github
diff --git a/‎cpp/ql/test/library-tests/dataflow/taint-tests/IRTaintTestCommon.qll‎
Lines changed: 1 addition & 3 deletions b/‎cpp/ql/test/library-tests/dataflow/taint-tests/IRTaintTestCommon.qll‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎cpp/ql/test/library-tests/dataflow/taint-tests/TaintTestCommon.qll‎
Lines changed: 1 addition & 0 deletions b/‎cpp/ql/test/library-tests/dataflow/taint-tests/TaintTestCommon.qll‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎cpp/ql/test/library-tests/dataflow/taint-tests/arrayassignment.cpp‎
Lines changed: 26 additions & 26 deletions b/‎cpp/ql/test/library-tests/dataflow/taint-tests/arrayassignment.cpp‎
Lines changed: 26 additions & 26 deletions
diff --git a/‎cpp/ql/test/library-tests/dataflow/taint-tests/copyableclass.cpp‎
Lines changed: 7 additions & 7 deletions b/‎cpp/ql/test/library-tests/dataflow/taint-tests/copyableclass.cpp‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎cpp/ql/test/library-tests/dataflow/taint-tests/copyableclass_declonly.cpp‎
Lines changed: 7 additions & 7 deletions b/‎cpp/ql/test/library-tests/dataflow/taint-tests/copyableclass_declonly.cpp‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎cpp/ql/test/library-tests/dataflow/taint-tests/format.cpp‎
Lines changed: 15 additions & 15 deletions b/‎cpp/ql/test/library-tests/dataflow/taint-tests/format.cpp‎
Lines changed: 15 additions & 15 deletions
diff --git a/‎cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected‎
Lines changed: 6 additions & 6 deletions b/‎cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected‎
Lines changed: 6 additions & 6 deletions
@@ -1,6 +1,7 @@
 import cpp
 import semmle.code.cpp.ir.IR
 import semmle.code.cpp.ir.dataflow.TaintTracking
+import TestUtilities.InlineExpectationsTest
 
 /** Common data flow configuration to be used by tests. */
 class TestAllocationConfig extends TaintTracking::Configuration {
@@ -10,9 +11,6 @@ class TestAllocationConfig extends TaintTracking::Configuration {
     source.(DataFlow::ExprNode).getConvertedExpr().(FunctionCall).getTarget().getName() = "source"
     or
     source.asParameter().getName().matches("source%")
-    or
-    // Track uninitialized variables
-    exists(source.asUninitialized())
   }
 
   override predicate isSink(DataFlow::Node sink) {
 
@@ -1,6 +1,7 @@
 import cpp
 import semmle.code.cpp.dataflow.TaintTracking
 import semmle.code.cpp.models.interfaces.Taint
+import TestUtilities.InlineExpectationsTest
 
 /** Common data flow configuration to be used by tests. */
 class TestAllocationConfig extends TaintTracking::Configuration {
 
@@ -13,10 +13,10 @@ void test_pointer_deref_assignment()
 
 	*p_x = source();
 
-	sink(x); // tainted [DETECTED BY IR ONLY]
-	sink(*p_x); // tainted
-	sink(*p2_x); // tainted [DETECTED BY IR ONLY]
-	sink(r_x); // tainted [DETECTED BY IR ONLY]
+	sink(x); // $ ir MISSING: ast
+	sink(*p_x); // $ ast,ir
+	sink(*p2_x); // $ ir MISSING: ast
+	sink(r_x); // $ ir MISSING: ast
 }
 
 void test_reference_deref_assignment()
@@ -28,10 +28,10 @@ void test_reference_deref_assignment()
 
 	r_x = source();
 
-	sink(x); // tainted [DETECTED BY IR ONLY]
-	sink(*p_x); // tainted [DETECTED BY IR ONLY]
-	sink(r_x); // tainted
-	sink(r2_x); // tainted [DETECTED BY IR ONLY]
+	sink(x); // $ ir MISSING: ast
+	sink(*p_x); // $ ir MISSING: ast
+	sink(r_x); // $ ast,ir
+	sink(r2_x); // $ ir MISSING: ast
 }
 
 class MyInt
@@ -53,8 +53,8 @@ void test_myint_member_assignment()
 
 	mi.i = source();
 
