[CPP-370] Reformat test cases so that the .expect files line up with what was

zlaski-semmle · zlaski-semmle · commit b205951e6da9 · 2019-05-21T06:18:31.000-07:00
checked in initially.  Check for DataFlow::DefinitionByReferenceNode
          when computing isSource() for our taint analysis.
diff --git a/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql b/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql
@@ -46,51 +46,56 @@ predicate whitelisted(FunctionCall fc) {
   exists(Function f, int arg | f = fc.getTarget() | whitelistFunction(f, arg))
 }
 
-predicate isNonConst(Expr e) {
-  exists(FunctionCall fc | fc = e.(FunctionCall) |
-    not whitelisted(fc) and not fc.getTarget().hasDefinition()
-  )
-  or
-  exists(Parameter p | p = e.(VariableAccess).getTarget().(Parameter) |
-    p.getFunction().getName() = "main" and p.getType() instanceof PointerType
-  )
-  or
-  e instanceof CrementOperation
-  or
-  e instanceof AddressOfExpr
-  or
-  e instanceof ReferenceToExpr
-  or
-  e instanceof AssignPointerAddExpr
-  or
-  e instanceof AssignPointerSubExpr
-  or
-  e instanceof PointerArithmeticOperation
-  or
-  e instanceof FieldAccess
-  or
-  e instanceof PointerDereferenceExpr
-  or
-  e instanceof AddressOfExpr
-  or
-  e instanceof ExprCall
-  or
-  e instanceof NewArrayExpr
-  or
-  e instanceof AssignExpr
-  or
-  exists(Variable v | v = e.(VariableAccess).getTarget() |
-    v.getType().(ArrayType).getBaseType() instanceof CharType and
-    exists(AssignExpr ae |
-      ae.getLValue().(ArrayExpr).getArrayBase().(VariableAccess).getTarget() = v
+predicate isNonConst(DataFlow::Node node) {
+  exists(Expr e | e = node.asExpr() |
+    exists(FunctionCall fc | fc = e.(FunctionCall) |
+      not whitelisted(fc) and not fc.getTarget().hasDefinition()
+    )
+    or
+    exists(Parameter p | p = e.(VariableAccess).getTarget().(Parameter) |
+      p.getFunction().getName() = "main" and p.getType() instanceof PointerType
+    )
+    or
+    e instanceof CrementOperation
+    or
+    e instanceof AddressOfExpr
+    or
+    e instanceof ReferenceToExpr
+    or
+    e instanceof AssignPointerAddExpr
+    or
+    e instanceof AssignPointerSubExpr
+    or
+    e instanceof PointerArithmeticOperation
+    or
+    e instanceof FieldAccess
+    or
+    e instanceof PointerDereferenceExpr
+    or
+    e instanceof AddressOfExpr
+    or
+    e instanceof ExprCall
+    or
+    e instanceof NewArrayExpr
+    or
+    e instanceof AssignExpr
+    or
+    exists(Variable v | v = e.(VariableAccess).getTarget() |
+      v.getType().(ArrayType).getBaseType() instanceof CharType and
+      exists(AssignExpr ae |
+        ae.getLValue().(ArrayExpr).getArrayBase().(VariableAccess).getTarget() = v
+      )
     )
   )
+  or
+  // TODO: Figure out what to do with DataFlow::DefinitionByReferenceNode
+  exists(DataFlow::DefinitionByReferenceNode dbr | dbr = node.(DataFlow::DefinitionByReferenceNode))
 }
 
 class NonConstFlow extends TaintTracking::Configuration {
   NonConstFlow() { this = "NonConstFlow" }
 
