
11351146
| map.cpp:236:24:236:26 | ref arg m25 | map.cpp:249:1:249:1 | m25 | |
@@ -1162,6 +1173,7 @@
11621173
| map.cpp:245:7:245:9 | ref arg m27 | map.cpp:247:23:247:25 | m27 | |
11631174
| map.cpp:245:7:245:9 | ref arg m27 | map.cpp:248:7:248:9 | m27 | |
11641175
| map.cpp:245:7:245:9 | ref arg m27 | map.cpp:249:1:249:1 | m27 | |
1176+
| map.cpp:245:23:245:25 | m27 | map.cpp:245:27:245:31 | call to begin | TAINT |
11651177
| map.cpp:245:23:245:25 | ref arg m27 | map.cpp:245:7:245:9 | m27 | |
11661178
| map.cpp:245:23:245:25 | ref arg m27 | map.cpp:246:7:246:9 | m27 | |
11671179
| map.cpp:245:23:245:25 | ref arg m27 | map.cpp:247:7:247:9 | m27 | |
@@ -1172,6 +1184,7 @@
11721184
| map.cpp:246:7:246:9 | m27 | map.cpp:246:7:246:9 | call to map | |
11731185
| map.cpp:247:7:247:9 | ref arg m27 | map.cpp:248:7:248:9 | m27 | |
11741186
| map.cpp:247:7:247:9 | ref arg m27 | map.cpp:249:1:249:1 | m27 | |
1187+
| map.cpp:247:23:247:25 | m27 | map.cpp:247:27:247:31 | call to begin | TAINT |
11751188
| map.cpp:247:23:247:25 | ref arg m27 | map.cpp:247:7:247:9 | m27 | |
11761189
| map.cpp:247:23:247:25 | ref arg m27 | map.cpp:248:7:248:9 | m27 | |
11771190
| map.cpp:247:23:247:25 | ref arg m27 | map.cpp:249:1:249:1 | m27 | |
@@ -1267,6 +1280,7 @@
12671280
| map.cpp:259:7:259:8 | ref arg m4 | map.cpp:271:7:271:8 | m4 | |
12681281
| map.cpp:259:7:259:8 | ref arg m4 | map.cpp:277:7:277:8 | m4 | |
12691282
| map.cpp:259:7:259:8 | ref arg m4 | map.cpp:398:1:398:1 | m4 | |
1283+
| map.cpp:259:17:259:18 | m4 | map.cpp:259:20:259:24 | call to begin | TAINT |
12701284
| map.cpp:259:17:259:18 | ref arg m4 | map.cpp:259:7:259:8 | m4 | |
12711285
| map.cpp:259:17:259:18 | ref arg m4 | map.cpp:265:7:265:8 | m4 | |
12721286
| map.cpp:259:17:259:18 | ref arg m4 | map.cpp:271:7:271:8 | m4 | |
@@ -1287,6 +1301,7 @@
12871301
| map.cpp:261:7:261:8 | ref arg m6 | map.cpp:273:7:273:8 | m6 | |
12881302
| map.cpp:261:7:261:8 | ref arg m6 | map.cpp:279:7:279:8 | m6 | |
12891303
| map.cpp:261:7:261:8 | ref arg m6 | map.cpp:398:1:398:1 | m6 | |
1304+
| map.cpp:261:27:261:28 | m6 | map.cpp:261:30:261:34 | call to begin | TAINT |
12901305
| map.cpp:261:27:261:28 | ref arg m6 | map.cpp:261:7:261:8 | m6 | |
12911306
| map.cpp:261:27:261:28 | ref arg m6 | map.cpp:267:7:267:8 | m6 | |
12921307
| map.cpp:261:27:261:28 | ref arg m6 | map.cpp:273:7:273:8 | m6 | |
@@ -1364,6 +1379,7 @@
13641379
| map.cpp:289:7:289:8 | ref arg m7 | map.cpp:398:1:398:1 | m7 | |
13651380
| map.cpp:290:7:290:8 | ref arg m8 | map.cpp:398:1:398:1 | m8 | |
13661381
| map.cpp:291:7:291:8 | ref arg m9 | map.cpp:398:1:398:1 | m9 | |
1382+
| map.cpp:295:12:295:13 | m1 | map.cpp:295:15:295:19 | call to begin | TAINT |
13671383
| map.cpp:295:12:295:13 | ref arg m1 | map.cpp:295:30:295:31 | m1 | |
13681384
| map.cpp:295:12:295:13 | ref arg m1 | map.cpp:398:1:398:1 | m1 | |
13691385
| map.cpp:295:15:295:19 | call to begin | map.cpp:295:7:295:21 | ... = ... | |