-	sink(mi); // tainted [DETECTED BY IR ONLY]
-	sink(mi.get()); // tainted
+	sink(mi); // $ ir MISSING: ast
+	sink(mi.get()); // $ ast,ir
 }
 
 void test_myint_method_assignment()
@@ -63,8 +63,8 @@ void test_myint_method_assignment()
 
 	mi.get() = source();
 
-	sink(mi); // tainted [DETECTED BY IR ONLY]
-	sink(mi.get()); // tainted
+	sink(mi); // $ ir MISSING: ast
+	sink(mi.get()); // $ ast,ir
 }
 
 void test_myint_overloaded_assignment()
@@ -74,10 +74,10 @@ void test_myint_overloaded_assignment()
 	mi = source();
 	mi2 = mi;
 
-	sink(mi); // tainted [NOT DETECTED]
-	sink(mi.get()); // tainted [NOT DETECTED]
-	sink(mi2); // tainted [NOT DETECTED]
-	sink(mi2.get()); // tainted [NOT DETECTED]
+	sink(mi); // $ MISSING: ast,ir
+	sink(mi.get()); // $ MISSING: ast,ir
+	sink(mi2); // $ MISSING: ast,ir
+	sink(mi2.get()); // $ MISSING: ast,ir
 }
 
 class MyArray
@@ -98,7 +98,7 @@ void test_myarray_member_assignment()
 
 	ma.values[0] = source();
 
-	sink(ma.values[0]); // tainted
+	sink(ma.values[0]); // $ ast,ir
 }
 
 void test_myarray_method_assignment()
@@ -107,7 +107,7 @@ void test_myarray_method_assignment()
 
 	ma.get(0) = source();
 
-	sink(ma.get(0)); // tainted [NOT DETECTED]
+	sink(ma.get(0)); // $ MISSING: ast,ir
 }
 
 void test_myarray_overloaded_assignment()
@@ -117,8 +117,8 @@ void test_myarray_overloaded_assignment()
 	ma[0] = source();
 	ma2 = ma;
 
-	sink(ma[0]); // tainted [NOT DETECTED]
-	sink(ma2[0]); // tainted [NOT DETECTED]
+	sink(ma[0]); // $ MISSING: ast,ir
+	sink(ma2[0]); // $ MISSING: ast,ir
 }
 
 void sink(int *);
@@ -132,16 +132,16 @@ void test_array_reference_assignment()
 	int *ptr2, *ptr3;
 
 	ref1 = source();
-	sink(ref1); // tainted
-	sink(arr1[5]); // tainted [DETECTED BY IR ONLY]
+	sink(ref1); // $ ast,ir
+	sink(arr1[5]); // $ ir MISSING: ast
 
 	ptr2 = &(arr2[5]);
 	*ptr2 = source();
-	sink(*ptr2); // tainted
-	sink(arr2[5]); // tainted [DETECTED BY IR ONLY]
+	sink(*ptr2); // $ ast,ir
+	sink(arr2[5]); // $ ir MISSING: ast
 
 	ptr3 = arr3;
 	ptr3[5] = source();
-	sink(ptr3[5]); // tainted
-	sink(arr3[5]); // tainted [DETECTED BY IR ONLY]
+	sink(ptr3[5]); // $ ast,ir
+	sink(arr3[5]); // $ ir MISSING: ast
 }
@@ -37,10 +37,10 @@ void test_copyableclass()
 		MyCopyableClass s4;
 		s4 = source();
 
-		sink(s1); // tainted
-		sink(s2); // tainted
-		sink(s3); // tainted
-		sink(s4); // tainted
+		sink(s1); // $ ast,ir
+		sink(s2); // $ ast,ir
+		sink(s3); // $ ast,ir
+		sink(s4); // $ ast,ir
 	}
 
