C++: Add more tests.

MathiasVP · MathiasVP · commit 01fc7432cb79 · 2024-03-06T22:17:33.000-08:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-843/TypeConfusion.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-843/TypeConfusion.expected
@@ -8,6 +8,8 @@ edges
 | test.cpp:153:9:153:15 | new | test.cpp:159:14:159:33 | a | provenance |  |
 | test.cpp:168:9:168:15 | new | test.cpp:171:14:171:33 | a | provenance |  |
 | test.cpp:187:15:187:24 | new | test.cpp:189:25:189:45 | u64 | provenance |  |
+| test.cpp:217:13:217:18 | new | test.cpp:218:30:218:65 | p | provenance |  |
+| test.cpp:226:13:226:18 | new | test.cpp:227:29:227:63 | p | provenance |  |
 nodes
 | test.cpp:27:13:27:18 | new | semmle.label | new |
 | test.cpp:28:25:28:55 | p | semmle.label | p |
@@ -27,6 +29,10 @@ nodes
 | test.cpp:171:14:171:33 | a | semmle.label | a |
 | test.cpp:187:15:187:24 | new | semmle.label | new |
 | test.cpp:189:25:189:45 | u64 | semmle.label | u64 |
+| test.cpp:217:13:217:18 | new | semmle.label | new |
+| test.cpp:218:30:218:65 | p | semmle.label | p |
+| test.cpp:226:13:226:18 | new | semmle.label | new |
+| test.cpp:227:29:227:63 | p | semmle.label | p |
 subpaths
 #select
 | test.cpp:28:25:28:55 | p | test.cpp:27:13:27:18 | new | test.cpp:28:25:28:55 | p | Conversion from $@ to $@ is invalid. | test.cpp:1:8:1:9 | S1 | S1 | test.cpp:11:8:11:21 | Not_S1_wrapper | Not_S1_wrapper |
@@ -36,3 +42,5 @@ subpaths
 | test.cpp:145:28:145:68 | s1_2 | test.cpp:143:14:143:19 | new | test.cpp:145:28:145:68 | s1_2 | Conversion from $@ to $@ is invalid. | test.cpp:1:8:1:9 | S1 | S1 | test.cpp:131:8:131:23 | HasSomeBitFields | HasSomeBitFields |
 | test.cpp:159:14:159:33 | a | test.cpp:153:9:153:15 | new | test.cpp:159:14:159:33 | a | Conversion from $@ to $@ is invalid. | test.cpp:60:8:60:10 | Dog | Dog | test.cpp:55:8:55:10 | Cat | Cat |
 | test.cpp:189:25:189:45 | u64 | test.cpp:187:15:187:24 | new | test.cpp:189:25:189:45 | u64 | Conversion from $@ to $@ is invalid. | test.cpp:175:8:175:13 | UInt64 | UInt64 | test.cpp:184:8:184:22 | UInt8_with_more | UInt8_with_more |
+| test.cpp:218:30:218:65 | p | test.cpp:217:13:217:18 | new | test.cpp:218:30:218:65 | p | Conversion from $@ to $@ is invalid. | test.cpp:1:8:1:9 | S1 | S1 | test.cpp:212:8:212:26 | UnrelatedStructSize | UnrelatedStructSize |
+| test.cpp:227:29:227:63 | p | test.cpp:226:13:226:18 | new | test.cpp:227:29:227:63 | p | Conversion from $@ to $@ is invalid. | test.cpp:1:8:1:9 | S1 | S1 | test.cpp:221:8:221:25 | TooLargeBufferSize | TooLargeBufferSize |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-843/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-843/test.cpp
@@ -209,4 +209,22 @@ void test16() {
   MyUnion* mu = (MyUnion*)si; // BAD [NOT DETECTED]
 }
 
+struct UnrelatedStructSize {
+  unsigned char buffer[1024];
+};
+
+void test17() {
+  void* p = new S1;
+  UnrelatedStructSize* uss = static_cast<UnrelatedStructSize*>(p); // BAD
+}
+
+struct TooLargeBufferSize {
+  unsigned char buffer[sizeof(S1) + 1];
+};
+
+void test18() {
+  void* p = new S1;
+  TooLargeBufferSize* uss = static_cast<TooLargeBufferSize*>(p); // BAD
+}
+
 // semmle-extractor-options: --gcc -std=c++11
