Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit bd84240

Browse files
MathiasVPMathiasVP
committed
C++: Add testcase
1 parent b399246 commit bd84240

3 files changed

Lines changed: 33 additions & 0 deletions

File tree

cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6245,6 +6245,14 @@
62456245
| taint.cpp:657:12:657:15 | call to data | taint.cpp:657:3:657:8 | call to memcpy | |
62466246
| taint.cpp:657:20:657:25 | source | taint.cpp:657:3:657:8 | call to memcpy | TAINT |
62476247
| taint.cpp:657:20:657:25 | source | taint.cpp:657:12:657:15 | ref arg call to data | TAINT |
6248+
| taint.cpp:668:14:668:14 | s | taint.cpp:669:18:669:18 | s | |
6249+
| taint.cpp:668:14:668:14 | s | taint.cpp:671:7:671:7 | s | |
6250+
| taint.cpp:668:14:668:14 | s | taint.cpp:672:7:672:7 | s | |
6251+
| taint.cpp:668:14:668:14 | s | taint.cpp:673:7:673:7 | s | |
6252+
| taint.cpp:669:18:669:18 | s [post update] | taint.cpp:671:7:671:7 | s | |
6253+
| taint.cpp:669:18:669:18 | s [post update] | taint.cpp:672:7:672:7 | s | |
6254+
| taint.cpp:669:18:669:18 | s [post update] | taint.cpp:673:7:673:7 | s | |
6255+
| taint.cpp:672:7:672:7 | s [post update] | taint.cpp:673:7:673:7 | s | |
62486256
| vector.cpp:16:43:16:49 | source1 | vector.cpp:17:26:17:32 | source1 | |
62496257
| vector.cpp:16:43:16:49 | source1 | vector.cpp:31:38:31:44 | source1 | |
62506258
| vector.cpp:17:21:17:33 | call to vector | vector.cpp:19:14:19:14 | v | |

cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -656,4 +656,19 @@ void test_with_const_member(char* source) {
656656
C_const_member_function c;
657657
memcpy(c.data(), source, 16);
658658
sink(c.data()); // $ ast MISSING: ir
659+
}
660+
661+
void argument_source(void*);
662+
663+
struct two_members {
664+
char *x, *y;
665+
};
666+
667+
void test_argument_source_field_to_obj() {
668+
two_members s;
669+
argument_source(s.x);
670+
671+
sink(s); // $ SPURIOUS: ast
672+
sink(s.x); // $ ast MISSING: ir
673+
sink(s.y); // clean
659674
}

cpp/ql/test/library-tests/dataflow/taint-tests/taint.ql

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,11 @@ module ASTTest {
5353
or
5454
// Track uninitialized variables
5555
exists(source.asUninitialized())
56+
or
57+
exists(FunctionCall fc |
58+
fc.getAnArgument() = source.asDefiningArgument() and
59+
fc.getTarget().hasName("argument_source")
60+
)
5661
}
5762

5863
override predicate isSink(DataFlow::Node sink) {
@@ -80,6 +85,11 @@ module IRTest {
8085
source.(DataFlow::ExprNode).getConvertedExpr().(FunctionCall).getTarget().getName() = "source"
8186
or
8287
source.asParameter().getName().matches("source%")
88+
or
89+
exists(FunctionCall fc |
90+
fc.getAnArgument() = source.asDefiningArgument() and
91+
fc.getTarget().hasName("argument_source")
92+
)
8393
}
8494

8595
override predicate isSink(DataFlow::Node sink) {

0 commit comments

Comments
 (0)