 	{
@@ -62,8 +62,8 @@ void test_copyableclass()
 		MyCopyableClass s3;
 		s2 = MyCopyableClass(source());
 
-		sink(s1); // tainted
-		sink(s2); // tainted
-		sink(s3 = source()); // tainted
+		sink(s1); // $ ast,ir
+		sink(s2); // $ ast,ir
+		sink(s3 = source()); // $ ast,ir
 	}
 }
@@ -37,10 +37,10 @@ void test_copyableclass_declonly()
 		MyCopyableClassDeclOnly s4;
 		s4 = source();
 
-		sink(s1); // tainted
-		sink(s2); // tainted
-		sink(s3); // tainted
-		sink(s4); // tainted
+		sink(s1); // $ ast,ir
+		sink(s2); // $ ast,ir
+		sink(s3); // $ ast,ir
+		sink(s4); // $ ast,ir
 	}
 
 	{
@@ -62,8 +62,8 @@ void test_copyableclass_declonly()
 		MyCopyableClassDeclOnly s3;
 		s2 = MyCopyableClassDeclOnly(source());
 
-		sink(s1); // tainted
-		sink(s2); // tainted
-		sink(s3 = source()); // tainted
+		sink(s1); // $ ast,ir
+		sink(s2); // $ ast,ir
+		sink(s3 = source()); // $ ast MISSING: ir
 	}
 }
@@ -54,22 +54,22 @@ void test1()
 	{
 		char buffer[256] = {0};
 		sink(snprintf(buffer, 256, "%s", string::source()));
-		sink(buffer); // tainted
+		sink(buffer); // $ ast,ir
 	}
 	{
 		char buffer[256] = {0};
 		sink(snprintf(buffer, 256, string::source(), "Hello."));
-		sink(buffer); // tainted
+		sink(buffer); // $ ast,ir
 	}
 	{
 		char buffer[256] = {0};
 		sink(snprintf(buffer, 256, "%s %s %s", "a", "b", string::source()));
-		sink(buffer); // tainted
+		sink(buffer); // $ ast,ir
 	}
 	{
 		char buffer[256] = {0};
 		sink(snprintf(buffer, 256, "%.*s", 10, string::source()));
-		sink(buffer); // tainted
+		sink(buffer); // $ ast,ir
 	}
 
 	{
@@ -80,39 +80,39 @@ void test1()
 	{
 		char buffer[256] = {0};
 		sink(snprintf(buffer, 256, "%i", source()));
-		sink(buffer); // tainted
+		sink(buffer); // $ ast,ir
 	}
 	{
 		char buffer[256] = {0};
 		sink(snprintf(buffer, 256, "%.*s", source(), "Hello."));
-		sink(buffer); // tainted
+		sink(buffer); // $ ast,ir
 	}
 
 	{
 		char buffer[256] = {0};
 		sink(snprintf(buffer, 256, "%p", string::source()));
-		sink(buffer); // tainted (debatable)
+		sink(buffer); // $ ast,ir // tainted (debatable)
 	}
 
 	{
 		char buffer[256] = {0};
 		sink(sprintf(buffer, "%s", string::source()));
-		sink(buffer); // tainted
+		sink(buffer); // $ ast,ir
 	}
 	{
 		char buffer[256] = {0};
 		sink(sprintf(buffer, "%ls", wstring::source()));
-		sink(buffer); // tainted
+		sink(buffer); // $ ast,ir
 	}
 	{
 		wchar_t wbuffer[256] = {0};
 		sink(swprintf(wbuffer, 256, L"%s", wstring::source()));
-		sink(wbuffer); // tainted
+		sink(wbuffer); // $ ast,ir
 	}
 	{
 		char buffer[256] = {0};
 		sink(mysprintf(buffer, 256, "%s", string::source()));
-		sink(buffer); // tainted
+		sink(buffer); // $ ast,ir
 	}
 
