Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 7917dff

Browse files
geoffw0geoffw0
committed
C++: Add test cases for std::string and std::vector using iterator methods.
1 parent fcdbe0f commit 7917dff

6 files changed

Lines changed: 391 additions & 8 deletions

File tree

cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected

Lines changed: 259 additions & 6 deletions
Large diffs are not rendered by default.

cpp/ql/test/library-tests/dataflow/taint-tests/stl.h

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -99,12 +99,15 @@ namespace std
9999
basic_string& append(const basic_string& str);
100100
basic_string& append(const charT* s);
101101
basic_string& append(size_type n, charT c);
102-
template<class InputIterator>
103-
/* constexpr */ basic_string& append(InputIterator first, InputIterator last);
102+
template<class InputIterator> basic_string& append(InputIterator first, InputIterator last);
104103
basic_string& assign(const basic_string& str);
105104
basic_string& assign(size_type n, charT c);
105+
template<class InputIterator> basic_string& assign(InputIterator first, InputIterator last);
106106
basic_string& insert(size_type pos, const basic_string& str);
107107
basic_string& insert(size_type pos, size_type n, charT c);
108+
basic_string& insert(size_type pos, const charT* s);
109+
iterator insert(const_iterator p, size_type n, charT c);
110+
template<class InputIterator> iterator insert(const_iterator p, InputIterator first, InputIterator last);
108111
basic_string& replace(size_type pos1, size_type n1, const basic_string& str);
109112
basic_string& replace(size_type pos1, size_type n1, size_type n2, charT c);
110113
size_type copy(charT* s, size_type n, size_type pos = 0) const;
@@ -203,6 +206,7 @@ namespace std {
203206
iterator insert(const_iterator position, const T& x);
204207
iterator insert(const_iterator position, T&& x);
205208
iterator insert(const_iterator position, size_type n, const T& x);
209+
template<class InputIterator> iterator insert(const_iterator position, InputIterator first, InputIterator last);
206210

207211
void swap(vector&) noexcept/*(allocator_traits<Allocator>::propagate_on_container_swap::value || allocator_traits<Allocator>::is_always_equal::value)*/;
208212

cpp/ql/test/library-tests/dataflow/taint-tests/string.cpp

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -413,3 +413,81 @@ void test_string_iterators() {
413413
sink(*i9); // tainted
414414
}
415415
}
416+
417+
void test_string_insert_more()
418+
{
419+
std::string s1("aa");
420+
std::string s2("bb");
421+
char *cs1 = "cc";
422+
char *cs2 = source();
423+
424+
sink(s1.insert(0, cs1));
425+
sink(s1);
426+
427+
sink(s2.insert(0, cs2)); // tainted
428+
sink(s2); // tainted
429+
}
430+
431+
void sink(std::string::iterator);
432+
433+
void test_string_iterator_methods()
434+
{
435+
{
436+
std::string a("aa");
437+
std::string b("bb");
438+
439+
sink(a.insert(a.begin(), 10, 'x'));
440+
sink(a);
441+
442+
sink(b.insert(b.begin(), 10, ns_char::source())); // tainted
443+
sink(b); // tainted
444+
}
445+
446+
{
447+
std::string c("cc");
448+
std::string d("dd");
449+
std::string s1("11");
450+
std::string s2(source());
451+
452+
sink(c.insert(c.end(), s1.begin(), s1.end()));
453+
sink(c);
454+
455+
sink(d.insert(d.end(), s2.begin(), s2.end())); // tainted [NOT DETECTED]
456+
sink(d); // tainted [NOT DETECTED]
457+
458+
sink(s2.insert(s2.end(), s1.begin(), s1.end())); // tainted
459+
sink(s2); // tainted
460+
}
461+
462+
{
463+
std::string e("ee");
464+
std::string f("ff");
465+
std::string s3("33");
466+
std::string s4(source());
467+
468+
sink(e.append(s3.begin(), s3.end()));
469+
sink(e);
470+
471+
sink(f.append(s4.begin(), s4.end())); // tainted [NOT DETECTED]
472+
sink(f); // tainted [NOT DETECTED]
473+
474+
sink(s4.append(s3.begin(), s3.end())); // tainted
475+
sink(s4); // tainted
476+
}
477+
478+
{
479+
std::string g("gg");
480+
std::string h("hh");
481+
std::string s5("55");
482+
std::string s6(source());
483+
484+
sink(g.assign(s5.cbegin(), s5.cend()));
485+
sink(g);
486+
487+
sink(h.assign(s6.cbegin(), s6.cend())); // tainted [NOT DETECTED]
488+
sink(h); // tainted [NOT DETECTED]
489+
490+
sink(s6.assign(s5.cbegin(), s5.cend()));
491+
sink(s6); // [FALSE POSITIVE]
492+
}
493+
}

