[CPP-370] Tentatively modify CWE consts.cpp file to play nice with the dataflow library.

zlaski-semmle · zlaski-semmle · commit 8faf95ec843e · 2019-05-21T06:21:12.000-07:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected
@@ -1,10 +1,14 @@
 | consts.cpp:81:9:81:10 | c8 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| consts.cpp:86:9:86:10 | v1 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:91:9:91:10 | v2 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| consts.cpp:95:9:95:10 | v3 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| consts.cpp:100:9:100:10 | v4 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:103:9:103:15 | call to varFunc | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:107:9:107:10 | v5 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:112:9:112:10 | v6 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:116:9:116:13 | access to array | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:121:9:121:10 | v8 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| consts.cpp:130:9:130:10 | v9 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:135:9:135:11 | v10 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:140:9:140:11 | v11 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:145:9:145:11 | v12 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/consts.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/consts.cpp
@@ -59,12 +59,12 @@ void a() {
   
  // GOOD: constFunc() always returns a constant string
  // But we still don't track constantness flow from functions to variables
-  char *c5 = constFunc();
+ char *c5 = constFunc();
  printf(c5);
   
  // GOOD: constFunc() always returns a constant string
  // But we still don't track constantness flow from functions to variables
-  char *c6;
+ char *c6;
  c6 = constFunc();
  printf(c6);
   
@@ -81,7 +81,7 @@ void a() {
  printf(c8);
   
  // BAD: v1 value came from the user
- char *v1;
+ char v1[100];
  gets(v1);
  printf(v1);
  
@@ -125,7 +125,7 @@ void a() {
  // BAD: nonConstFuncToArray() always returns a value from gv1, which is started as constant but was changed to a value that came from the user
  printf(nonConstFuncToArray(0));
   
- // BAD: v9 value is copied from v1, which came from the user [NOT DETECTED]
+ // BAD: v9 value is copied from v1, which came from the user
  const char *v9 = v1;
  printf(v9);
   