 	{
@@ -123,7 +123,7 @@ void test1()
 	{
 		int i = 0;
 		sink(sscanf(string::source(), "%i", &i));
-		sink(i); // tainted [NOT DETECTED]
+		sink(i); // $ MISSING: ast,ir
 	}
 	{
 		char buffer[256] = {0};
@@ -133,7 +133,7 @@ void test1()
 	{
 		char buffer[256] = {0};
 		sink(sscanf(string::source(), "%s", &buffer));
-		sink(buffer); // tainted [NOT DETECTED]
+		sink(buffer); // $ MISSING: ast,ir
 	}
 }
 
@@ -154,6 +154,6 @@ void test2()
 	i = strlen(s) + 1;
 	sink(i);
 
-	sink(s[strlen(s) - 1]); // tainted
-	sink(ws + (wcslen(ws) / 2)); // tainted
+	sink(s[strlen(s) - 1]); // $ ast,ir
+	sink(ws + (wcslen(ws) / 2)); // $ ast,ir
 }
@@ -787,8 +787,6 @@
 | map.cpp:152:15:152:19 | call to begin | map.cpp:154:9:154:10 | i2 |  |
 | map.cpp:152:15:152:19 | call to begin | map.cpp:155:8:155:9 | i2 |  |
 | map.cpp:152:15:152:19 | call to begin | map.cpp:156:8:156:9 | i2 |  |
-| map.cpp:152:15:152:19 | call to begin | map.cpp:161:8:161:9 | i2 |  |
-| map.cpp:152:15:152:19 | call to begin | map.cpp:162:8:162:9 | i2 |  |
 | map.cpp:152:30:152:31 | m2 | map.cpp:152:33:152:35 | call to end | TAINT |
 | map.cpp:152:30:152:31 | ref arg m2 | map.cpp:152:30:152:31 | m2 |  |
 | map.cpp:152:30:152:31 | ref arg m2 | map.cpp:182:7:182:8 | m2 |  |
@@ -804,8 +802,6 @@
 | map.cpp:152:40:152:41 | ref arg i2 | map.cpp:154:9:154:10 | i2 |  |
 | map.cpp:152:40:152:41 | ref arg i2 | map.cpp:155:8:155:9 | i2 |  |
 | map.cpp:152:40:152:41 | ref arg i2 | map.cpp:156:8:156:9 | i2 |  |
-| map.cpp:152:40:152:41 | ref arg i2 | map.cpp:161:8:161:9 | i2 |  |
-| map.cpp:152:40:152:41 | ref arg i2 | map.cpp:162:8:162:9 | i2 |  |
 | map.cpp:154:8:154:8 | call to operator* | map.cpp:154:8:154:10 | call to pair | TAINT |
 | map.cpp:154:9:154:10 | i2 | map.cpp:154:8:154:8 | call to operator* | TAINT |
 | map.cpp:155:8:155:9 | i2 | map.cpp:155:10:155:10 | call to operator-> | TAINT |
@@ -817,17 +813,21 @@
 | map.cpp:158:15:158:19 | call to begin | map.cpp:158:24:158:25 | i3 |  |
 | map.cpp:158:15:158:19 | call to begin | map.cpp:158:40:158:41 | i3 |  |
 | map.cpp:158:15:158:19 | call to begin | map.cpp:160:9:160:10 | i3 |  |
+| map.cpp:158:15:158:19 | call to begin | map.cpp:161:8:161:9 | i3 |  |
+| map.cpp:158:15:158:19 | call to begin | map.cpp:162:8:162:9 | i3 |  |
 | map.cpp:158:30:158:31 | m3 | map.cpp:158:33:158:35 | call to end | TAINT |
 | map.cpp:158:30:158:31 | ref arg m3 | map.cpp:158:30:158:31 | m3 |  |
 | map.cpp:158:30:158:31 | ref arg m3 | map.cpp:252:1:252:1 | m3 |  |
 | map.cpp:158:40:158:41 | i3 | map.cpp:158:42:158:42 | call to operator++ |  |
 | map.cpp:158:40:158:41 | ref arg i3 | map.cpp:158:24:158:25 | i3 |  |
