Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ae774a6

Browse files
MathiasVPMathiasVP
committed
C++: Add a test with an indirect source.
1 parent b53963a commit ae774a6

3 files changed

Lines changed: 32 additions & 0 deletions

File tree

cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,8 @@ postWithInFlow
105105
| test.cpp:542:6:542:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
106106
| test.cpp:548:25:548:25 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
107107
| test.cpp:552:25:552:25 | y [inner post update] | PostUpdateNode should not be the target of local flow. |
108+
| test.cpp:562:5:562:13 | globalInt [post update] | PostUpdateNode should not be the target of local flow. |
109+
| test.cpp:576:5:576:13 | globalInt [post update] | PostUpdateNode should not be the target of local flow. |
108110
viableImplInCallContextTooLarge
109111
uniqueParameterNodeAtPosition
110112
uniqueParameterNodePosition

cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -552,3 +552,29 @@ void test_sink_then_source() {
552552
sink_then_source_2(&y, y);
553553
}
554554
}
555+
556+
int* indirect_source();
557+
558+
namespace IndirectFlowThroughGlobals {
559+
int* globalInt;
560+
561+
void taintGlobal() {
562+
globalInt = indirect_source();
563+
}
564+
565+
void f() {
566+
sink(*globalInt); // $ ir=562:17 ir=576:17 // tainted or clean? Not sure.
567+
taintGlobal();
568+
sink(*globalInt); // $ ir=562:17 MISSING: ast=562:17 SPURIOUS: ir=576:17
569+
}
570+
571+
void calledAfterTaint() {
572+
sink(*globalInt); // $ ir=576:17 MISSING: ast=576:17 SPURIOUS: ir=562:17
573+
}
574+
575+
void taintAndCall() {
576+
globalInt = indirect_source();
577+
calledAfterTaint();
578+
sink(*globalInt); // $ ir=576:17 MISSING: ast=576:17 SPURIOUS: ir=562:17
579+
}
580+
}

cpp/ql/test/library-tests/dataflow/dataflow-tests/test.ql

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,8 @@ module AstTest {
2424
or
2525
source.asParameter().getName().matches("source%")
2626
or
27+
source.asExpr().(FunctionCall).getTarget().getName() = "indirect_source"
28+
or
2729
source.(DataFlow::DefinitionByReferenceNode).getParameter().getName().matches("ref_source%")
2830
or
2931
// Track uninitialized variables
@@ -67,6 +69,8 @@ module IRTest {
6769
override predicate isSource(DataFlow::Node source) {
6870
source.asExpr().(FunctionCall).getTarget().getName() = "source"
6971
or
72+
source.asIndirectExpr(1).(FunctionCall).getTarget().getName() = "indirect_source"
73+
or
7074
source.asParameter().getName().matches("source%")
7175
or
7276
source.(DataFlow::DefinitionByReferenceNode).getParameter().getName().matches("ref_source%")

0 commit comments

Comments
 (0)