@@ -1372,6 +1388,7 @@
13721388
| map.cpp:295:15:295:19 | call to begin | map.cpp:297:9:297:10 | i1 | |
13731389
| map.cpp:295:15:295:19 | call to begin | map.cpp:298:8:298:9 | i1 | |
13741390
| map.cpp:295:15:295:19 | call to begin | map.cpp:299:8:299:9 | i1 | |
1391+
| map.cpp:295:30:295:31 | m1 | map.cpp:295:33:295:35 | call to end | TAINT |
13751392
| map.cpp:295:30:295:31 | ref arg m1 | map.cpp:295:30:295:31 | m1 | |
13761393
| map.cpp:295:30:295:31 | ref arg m1 | map.cpp:398:1:398:1 | m1 | |
13771394
| map.cpp:295:40:295:41 | i1 | map.cpp:295:42:295:42 | call to operator++ | |
@@ -1384,6 +1401,7 @@
13841401
| map.cpp:297:9:297:10 | i1 | map.cpp:297:8:297:8 | call to operator* | TAINT |
13851402
| map.cpp:298:8:298:9 | i1 | map.cpp:298:10:298:10 | call to operator-> | TAINT |
13861403
| map.cpp:299:8:299:9 | i1 | map.cpp:299:10:299:10 | call to operator-> | TAINT |
1404+
| map.cpp:301:12:301:13 | m2 | map.cpp:301:15:301:19 | call to begin | TAINT |
13871405
| map.cpp:301:12:301:13 | ref arg m2 | map.cpp:301:30:301:31 | m2 | |
13881406
| map.cpp:301:12:301:13 | ref arg m2 | map.cpp:331:7:331:8 | m2 | |
13891407
| map.cpp:301:12:301:13 | ref arg m2 | map.cpp:332:7:332:8 | m2 | |
@@ -1397,6 +1415,7 @@
13971415
| map.cpp:301:15:301:19 | call to begin | map.cpp:305:8:305:9 | i2 | |
13981416
| map.cpp:301:15:301:19 | call to begin | map.cpp:310:8:310:9 | i2 | |
13991417
| map.cpp:301:15:301:19 | call to begin | map.cpp:311:8:311:9 | i2 | |
1418+
| map.cpp:301:30:301:31 | m2 | map.cpp:301:33:301:35 | call to end | TAINT |
14001419
| map.cpp:301:30:301:31 | ref arg m2 | map.cpp:301:30:301:31 | m2 | |
14011420
| map.cpp:301:30:301:31 | ref arg m2 | map.cpp:331:7:331:8 | m2 | |
14021421
| map.cpp:301:30:301:31 | ref arg m2 | map.cpp:332:7:332:8 | m2 | |
@@ -1414,12 +1433,14 @@
14141433
| map.cpp:303:9:303:10 | i2 | map.cpp:303:8:303:8 | call to operator* | TAINT |
14151434
| map.cpp:304:8:304:9 | i2 | map.cpp:304:10:304:10 | call to operator-> | TAINT |
14161435
| map.cpp:305:8:305:9 | i2 | map.cpp:305:10:305:10 | call to operator-> | TAINT |
1436+
| map.cpp:307:12:307:13 | m3 | map.cpp:307:15:307:19 | call to begin | TAINT |
14171437
| map.cpp:307:12:307:13 | ref arg m3 | map.cpp:307:30:307:31 | m3 | |
14181438
| map.cpp:307:12:307:13 | ref arg m3 | map.cpp:398:1:398:1 | m3 | |
14191439
| map.cpp:307:15:307:19 | call to begin | map.cpp:307:7:307:21 | ... = ... | |
14201440
| map.cpp:307:15:307:19 | call to begin | map.cpp:307:24:307:25 | i3 | |
14211441
| map.cpp:307:15:307:19 | call to begin | map.cpp:307:40:307:41 | i3 | |
14221442
| map.cpp:307:15:307:19 | call to begin | map.cpp:309:9:309:10 | i3 | |
1443+
| map.cpp:307:30:307:31 | m3 | map.cpp:307:33:307:35 | call to end | TAINT |
14231444
| map.cpp:307:30:307:31 | ref arg m3 | map.cpp:307:30:307:31 | m3 | |
14241445
| map.cpp:307:30:307:31 | ref arg m3 | map.cpp:398:1:398:1 | m3 | |
14251446
| map.cpp:307:40:307:41 | i3 | map.cpp:307:42:307:42 | call to operator++ | |