 | map.cpp:158:40:158:41 | ref arg i3 | map.cpp:158:40:158:41 | i3 |  |
 | map.cpp:158:40:158:41 | ref arg i3 | map.cpp:160:9:160:10 | i3 |  |
+| map.cpp:158:40:158:41 | ref arg i3 | map.cpp:161:8:161:9 | i3 |  |
+| map.cpp:158:40:158:41 | ref arg i3 | map.cpp:162:8:162:9 | i3 |  |
 | map.cpp:160:8:160:8 | call to operator* | map.cpp:160:8:160:10 | call to pair | TAINT |
 | map.cpp:160:9:160:10 | i3 | map.cpp:160:8:160:8 | call to operator* | TAINT |
-| map.cpp:161:8:161:9 | i2 | map.cpp:161:10:161:10 | call to operator-> | TAINT |
-| map.cpp:162:8:162:9 | i2 | map.cpp:162:10:162:10 | call to operator-> | TAINT |
+| map.cpp:161:8:161:9 | i3 | map.cpp:161:10:161:10 | call to operator-> | TAINT |
+| map.cpp:162:8:162:9 | i3 | map.cpp:162:10:162:10 | call to operator-> | TAINT |
 | map.cpp:166:27:166:29 | call to map | map.cpp:167:7:167:9 | m10 |  |
 | map.cpp:166:27:166:29 | call to map | map.cpp:171:7:171:9 | m10 |  |
 | map.cpp:166:27:166:29 | call to map | map.cpp:252:1:252:1 | m10 |  |
Original file line number	Diff line number	Diff line change
`@@ -37,10 +37,10 @@ void test_copyableclass()`
`37`	`37`	`MyCopyableClass s4;`
`38`	`38`	`s4 = source();`
`39`	`39`
`40`		`- sink(s1); // tainted`
`41`		`- sink(s2); // tainted`
`42`		`- sink(s3); // tainted`
`43`		`- sink(s4); // tainted`
	`40`	`+ sink(s1); // $ ast,ir`
	`41`	`+ sink(s2); // $ ast,ir`
	`42`	`+ sink(s3); // $ ast,ir`
	`43`	`+ sink(s4); // $ ast,ir`
`44`	`44`	`}`
`45`	`45`
`46`	`46`	`{`
`@@ -62,8 +62,8 @@ void test_copyableclass()`
`62`	`62`	`MyCopyableClass s3;`
`63`	`63`	`s2 = MyCopyableClass(source());`
`64`	`64`
`65`		`- sink(s1); // tainted`
`66`		`- sink(s2); // tainted`
`67`		`- sink(s3 = source()); // tainted`
	`65`	`+ sink(s1); // $ ast,ir`
	`66`	`+ sink(s2); // $ ast,ir`
	`67`	`+ sink(s3 = source()); // $ ast,ir`
`68`	`68`	`}`
`69`	`69`	`}`
Original file line number	Diff line number	Diff line change
`@@ -54,22 +54,22 @@ void test1()`
`54`	`54`	`{`
`55`	`55`	`char buffer[256] = {0};`
`56`	`56`	`sink(snprintf(buffer, 256, "%s", string::source()));`
`57`		`- sink(buffer); // tainted`
	`57`	`+ sink(buffer); // $ ast,ir`
`58`	`58`	`}`
`59`	`59`	`{`
`60`	`60`	`char buffer[256] = {0};`
`61`	`61`	`sink(snprintf(buffer, 256, string::source(), "Hello."));`
`62`		`- sink(buffer); // tainted`
	`62`	`+ sink(buffer); // $ ast,ir`
`63`	`63`	`}`
`64`	`64`	`{`
`65`	`65`	`char buffer[256] = {0};`
`66`	`66`	`sink(snprintf(buffer, 256, "%s %s %s", "a", "b", string::source()));`
`67`		`- sink(buffer); // tainted`
	`67`	`+ sink(buffer); // $ ast,ir`
`68`	`68`	`}`
`69`	`69`	`{`
`70`	`70`	`char buffer[256] = {0};`
