Skip to content

Commit 688464a

Browse files
MathiasVPMathiasVP
committed
C++: Add testcases with new and accept output
1 parent e31143c commit 688464a

File tree

9 files changed

+550
-0
lines changed

9 files changed

+550
-0
lines changed

cpp/ql/test/library-tests/dataflow/security-taint/tainted.expected

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -73,3 +73,18 @@
7373
| test.cpp:100:17:100:22 | buffer | test.cpp:93:18:93:18 | s | |
7474
| test.cpp:100:17:100:22 | buffer | test.cpp:97:7:97:12 | buffer | |
7575
| test.cpp:100:17:100:22 | buffer | test.cpp:100:17:100:22 | buffer | |
76+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:8:24:8:25 | s1 | |
77+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:11:20:11:21 | s1 | |
78+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:11:36:11:37 | s2 | |
79+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:106:17:106:24 | userName | |
80+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:106:28:106:33 | call to getenv | |
81+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:106:28:106:46 | (const char *)... | |
82+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:108:8:108:11 | copy | |
83+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:109:2:109:7 | call to strcpy | |
84+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:109:9:109:12 | copy | |
85+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:109:15:109:22 | userName | |
86+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:111:6:111:27 | ! ... | |
87+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:111:7:111:12 | call to strcmp | |
88+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:111:7:111:27 | (bool)... | |
89+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:111:14:111:17 | (const char *)... | |
90+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:111:14:111:17 | copy | |

cpp/ql/test/library-tests/dataflow/security-taint/tainted_diff.expected

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,3 +14,12 @@
1414
| test.cpp:100:12:100:15 | call to gets | test.cpp:100:2:100:8 | pointer | AST only |
1515
| test.cpp:100:17:100:22 | buffer | test.cpp:97:7:97:12 | buffer | AST only |
1616
| test.cpp:100:17:100:22 | buffer | test.cpp:100:17:100:22 | array to pointer conversion | IR only |
17+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:8:24:8:25 | s1 | AST only |
18+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:11:20:11:21 | s1 | AST only |
19+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:108:8:108:11 | copy | AST only |
20+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:109:9:109:12 | copy | AST only |
21+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:111:6:111:27 | ! ... | AST only |
22+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:111:7:111:12 | call to strcmp | AST only |
23+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:111:7:111:27 | (bool)... | AST only |
24+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:111:14:111:17 | (const char *)... | AST only |
25+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:111:14:111:17 | copy | AST only |

cpp/ql/test/library-tests/dataflow/security-taint/tainted_ir.expected

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,3 +57,9 @@
5757
| test.cpp:100:17:100:22 | buffer | test.cpp:93:18:93:18 | s | |
5858
| test.cpp:100:17:100:22 | buffer | test.cpp:100:17:100:22 | array to pointer conversion | |
5959
| test.cpp:100:17:100:22 | buffer | test.cpp:100:17:100:22 | buffer | |
60+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:11:36:11:37 | s2 | |
61+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:106:17:106:24 | userName | |
62+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:106:28:106:33 | call to getenv | |
63+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:106:28:106:46 | (const char *)... | |
64+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:109:2:109:7 | call to strcpy | |
65+
| test.cpp:106:28:106:33 | call to getenv | test.cpp:109:15:109:22 | userName | |

cpp/ql/test/library-tests/dataflow/security-taint/test.cpp

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,3 +99,16 @@ void test_gets()
9999

100100
pointer = gets(buffer);
101101
}
102+
103+
const char *alias_global_new;
104+
105+
void newBuffer() {
106+
const char *userName = getenv("USER_NAME");
107+
char *alias = new char[4096];
108+
char *copy = new char[4096];
109+
strcpy(copy, userName);
110+
alias_global_new = alias; // to force a Chi node on all aliased memory
111+
if (!strcmp(copy, "admin")) { // copy should be tainted
112+
isAdmin = true;
113+
}
114+
}