-  override predicate isSource(DataFlow::Node source) { isNonConst(source.asExpr()) }
+  override predicate isSource(DataFlow::Node source) { isNonConst(source) }
 
   override predicate isSink(DataFlow::Node sink) {
     exists(FormattingFunctionCall fc | sink.asExpr() = fc.getArgument(fc.getFormatParameterIndex()))
@@ -105,5 +110,5 @@ where
     sink.asExpr() = formatString
   )
 select formatString,
-  "The format string argument to " + call.getTarget().getQualifiedName() +
+  "The format string argument to " + call.getTarget().getName() +
     " should be constant to prevent security issues and other potential errors."
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.c b/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.c
@@ -1,9 +1,5 @@
 extern int printf(const char *fmt, ...);
 
-// For the following `...gettext` functions, we assume that
-// all translations preserve the type and order of `%` specifiers
-// (and hence are safe to use as format strings).  This
-// assumption is hard-coded into the query.
 
 extern char *gettext (const char *__msgid);
 
@@ -12,6 +8,7 @@ extern char *dgettext (const char *__domainname, const char *__msgid);
 extern char *dcgettext (const char *__domainname,
                         const char *__msgid, int __category);
 
+
 extern char *ngettext (const char *__msgid1, const char *__msgid2,
                        unsigned long int __n);
 
@@ -26,30 +23,27 @@ extern char *dcngettext (const char *__domainname, const char *__msgid1,
 extern char *any_random_function(const char *);
 
 #define NULL ((void*)0)
-
-#define _(X) my_gettext(X)
+#define _(X) any_random_function((X))
 
 int main(int argc, char **argv) {
 	if(argc > 1)
-		printf(argv[1]);                  // NOT OK
+		printf(argv[1]);                   // not ok
 	else
-		printf("No argument supplied.\n"); // OK
+		printf("No argument supplied.\n"); // ok
 
-	printf(_("No argument supplied.\n")); // NOT OK
+	printf(_("No argument supplied.\n")); // not ok
 
-	printf(dgettext(NULL, "No argument supplied.\n")); // OK
+	printf(dgettext(NULL, "No argument supplied.\n")); // ok
 
-	printf(ngettext("One argument\n", "%d arguments\n", argc-1), argc-1); // OK
+	printf(ngettext("One argument\n", "%d arguments\n", argc-1), argc-1); // ok
 
-	printf(gettext("%d arguments\n"), argc-1); // OK
-	printf(any_random_function("%d arguments\n"), argc-1); // NOT OK
+	printf(gettext("%d arguments\n"), argc-1); // ok
+	printf(any_random_function("%d arguments\n"), argc-1); // not ok
 
-#undef _
-    /* The special `..gettext..` functions are allowed arbitrary arguments */
-	printf(_(any_random_function("%d arguments\n")),  // OK
-			argc-1);
-	printf(_("%d more arguments\n"),  // OK
-			argc-1);
+	// Since `_` is mapped to `some_random_function` above,
+	// the following call will be flagged.
+	printf(_(any_random_function("%d arguments\n")),
+			argc-1); // not ok
 
 	return 0;
 }
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.expected b/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.expected
@@ -1,17 +1,19 @@
-| NonConstantFormat.c:34:10:34:16 | access to array | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| NonConstantFormat.c:38:9:38:36 | call to my_gettext | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| NonConstantFormat.c:45:9:45:27 | call to any_random_function | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:60:12:60:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:63:12:63:21 | call to const_wash | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:64:12:64:26 | ... + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:65:12:65:17 | + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:66:12:66:18 | * ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:67:12:67:18 | & ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:68:12:68:39 | ... + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:70:10:70:35 | ... + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:73:12:73:20 | ... + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:79:12:79:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:85:12:85:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:91:12:91:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:96:12:96:18 | ++ ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:113:12:113:24 | new[] | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| NonConstantFormat.c:30:10:30:16 | access to array | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| NonConstantFormat.c:34:9:34:36 | call to any_random_function | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| NonConstantFormat.c:41:9:41:27 | call to any_random_function | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| NonConstantFormat.c:45:9:45:48 | call to any_random_function | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| test.cpp:45:10:45:21 | call to make_message | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| test.cpp:50:12:50:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| test.cpp:53:12:53:21 | call to const_wash | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| test.cpp:54:12:54:26 | ... + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| test.cpp:55:12:55:17 | + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| test.cpp:56:12:56:18 | * ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| test.cpp:57:12:57:18 | & ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| test.cpp:58:12:58:39 | ... + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| test.cpp:60:10:60:35 | ... + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| test.cpp:63:12:63:20 | ... + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| test.cpp:69:12:69:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| test.cpp:75:12:75:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| test.cpp:81:12:81:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| test.cpp:86:12:86:18 | ++ ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| test.cpp:103:12:103:24 | new[] | The format string argument to printf should be constant to prevent security issues and other potential errors. |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/test.cpp
@@ -10,10 +10,6 @@ const char *messages[] = {
     "%u tasks left\n",
 };
 