cpp/ql/test/library-tests/dataflow/taint-tests/taint.expected

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -121,6 +121,19 @@
121121
| string.cpp:407:8:407:8 | call to operator* | string.cpp:387:18:387:23 | call to source |
122122
| string.cpp:409:8:409:8 | call to operator* | string.cpp:387:18:387:23 | call to source |
123123
| string.cpp:413:8:413:8 | call to operator* | string.cpp:387:18:387:23 | call to source |
124+
| string.cpp:427:10:427:15 | call to insert | string.cpp:422:14:422:19 | call to source |
125+
| string.cpp:428:7:428:8 | s2 | string.cpp:422:14:422:19 | call to source |
126+
| string.cpp:442:10:442:15 | call to insert | string.cpp:442:32:442:46 | call to source |
127+
| string.cpp:443:8:443:8 | b | string.cpp:442:32:442:46 | call to source |
128+
| string.cpp:455:10:455:15 | call to insert | string.cpp:450:18:450:23 | call to source |
129+
| string.cpp:456:8:456:8 | d | string.cpp:450:18:450:23 | call to source |
130+
| string.cpp:458:11:458:16 | call to insert | string.cpp:450:18:450:23 | call to source |
131+
| string.cpp:459:8:459:9 | s2 | string.cpp:450:18:450:23 | call to source |
132+
| string.cpp:471:10:471:15 | call to append | string.cpp:466:18:466:23 | call to source |
133+
| string.cpp:472:8:472:8 | f | string.cpp:466:18:466:23 | call to source |
134+
| string.cpp:474:11:474:16 | call to append | string.cpp:466:18:466:23 | call to source |
135+
| string.cpp:475:8:475:9 | s4 | string.cpp:466:18:466:23 | call to source |
136+
| string.cpp:491:8:491:9 | s6 | string.cpp:482:18:482:23 | call to source |
124137
| structlikeclass.cpp:35:8:35:9 | s1 | structlikeclass.cpp:29:22:29:27 | call to source |
125138
| structlikeclass.cpp:36:8:36:9 | s2 | structlikeclass.cpp:30:24:30:29 | call to source |
126139
| structlikeclass.cpp:37:8:37:9 | s3 | structlikeclass.cpp:29:22:29:27 | call to source |
@@ -277,3 +290,4 @@
277290
| vector.cpp:290:7:290:8 | v2 | vector.cpp:289:17:289:30 | call to source |
278291
| vector.cpp:291:10:291:13 | call to data | vector.cpp:289:17:289:30 | call to source |
279292
| vector.cpp:292:7:292:18 | access to array | vector.cpp:289:17:289:30 | call to source |
293+
| vector.cpp:312:7:312:7 | d | vector.cpp:303:14:303:19 | call to source |

cpp/ql/test/library-tests/dataflow/taint-tests/test_diff.expected

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -131,6 +131,19 @@
131131
| string.cpp:407:8:407:8 | string.cpp:387:18:387:23 | AST only |
132132
| string.cpp:409:8:409:8 | string.cpp:387:18:387:23 | AST only |
133133
| string.cpp:413:8:413:8 | string.cpp:387:18:387:23 | AST only |
134+
| string.cpp:427:10:427:15 | string.cpp:422:14:422:19 | AST only |
135+
| string.cpp:428:7:428:8 | string.cpp:422:14:422:19 | AST only |
136+
| string.cpp:442:10:442:15 | string.cpp:442:32:442:46 | AST only |
137+
| string.cpp:443:8:443:8 | string.cpp:442:32:442:46 | AST only |
138+
| string.cpp:455:10:455:15 | string.cpp:450:18:450:23 | AST only |
139+
| string.cpp:456:8:456:8 | string.cpp:450:18:450:23 | AST only |
140+
| string.cpp:458:11:458:16 | string.cpp:450:18:450:23 | AST only |
141+
| string.cpp:459:8:459:9 | string.cpp:450:18:450:23 | AST only |
142+
| string.cpp:471:10:471:15 | string.cpp:466:18:466:23 | AST only |
143+
| string.cpp:472:8:472:8 | string.cpp:466:18:466:23 | AST only |
144+
| string.cpp:474:11:474:16 | string.cpp:466:18:466:23 | AST only |
145+
| string.cpp:475:8:475:9 | string.cpp:466:18:466:23 | AST only |
146+
| string.cpp:491:8:491:9 | string.cpp:482:18:482:23 | AST only |
134147
| structlikeclass.cpp:35:8:35:9 | structlikeclass.cpp:29:22:29:27 | AST only |
135148
| structlikeclass.cpp:36:8:36:9 | structlikeclass.cpp:30:24:30:29 | AST only |
136149
| structlikeclass.cpp:37:8:37:9 | structlikeclass.cpp:29:22:29:27 | AST only |
@@ -226,3 +239,4 @@
226239
| vector.cpp:290:7:290:8 | vector.cpp:289:17:289:30 | AST only |
227240
| vector.cpp:291:10:291:13 | vector.cpp:289:17:289:30 | AST only |
228241
| vector.cpp:292:7:292:18 | vector.cpp:289:17:289:30 | AST only |
242+
| vector.cpp:312:7:312:7 | vector.cpp:303:14:303:19 | AST only |

cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -291,3 +291,23 @@ void test_data_more() {
291291
sink(v2.data()); // tainted
292292
sink(v2.data()[2]); // tainted
293293
}
294+
295+
void sink(std::vector<int>::iterator);
296+
297+
void test_vector_insert() {
298+
std::vector<int> a;
299+
std::vector<int> b;
300+
std::vector<int> c;
301+
std::vector<int> d;
302+
303+
d.push_back(source());
304+
305+
sink(a.insert(a.end(), b.begin(), b.end()));
306+
sink(a);
307+
308+
sink(c.insert(c.end(), d.begin(), d.end())); // tainted [NOT DETECTED]
309+
sink(c); // tainted [NOT DETECTED]
310+
311+
sink(d.insert(d.end(), a.begin(), a.end())); // tainted [NOT DETECTED]
312+
sink(d); // tainted
313+
}

0 commit comments

Comments
 (0)