cpp/ql/test/library-tests/ir/ssa/aliased_ssa_ir.expected

Lines changed: 131 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1345,3 +1345,134 @@ ssa.cpp:
13451345
# 275| v275_13(void) = UnmodeledUse : mu*
13461346
# 275| v275_14(void) = AliasedUse : ~m281_2
13471347
# 275| v275_15(void) = ExitFunction :
1348+
1349+
# 286| void A::A(int)
1350+
# 286| Block 0
1351+
# 286| v286_1(void) = EnterFunction :
1352+
# 286| m286_2(unknown) = AliasedDefinition :
1353+
# 286| m286_3(unknown) = InitializeNonLocal :
1354+
# 286| m286_4(unknown) = Chi : total:m286_2, partial:m286_3
1355+
# 286| mu286_5(unknown) = UnmodeledDefinition :
1356+
# 286| r286_6(glval<A>) = InitializeThis :
1357+
# 286| r286_7(glval<int>) = VariableAddress[x] :
1358+
# 286| m286_8(int) = InitializeParameter[x] : &:r286_7
1359+
# 286| v286_9(void) = NoOp :
1360+
# 286| v286_10(void) = ReturnVoid :
1361+
# 286| v286_11(void) = UnmodeledUse : mu*
1362+
# 286| v286_12(void) = AliasedUse : m286_3
1363+
# 286| v286_13(void) = ExitFunction :
1364+
1365+
# 287| void A::A(A*)
1366+
# 287| Block 0
1367+
# 287| v287_1(void) = EnterFunction :
1368+
# 287| m287_2(unknown) = AliasedDefinition :
1369+
# 287| m287_3(unknown) = InitializeNonLocal :
1370+
# 287| m287_4(unknown) = Chi : total:m287_2, partial:m287_3
1371+
# 287| mu287_5(unknown) = UnmodeledDefinition :
1372+
# 287| r287_6(glval<A>) = InitializeThis :
1373+
# 287| r287_7(glval<A *>) = VariableAddress[p#0] :
1374+
# 287| m287_8(A *) = InitializeParameter[p#0] : &:r287_7
1375+
# 287| r287_9(A *) = Load : &:r287_7, m287_8
1376+
# 287| m287_10(unknown) = InitializeIndirection[p#0] : &:r287_9
1377+
# 287| v287_11(void) = NoOp :
1378+
# 287| v287_12(void) = ReturnIndirection : &:r287_9, m287_10
1379+
# 287| v287_13(void) = ReturnVoid :
1380+
# 287| v287_14(void) = UnmodeledUse : mu*
1381+
# 287| v287_15(void) = AliasedUse : m287_3
1382+
# 287| v287_16(void) = ExitFunction :
1383+
1384+
# 288| void A::A()
1385+
# 288| Block 0
1386+
# 288| v288_1(void) = EnterFunction :
1387+
# 288| m288_2(unknown) = AliasedDefinition :
1388+
# 288| m288_3(unknown) = InitializeNonLocal :
1389+
# 288| m288_4(unknown) = Chi : total:m288_2, partial:m288_3
1390+
# 288| mu288_5(unknown) = UnmodeledDefinition :
1391+
# 288| r288_6(glval<A>) = InitializeThis :
1392+
# 288| v288_7(void) = NoOp :
1393+
# 288| v288_8(void) = ReturnVoid :
1394+
# 288| v288_9(void) = UnmodeledUse : mu*
1395+
# 288| v288_10(void) = AliasedUse : m288_3
1396+
# 288| v288_11(void) = ExitFunction :
1397+
1398+
# 291| Point* NewAliasing(int)
1399+
# 291| Block 0
1400+
# 291| v291_1(void) = EnterFunction :
1401+
# 291| m291_2(unknown) = AliasedDefinition :
1402+
# 291| m291_3(unknown) = InitializeNonLocal :
1403+
# 291| m291_4(unknown) = Chi : total:m291_2, partial:m291_3
1404+
# 291| mu291_5(unknown) = UnmodeledDefinition :
1405+
# 291| r291_6(glval<int>) = VariableAddress[x] :
1406+
# 291| m291_7(int) = InitializeParameter[x] : &:r291_6
1407+
# 292| r292_1(glval<Point *>) = VariableAddress[p] :
1408+
# 292| r292_2(glval<unknown>) = FunctionAddress[operator new] :
1409+
# 292| r292_3(unsigned long) = Constant[8] :
1410+
# 292| r292_4(void *) = Call : func:r292_2, 0:r292_3
1411+
# 292| m292_5(unknown) = ^CallSideEffect : ~m291_4
1412+
# 292| m292_6(unknown) = Chi : total:m291_4, partial:m292_5
1413+
# 292| r292_7(Point *) = Convert : r292_4
1414+
# 292| m292_8(Point *) = Store : &:r292_1, r292_7
1415+
# 293| r293_1(glval<Point *>) = VariableAddress[q] :
1416+
# 293| r293_2(glval<unknown>) = FunctionAddress[operator new] :
1417+
# 293| r293_3(unsigned long) = Constant[8] :
1418+
# 293| r293_4(void *) = Call : func:r293_2, 0:r293_3
1419+
