Skip to content

Commit 42d162a

Browse files
d10cd10c
committed
[TEST] C++: CWE-020/ExternalAPI: add tests based on qlhelp
1 parent ec605b2 commit 42d162a

12 files changed

+72
-0
lines changed

cpp/ql/test/query-tests/Security/CWE/CWE-020/CountUntrustedDataToExternalAPI.expected

Whitespace-only changes.

cpp/ql/test/query-tests/Security/CWE/CWE-020/CountUntrustedDataToExternalAPI.qlref

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
query: Security/CWE/CWE-020/CountUntrustedDataToExternalAPI.ql
2+
postprocess:
3+
- utils/test/PrettyPrintModels.ql
4+
- utils/test/InlineExpectationsTestQuery.ql

cpp/ql/test/query-tests/Security/CWE/CWE-020/ExternalAPISinkExample.cpp

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
typedef unsigned long size_t;
2+
typedef size_t FILE;
3+
4+
char *strcat(char *s1, const char *s2);
5+
char *fgets(char *s, int n, FILE *stream);
6+
char *fputs(const char *s, FILE *stream);
7+
8+
void do_get(FILE* request, FILE* response) {
9+
char page[1024];
10+
fgets(page, 1024, request);
11+
12+
char buffer[1024];
13+
strcat(buffer, "The page \"");
14+
strcat(buffer, page);
15+
strcat(buffer, "\" was not found.");
16+
17+
fputs(buffer, response);
18+
}

cpp/ql/test/query-tests/Security/CWE/CWE-020/ExternalAPITaintStepExample.cpp

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
typedef unsigned long size_t;
2+
typedef size_t FILE;
3+
4+
char *strcat(char *s1, const char *s2);
5+
char *fgets(char *s, int n, FILE *stream);
6+
char *fputs(const char *s, FILE *stream);
7+
8+
void do_get(FILE* request, FILE* response) {
9+
char user_id[1024];
10+
fgets(user_id, 1024, request);
11+
12+
char buffer[1024];
13+
strcat(buffer, "SELECT * FROM user WHERE user_id='");
14+
strcat(buffer, user_id);
15+
strcat(buffer, "'");
16+
17+
fputs(buffer, response);
18+
}

cpp/ql/test/query-tests/Security/CWE/CWE-020/IRCountUntrustedDataToExternalAPI.expected

Whitespace-only changes.

cpp/ql/test/query-tests/Security/CWE/CWE-020/IRCountUntrustedDataToExternalAPI.qlref

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
query: Security/CWE/CWE-020/IRCountUntrustedDataToExternalAPI.ql
2+
postprocess:
3+
- utils/test/PrettyPrintModels.ql
4+
- utils/test/InlineExpectationsTestQuery.ql

cpp/ql/test/query-tests/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.expected

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
#select
2+
edges
3+
nodes
4+
subpaths

cpp/ql/test/query-tests/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.qlref

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
query: Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql
2+
postprocess:
3+
- utils/test/PrettyPrintModels.ql
4+
- utils/test/InlineExpectationsTestQuery.ql

cpp/ql/test/query-tests/Security/CWE/CWE-020/UntrustedDataToExternalAPI.expected

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
#select
2+
edges
3+
nodes
4+
subpaths

cpp/ql/test/query-tests/Security/CWE/CWE-020/UntrustedDataToExternalAPI.qlref

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
query: Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql
2+
postprocess:
3+
- utils/test/PrettyPrintModels.ql
4+
- utils/test/InlineExpectationsTestQuery.ql

0 commit comments

Comments
 (0)