@@ -1667,6 +1688,7 @@
16671688
| map.cpp:372:7:372:9 | ref arg m23 | map.cpp:374:2:374:4 | m23 | |
16681689
| map.cpp:372:7:372:9 | ref arg m23 | map.cpp:375:7:375:9 | m23 | |
16691690
| map.cpp:372:7:372:9 | ref arg m23 | map.cpp:398:1:398:1 | m23 | |
1691+
| map.cpp:372:17:372:19 | m23 | map.cpp:372:21:372:25 | call to begin | TAINT |
16701692
| map.cpp:372:17:372:19 | ref arg m23 | map.cpp:372:7:372:9 | m23 | |
16711693
| map.cpp:372:17:372:19 | ref arg m23 | map.cpp:373:7:373:9 | m23 | |
16721694
| map.cpp:372:17:372:19 | ref arg m23 | map.cpp:374:2:374:4 | m23 | |
@@ -1703,6 +1725,7 @@
17031725
| map.cpp:383:7:383:9 | ref arg m25 | map.cpp:385:24:385:26 | m25 | |
17041726
| map.cpp:383:7:383:9 | ref arg m25 | map.cpp:386:7:386:9 | m25 | |
17051727
| map.cpp:383:7:383:9 | ref arg m25 | map.cpp:398:1:398:1 | m25 | |
1728+
| map.cpp:383:24:383:26 | m25 | map.cpp:383:28:383:32 | call to begin | TAINT |
17061729
| map.cpp:383:24:383:26 | ref arg m25 | map.cpp:383:7:383:9 | m25 | |
17071730
| map.cpp:383:24:383:26 | ref arg m25 | map.cpp:384:7:384:9 | m25 | |
17081731
| map.cpp:383:24:383:26 | ref arg m25 | map.cpp:385:7:385:9 | m25 | |
@@ -1713,6 +1736,7 @@
17131736
| map.cpp:384:7:384:9 | m25 | map.cpp:384:7:384:9 | call to unordered_map | |
17141737
| map.cpp:385:7:385:9 | ref arg m25 | map.cpp:386:7:386:9 | m25 | |
17151738
| map.cpp:385:7:385:9 | ref arg m25 | map.cpp:398:1:398:1 | m25 | |
1739+
| map.cpp:385:24:385:26 | m25 | map.cpp:385:28:385:32 | call to begin | TAINT |
17161740
| map.cpp:385:24:385:26 | ref arg m25 | map.cpp:385:7:385:9 | m25 | |
17171741
| map.cpp:385:24:385:26 | ref arg m25 | map.cpp:386:7:386:9 | m25 | |
17181742
| map.cpp:385:24:385:26 | ref arg m25 | map.cpp:398:1:398:1 | m25 | |
@@ -1745,6 +1769,7 @@
17451769
| map.cpp:394:7:394:9 | ref arg m27 | map.cpp:396:23:396:25 | m27 | |
17461770
| map.cpp:394:7:394:9 | ref arg m27 | map.cpp:397:7:397:9 | m27 | |
17471771
| map.cpp:394:7:394:9 | ref arg m27 | map.cpp:398:1:398:1 | m27 | |
1772+
| map.cpp:394:23:394:25 | m27 | map.cpp:394:27:394:31 | call to begin | TAINT |
17481773
| map.cpp:394:23:394:25 | ref arg m27 | map.cpp:394:7:394:9 | m27 | |
17491774
| map.cpp:394:23:394:25 | ref arg m27 | map.cpp:395:7:395:9 | m27 | |
17501775
| map.cpp:394:23:394:25 | ref arg m27 | map.cpp:396:7:396:9 | m27 | |
@@ -1755,6 +1780,7 @@
17551780
| map.cpp:395:7:395:9 | m27 | map.cpp:395:7:395:9 | call to unordered_map | |
17561781
| map.cpp:396:7:396:9 | ref arg m27 | map.cpp:397:7:397:9 | m27 | |
17571782
| map.cpp:396:7:396:9 | ref arg m27 | map.cpp:398:1:398:1 | m27 | |
1783+
| map.cpp:396:23:396:25 | m27 | map.cpp:396:27:396:31 | call to begin | TAINT |
17581784
| map.cpp:396:23:396:25 | ref arg m27 | map.cpp:396:7:396:9 | m27 | |
17591785
| map.cpp:396:23:396:25 | ref arg m27 | map.cpp:397:7:397:9 | m27 | |
17601786
| map.cpp:396:23:396:25 | ref arg m27 | map.cpp:398:1:398:1 | m27 | |