# 293| m293_5(unknown) = ^CallSideEffect : ~m292_6
1420+
# 293| m293_6(unknown) = Chi : total:m292_6, partial:m293_5
1421+
# 293| r293_7(Point *) = Convert : r293_4
1422+
# 293| m293_8(Point *) = Store : &:r293_1, r293_7
1423+
# 294| r294_1(glval<int>) = VariableAddress[j] :
1424+
# 294| r294_2(glval<unknown>) = FunctionAddress[operator new] :
1425+
# 294| r294_3(unsigned long) = Constant[4] :
1426+
# 294| r294_4(void *) = Call : func:r294_2, 0:r294_3
1427+
# 294| m294_5(unknown) = ^CallSideEffect : ~m293_6
1428+
# 294| m294_6(unknown) = Chi : total:m293_6, partial:m294_5
1429+
# 294| r294_7(A *) = Convert : r294_4
1430+
# 294| r294_8(glval<unknown>) = FunctionAddress[A] :
1431+
# 294| r294_9(glval<unknown>) = FunctionAddress[operator new] :
1432+
# 294| r294_10(unsigned long) = Constant[4] :
1433+
# 294| r294_11(void *) = Call : func:r294_9, 0:r294_10
1434+
# 294| m294_12(unknown) = ^CallSideEffect : ~m294_6
1435+
# 294| m294_13(unknown) = Chi : total:m294_6, partial:m294_12
1436+
# 294| r294_14(A *) = Convert : r294_11
1437+
# 294| r294_15(glval<unknown>) = FunctionAddress[A] :
1438+
# 294| r294_16(glval<int>) = VariableAddress[x] :
1439+
# 294| r294_17(int) = Load : &:r294_16, m291_7
1440+
# 294| v294_18(void) = Call : func:r294_15, this:r294_14, 0:r294_17
1441+
# 294| m294_19(unknown) = ^CallSideEffect : ~m294_13
1442+
# 294| m294_20(unknown) = Chi : total:m294_13, partial:m294_19
1443+
# 294| m294_21(A) = ^IndirectMayWriteSideEffect[-1] : &:r294_14
1444+
# 294| m294_22(unknown) = Chi : total:m294_20, partial:m294_21
1445+
# 294| v294_23(void) = Call : func:r294_8, this:r294_7, 0:r294_14
1446+
# 294| m294_24(unknown) = ^CallSideEffect : ~m294_22
1447+
# 294| m294_25(unknown) = Chi : total:m294_22, partial:m294_24
1448+
# 294| m294_26(A) = ^IndirectMayWriteSideEffect[-1] : &:r294_7
1449+
# 294| m294_27(unknown) = Chi : total:m294_25, partial:m294_26
1450+
# 294| v294_28(void) = ^BufferReadSideEffect[0] : &:r294_14, ~m294_27
1451+
# 294| m294_29(unknown) = ^BufferMayWriteSideEffect[0] : &:r294_14
1452+
# 294| m294_30(unknown) = Chi : total:m294_27, partial:m294_29
1453+
# 294| r294_31(glval<int>) = FieldAddress[i] : r294_7
1454+
# 294| r294_32(int) = Load : &:r294_31, ~m294_30
1455+
# 294| m294_33(int) = Store : &:r294_1, r294_32
1456+
# 295| r295_1(glval<A *>) = VariableAddress[a] :
1457+
# 295| r295_2(glval<unknown>) = FunctionAddress[operator new] :
1458+
# 295| r295_3(unsigned long) = Constant[4] :
1459+
# 295| r295_4(void *) = Call : func:r295_2, 0:r295_3
1460+
# 295| m295_5(unknown) = ^CallSideEffect : ~m294_30
1461+
# 295| m295_6(unknown) = Chi : total:m294_30, partial:m295_5
1462+
# 295| r295_7(A *) = Convert : r295_4
1463+
# 295| r295_8(glval<unknown>) = FunctionAddress[A] :
1464+
# 295| v295_9(void) = Call : func:r295_8, this:r295_7
1465+
# 295| m295_10(unknown) = ^CallSideEffect : ~m295_6
1466+
# 295| m295_11(unknown) = Chi : total:m295_6, partial:m295_10
1467+
# 295| m295_12(A) = ^IndirectMayWriteSideEffect[-1] : &:r295_7
1468+
# 295| m295_13(unknown) = Chi : total:m295_11, partial:m295_12
1469+
# 295| m295_14(A *) = Store : &:r295_1, r295_7
1470+
# 296| r296_1(glval<Point *>) = VariableAddress[#return] :
1471+
# 296| r296_2(glval<Point *>) = VariableAddress[p] :
1472+
# 296| r296_3(Point *) = Load : &:r296_2, m292_8
1473+
# 296| m296_4(Point *) = Store : &:r296_1, r296_3
1474+
# 291| r291_8(glval<Point *>) = VariableAddress[#return] :
1475+
# 291| v291_9(void) = ReturnValue : &:r291_8, m296_4
1476+
# 291| v291_10(void) = UnmodeledUse : mu*
1477+
# 291| v291_11(void) = AliasedUse : ~m295_13
1478+
# 291| v291_12(void) = ExitFunction :

0 commit comments

Comments
 (0)