Merge pull request github#16442 from MathiasVP/add-uninitialized-local-fp

MathiasVP · web-flow · commit 85e71c30dc97 · 2024-05-07T13:35:02.000+01:00
C++: Add `cpp/uninitialized-local` FP
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/LoopConditionsConst.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/LoopConditionsConst.expected
@@ -22,3 +22,4 @@
 | test.cpp:416:2:418:2 | for(...;...;...) ... | test.cpp:416:18:416:23 | ... < ... | 1 | i | { ... } | i | return ... |
 | test.cpp:424:2:425:2 | for(...;...;...) ... | test.cpp:424:18:424:23 | ... < ... | 1 | i | { ... } | i | return ... |
 | test.cpp:433:2:434:2 | for(...;...;...) ... | test.cpp:433:18:433:22 | 0 | 0 |  | { ... } | 0 | return ... |
+| test.cpp:559:3:564:3 | while (...) ... | test.cpp:559:9:559:15 | call to getBool |  | call to getBool | { ... } | call to getBool | ExprStmt |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected
@@ -13,6 +13,7 @@ nodes
 | test.cpp:458:6:458:6 | definition of x | semmle.label | definition of x |
 | test.cpp:464:6:464:6 | definition of x | semmle.label | definition of x |
 | test.cpp:471:6:471:6 | definition of x | semmle.label | definition of x |
+| test.cpp:557:15:557:15 | definition of r | semmle.label | definition of r |
 #select
 | test.cpp:12:6:12:8 | foo | test.cpp:11:6:11:8 | definition of foo | test.cpp:11:6:11:8 | definition of foo | The variable $@ may not be initialized at this access. | test.cpp:11:6:11:8 | foo | foo |
 | test.cpp:113:6:113:8 | foo | test.cpp:111:6:111:8 | definition of foo | test.cpp:111:6:111:8 | definition of foo | The variable $@ may not be initialized at this access. | test.cpp:111:6:111:8 | foo | foo |
@@ -27,3 +28,4 @@ nodes
 | test.cpp:460:7:460:7 | x | test.cpp:458:6:458:6 | definition of x | test.cpp:458:6:458:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:458:6:458:6 | x | x |
 | test.cpp:467:2:467:2 | x | test.cpp:464:6:464:6 | definition of x | test.cpp:464:6:464:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:464:6:464:6 | x | x |
 | test.cpp:474:7:474:7 | x | test.cpp:471:6:471:6 | definition of x | test.cpp:471:6:471:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:471:6:471:6 | x | x |
+| test.cpp:567:7:567:7 | r | test.cpp:557:15:557:15 | definition of r | test.cpp:557:15:557:15 | definition of r | The variable $@ may not be initialized at this access. | test.cpp:557:15:557:15 | r | r |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/test.cpp
@@ -1,6 +1,6 @@
 // Semmle test cases for rule CWE-457.
 
-void use(int data);
+void use(...);
 
 void test1() {
 	int foo = 1;
@@ -544,4 +544,25 @@ class StaticMethodClass{
 int static_method_false_positive(){
     StaticMethodClass *t;
 	int i = t->get(); // GOOD: the `get` method is static and this is equivalent to StaticMethodClass::get()
+}
+
+struct LinkedList
+{
+  LinkedList* next;
+};
+
+bool getBool();
+
+void test45() {
+  LinkedList *r, *s, **rP = &r;
+
+  while(getBool())
+  {
+    s = new LinkedList;
+    *rP = s;
+    rP = &s->next;
+  }
+
+  *rP = NULL;
+  use(r); // GOOD [FALSE POSITIVE]
 }