`71`	`71`	`sink(snprintf(buffer, 256, "%.*s", 10, string::source()));`
`72`		`- sink(buffer); // tainted`
	`72`	`+ sink(buffer); // $ ast,ir`
`73`	`73`	`}`
`74`	`74`
`75`	`75`	`{`
`@@ -80,39 +80,39 @@ void test1()`
`80`	`80`	`{`
`81`	`81`	`char buffer[256] = {0};`
`82`	`82`	`sink(snprintf(buffer, 256, "%i", source()));`
`83`		`- sink(buffer); // tainted`
	`83`	`+ sink(buffer); // $ ast,ir`
`84`	`84`	`}`
`85`	`85`	`{`
`86`	`86`	`char buffer[256] = {0};`
`87`	`87`	`sink(snprintf(buffer, 256, "%.*s", source(), "Hello."));`
`88`		`- sink(buffer); // tainted`
	`88`	`+ sink(buffer); // $ ast,ir`
`89`	`89`	`}`
`90`	`90`
`91`	`91`	`{`
`92`	`92`	`char buffer[256] = {0};`
`93`	`93`	`sink(snprintf(buffer, 256, "%p", string::source()));`
`94`		`- sink(buffer); // tainted (debatable)`
	`94`	`+ sink(buffer); // $ ast,ir // tainted (debatable)`
`95`	`95`	`}`
`96`	`96`
`97`	`97`	`{`
`98`	`98`	`char buffer[256] = {0};`
`99`	`99`	`sink(sprintf(buffer, "%s", string::source()));`
`100`		`- sink(buffer); // tainted`
	`100`	`+ sink(buffer); // $ ast,ir`
`101`	`101`	`}`
`102`	`102`	`{`
`103`	`103`	`char buffer[256] = {0};`
`104`	`104`	`sink(sprintf(buffer, "%ls", wstring::source()));`
`105`		`- sink(buffer); // tainted`
	`105`	`+ sink(buffer); // $ ast,ir`
`106`	`106`	`}`
`107`	`107`	`{`
`108`	`108`	`wchar_t wbuffer[256] = {0};`
`109`	`109`	`sink(swprintf(wbuffer, 256, L"%s", wstring::source()));`
`110`		`- sink(wbuffer); // tainted`
	`110`	`+ sink(wbuffer); // $ ast,ir`
`111`	`111`	`}`
`112`	`112`	`{`
`113`	`113`	`char buffer[256] = {0};`
`114`	`114`	`sink(mysprintf(buffer, 256, "%s", string::source()));`
`115`		`- sink(buffer); // tainted`
	`115`	`+ sink(buffer); // $ ast,ir`
`116`	`116`	`}`
`117`	`117`
`118`	`118`	`{`
`@@ -123,7 +123,7 @@ void test1()`
`123`	`123`	`{`
`124`	`124`	`int i = 0;`
`125`	`125`	`sink(sscanf(string::source(), "%i", &i));`
`126`		`- sink(i); // tainted [NOT DETECTED]`
	`126`	`+ sink(i); // $ MISSING: ast,ir`
`127`	`127`	`}`
`128`	`128`	`{`
`129`	`129`	`char buffer[256] = {0};`
`@@ -133,7 +133,7 @@ void test1()`
`133`	`133`	`{`
`134`	`134`	`char buffer[256] = {0};`
`135`	`135`	`sink(sscanf(string::source(), "%s", &buffer));`
`136`		`- sink(buffer); // tainted [NOT DETECTED]`
	`136`	`+ sink(buffer); // $ MISSING: ast,ir`
`137`	`137`	`}`
`138`	`138`	`}`
`139`	`139`
`@@ -154,6 +154,6 @@ void test2()`
`154`	`154`	`i = strlen(s) + 1;`
`155`	`155`	`sink(i);`
`156`	`156`
`157`		`- sink(s[strlen(s) - 1]); // tainted`
`158`		`- sink(ws + (wcslen(ws) / 2)); // tainted`
	`157`	`+ sink(s[strlen(s) - 1]); // $ ast,ir`
	`158`	`+ sink(ws + (wcslen(ws) / 2)); // $ ast,ir`
`159`	`159`	`}`