-const char *simple_func(const char *str) {
-	return str;
-}
-
 const char *choose_message(unsigned int n) {
   if (n == 0) {
     const char *message = messages[0];
@@ -27,7 +23,7 @@ const char *choose_message(unsigned int n) {
 
 const char *make_message(unsigned int n) {
   static char buf[64];
-  sprintf(buf, "%d tasks left\n", n); // OK
+  sprintf(buf, "%d tasks left\n", n);
   return buf;
 }
 
@@ -45,14 +41,8 @@ const char *const_wash(char *str) {
 }
 
 int main(int argc, char **argv) {
-  const char *message = messages[2];
-  printf(simple_func("Hello, World\n")); // OK
   printf(choose_message(argc - 1), argc - 1); // OK
-  printf(messages[1]); // OK
-  printf(message); // OK
-  printf(make_message(argc - 1)); // OK
-  printf("Hello, World\n"); // OK
-  printf(gettext("Hello, World\n")); // OK
+  printf(make_message(argc - 1)); // NOT OK
   printf(_("Hello, World\n")); // OK
   {
     char hello[] = "hello, World\n";
@@ -100,14 +90,14 @@ int main(int argc, char **argv) {
     const char *hello = "Hello, World\n";
     const char **p = &hello;
     (*p)++;
-    printf(hello); // NOT OK [NOT DETECTED]
+    printf(hello); // NOT OK
   }
   {
     // Same as above block but through a C++ reference
     const char *hello = "Hello, World\n";
     const char *&p = hello;
     p++;
-    printf(hello); // NOT OK [NOT DETECTED]
+    printf(hello); // NOT OK
   }
   if (gettext_debug) {
     printf(new char[100]); // NOT OK
@@ -120,5 +110,22 @@ int main(int argc, char **argv) {
   }
   printf(argc > 2 ? "More than one\n" : _("Only one\n")); // OK
 
+  // This following is OK since a const literal is passed to const_wash()
+  // and the taint tracker detects this.
+  //
+  //
   printf(const_wash("Hello, World\n")); // OK
 }
+
+const char *simple_func(const char *str) {
+	return str;
+}
+
+void another_func(void) {
+  const char *message = messages[2];
+  printf(simple_func("Hello, World\n")); // OK
+  printf(messages[1]); // OK
+  printf(message); // OK
+  printf("Hello, World\n"); // OK
+  printf(gettext("Hello, World\n")); // OK
+}
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected
@@ -1,16 +1,10 @@
-| consts.cpp:63:9:63:10 | c5 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:69:9:69:10 | c6 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:81:9:81:10 | c8 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:86:9:86:10 | v1 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:91:9:91:10 | v2 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:95:9:95:10 | v3 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:100:9:100:10 | v4 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:103:9:103:15 | call to varFunc | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:107:9:107:10 | v5 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:112:9:112:10 | v6 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:116:9:116:13 | access to array | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:121:9:121:10 | v8 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:130:9:130:10 | v9 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:135:9:135:11 | v10 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:140:9:140:11 | v11 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:145:9:145:11 | v12 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