cpp/ql/test/library-tests/dataflow/taint-tests/map.cpp

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -148,15 +148,15 @@ void test_map()
148148
}
149149
for (i2 = m2.begin(); i2 != m2.end(); i2++)
150150
{
151-
sink(*i2); // tainted [NOT DETECTED]
152-
sink(i2->first);
153-
sink(i2->second); // tainted [NOT DETECTED]
151+
sink(*i2); // tainted
152+
sink(i2->first); // [FALSE POSITIVE]
153+
sink(i2->second); // tainted
154154
}
155155
for (i3 = m3.begin(); i3 != m3.end(); i3++)
156156
{
157-
sink(*i3); // tainted [NOT DETECTED]
158-
sink(i2->first); // tainted [NOT DETECTED]
159-
sink(i2->second);
157+
sink(*i3); // tainted
158+
sink(i2->first); // tainted
159+
sink(i2->second); // [FALSE POSITIVE]
160160
}
161161

162162
// array-like access
@@ -300,15 +300,15 @@ void test_unordered_map()
300300
}
301301
for (i2 = m2.begin(); i2 != m2.end(); i2++)
302302
{
303-
sink(*i2); // tainted [NOT DETECTED]
304-
sink(i2->first);
305-
sink(i2->second); // tainted [NOT DETECTED]
303+
sink(*i2); // tainted
304+
sink(i2->first); // [FALSE POSITIVE]
305+
sink(i2->second); // tainted
306306
}
307307
for (i3 = m3.begin(); i3 != m3.end(); i3++)
308308
{
309-
sink(*i3); // tainted [NOT DETECTED]
310-
sink(i2->first); // tainted [NOT DETECTED]
311-
sink(i2->second);
309+
sink(*i3); // tainted
310+
sink(i2->first); // tainted
311+
sink(i2->second); // [FALSE POSITIVE]
312312
}
313313

314314
// array-like access

cpp/ql/test/library-tests/dataflow/taint-tests/taint.expected

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,8 @@
5353
| map.cpp:134:7:134:8 | call to map | map.cpp:105:39:105:44 | call to source |
5454
| map.cpp:135:7:135:8 | call to map | map.cpp:105:39:105:44 | call to source |
5555
| map.cpp:136:7:136:8 | call to map | map.cpp:105:39:105:44 | call to source |
56+
| map.cpp:151:8:151:10 | call to pair | map.cpp:105:39:105:44 | call to source |
57+
| map.cpp:157:8:157:10 | call to pair | map.cpp:106:32:106:37 | call to source |
5658
| map.cpp:165:7:165:27 | ... = ... | map.cpp:165:20:165:25 | call to source |
5759
| map.cpp:167:7:167:30 | ... = ... | map.cpp:167:23:167:28 | call to source |
5860
| map.cpp:190:7:190:9 | call to map | map.cpp:188:39:188:44 | call to source |
@@ -90,6 +92,8 @@
9092
| map.cpp:286:7:286:8 | call to unordered_map | map.cpp:257:39:257:44 | call to source |
9193
| map.cpp:287:7:287:8 | call to unordered_map | map.cpp:257:39:257:44 | call to source |
9294
| map.cpp:288:7:288:8 | call to unordered_map | map.cpp:257:39:257:44 | call to source |
95+
| map.cpp:303:8:303:10 | call to pair | map.cpp:257:39:257:44 | call to source |
96+
| map.cpp:309:8:309:10 | call to pair | map.cpp:258:32:258:37 | call to source |
9397
| map.cpp:317:7:317:27 | ... = ... | map.cpp:317:20:317:25 | call to source |
9498
| map.cpp:319:7:319:30 | ... = ... | map.cpp:319:23:319:28 | call to source |
9599
| map.cpp:339:7:339:9 | call to unordered_map | map.cpp:337:39:337:44 | call to source |

