Skip to content

Commit 6d3244d

Browse files
erik-krogherik-krogh
committed
update expected outputs with an FP
1 parent 3ab73c8 commit 6d3244d

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ edges
22
| test.c:8:27:8:30 | **argv | test.c:17:11:17:18 | *fileName | provenance | |
33
| test.c:8:27:8:30 | **argv | test.c:32:11:32:18 | *fileName | provenance | |
44
| test.c:8:27:8:30 | **argv | test.c:57:10:57:16 | *access to array | provenance | |
5+
| test.c:8:27:8:30 | **argv | test.c:72:24:72:33 | *fileBuffer | provenance | |
56
| test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | *fileName | provenance | |
67
| test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | *fileName | provenance | |
78
nodes
@@ -13,10 +14,12 @@ nodes
1314
| test.c:43:17:43:24 | scanf output argument | semmle.label | scanf output argument |
1415
| test.c:44:11:44:18 | *fileName | semmle.label | *fileName |
1516
| test.c:57:10:57:16 | *access to array | semmle.label | *access to array |
17+
| test.c:72:24:72:33 | *fileBuffer | semmle.label | *fileBuffer |
1618
subpaths
1719
#select
1820
| test.c:17:11:17:18 | fileName | test.c:8:27:8:30 | **argv | test.c:17:11:17:18 | *fileName | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | **argv | user input (a command-line argument) |
1921
| test.c:32:11:32:18 | fileName | test.c:8:27:8:30 | **argv | test.c:32:11:32:18 | *fileName | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | **argv | user input (a command-line argument) |
2022
| test.c:38:11:38:18 | fileName | test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | *fileName | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:37:17:37:24 | scanf output argument | user input (value read by scanf) |
2123
| test.c:44:11:44:18 | fileName | test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | *fileName | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:43:17:43:24 | scanf output argument | user input (value read by scanf) |
2224
| test.c:57:10:57:16 | access to array | test.c:8:27:8:30 | **argv | test.c:57:10:57:16 | *access to array | This argument to a file access function is derived from $@ and then passed to read(fileName), which calls fopen(filename). | test.c:8:27:8:30 | **argv | user input (a command-line argument) |
25+
| test.c:72:24:72:33 | fileBuffer | test.c:8:27:8:30 | **argv | test.c:72:24:72:33 | *fileBuffer | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | **argv | user input (a command-line argument) |

0 commit comments

Comments
 (0)