cpp/ql/test/library-tests/dataflow/taint-tests/test_diff.expected

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,10 @@
5050
| map.cpp:134:7:134:8 | map.cpp:105:39:105:44 | AST only |
5151
| map.cpp:135:7:135:8 | map.cpp:105:39:105:44 | AST only |
5252
| map.cpp:136:7:136:8 | map.cpp:105:39:105:44 | AST only |
53+
| map.cpp:152:12:152:16 | map.cpp:105:39:105:44 | IR only |
54+
| map.cpp:153:12:153:17 | map.cpp:105:39:105:44 | IR only |
55+
| map.cpp:158:12:158:16 | map.cpp:105:39:105:44 | IR only |
56+
| map.cpp:159:12:159:17 | map.cpp:105:39:105:44 | IR only |
5357
| map.cpp:190:7:190:9 | map.cpp:188:39:188:44 | AST only |
5458
| map.cpp:190:7:190:9 | map.cpp:188:49:188:54 | AST only |
5559
| map.cpp:193:7:193:9 | map.cpp:189:39:189:44 | AST only |
@@ -86,6 +90,10 @@
8690
| map.cpp:286:7:286:8 | map.cpp:257:39:257:44 | AST only |
8791
| map.cpp:287:7:287:8 | map.cpp:257:39:257:44 | AST only |
8892
| map.cpp:288:7:288:8 | map.cpp:257:39:257:44 | AST only |
93+
| map.cpp:304:12:304:16 | map.cpp:257:39:257:44 | IR only |
94+
| map.cpp:305:12:305:17 | map.cpp:257:39:257:44 | IR only |
95+
| map.cpp:310:12:310:16 | map.cpp:257:39:257:44 | IR only |
96+
| map.cpp:311:12:311:17 | map.cpp:257:39:257:44 | IR only |
8997
| map.cpp:339:7:339:9 | map.cpp:337:39:337:44 | AST only |
9098
| map.cpp:339:7:339:9 | map.cpp:337:49:337:54 | AST only |
9199
| map.cpp:342:7:342:9 | map.cpp:338:39:338:44 | AST only |

cpp/ql/test/library-tests/dataflow/taint-tests/test_ir.expected

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -81,11 +81,23 @@
8181
| map.cpp:105:7:105:54 | call to iterator | map.cpp:105:39:105:44 | call to source |
8282
| map.cpp:106:7:106:54 | call to iterator | map.cpp:106:32:106:37 | call to source |
8383
| map.cpp:107:10:107:15 | call to insert | map.cpp:107:62:107:67 | call to source |
84+
| map.cpp:151:8:151:10 | call to pair | map.cpp:105:39:105:44 | call to source |
85+
| map.cpp:152:12:152:16 | first | map.cpp:105:39:105:44 | call to source |
86+
| map.cpp:153:12:153:17 | second | map.cpp:105:39:105:44 | call to source |
87+
| map.cpp:157:8:157:10 | call to pair | map.cpp:106:32:106:37 | call to source |
88+
| map.cpp:158:12:158:16 | first | map.cpp:105:39:105:44 | call to source |
89+
| map.cpp:159:12:159:17 | second | map.cpp:105:39:105:44 | call to source |
8490
| map.cpp:165:7:165:27 | ... = ... | map.cpp:165:20:165:25 | call to source |
8591
| map.cpp:167:7:167:30 | ... = ... | map.cpp:167:23:167:28 | call to source |
8692
| map.cpp:257:7:257:54 | call to iterator | map.cpp:257:39:257:44 | call to source |
8793
| map.cpp:258:7:258:54 | call to iterator | map.cpp:258:32:258:37 | call to source |
8894
| map.cpp:259:10:259:15 | call to insert | map.cpp:259:62:259:67 | call to source |
95+
| map.cpp:303:8:303:10 | call to pair | map.cpp:257:39:257:44 | call to source |
96+
| map.cpp:304:12:304:16 | first | map.cpp:257:39:257:44 | call to source |
97+
| map.cpp:305:12:305:17 | second | map.cpp:257:39:257:44 | call to source |
98+
| map.cpp:309:8:309:10 | call to pair | map.cpp:258:32:258:37 | call to source |
99+
| map.cpp:310:12:310:16 | first | map.cpp:257:39:257:44 | call to source |
100+
| map.cpp:311:12:311:17 | second | map.cpp:257:39:257:44 | call to source |
89101
| map.cpp:317:7:317:27 | ... = ... | map.cpp:317:20:317:25 | call to source |
90102
| map.cpp:319:7:319:30 | ... = ... | map.cpp:319:23:319:28 | call to source |
91103
| movableclass.cpp:44:8:44:9 | s1 | movableclass.cpp:39:21:39:26 | call to source |

0 commit comments

Comments
 (0)