C++: Add taint tests of class constructors and assignment.

Author: geoffw0

cpp/ql/test/library-tests/dataflow/taint-tests/copyableclass.cpp

@@ -0,0 +1,68 @@
+
+int source();
+void sink(...) {};
+
+class MyCopyableClass {
+public:
+	MyCopyableClass(int _v = 0) : v(_v) {} // Constructor
+	MyCopyableClass(const MyCopyableClass &other) : v(other.v) {} // CopyConstructor
+	MyCopyableClass &operator=(const MyCopyableClass &other) { // CopyAssignmentOperator
+		v = other.v;
+		return *this;
+	}
+
+	int v;
+};
+
+void test_copyableclass()
+{
+	{
+		MyCopyableClass s1(1);
+		MyCopyableClass s2 = 1;
+		MyCopyableClass s3(s1);
+		MyCopyableClass s4;
+		s4 = 1;
+
+		sink(s1);
+		sink(s2);
+		sink(s3);
+		sink(s4);
+	}
+
+	{
+		MyCopyableClass s1(source());
+		MyCopyableClass s2 = source();
+		MyCopyableClass s3(s1);
+		MyCopyableClass s4;
+		s4 = source();
+
+		sink(s1); // tainted [NOT DETECTED]
+		sink(s2); // tainted [NOT DETECTED]
+		sink(s3); // tainted [NOT DETECTED]
+		sink(s4); // tainted [NOT DETECTED]
+	}
+
+	{
+		MyCopyableClass s1;
+		MyCopyableClass s2 = s1;
+		MyCopyableClass s3(s1);
+		MyCopyableClass s4;
+		s4 = s1;
+
+		sink(s1);
+		sink(s2);
+		sink(s3);
+		sink(s4);
+	}
+
+	{
+		MyCopyableClass s1 = MyCopyableClass(source());
+		MyCopyableClass s2;
+		MyCopyableClass s3;
+		s2 = MyCopyableClass(source());
+
+		sink(s1); // tainted [NOT DETECTED]
+		sink(s2); // tainted [NOT DETECTED]
+		sink(s3 = source()); // tainted [NOT DETECTED]
+	}
+}

cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected

@@ -1,3 +1,44 @@
+| copyableclass.cpp:7:2:7:16 | this | copyableclass.cpp:7:32:7:36 | constructor init of field v [pre-this] |  |
+| copyableclass.cpp:7:22:7:23 | _v | copyableclass.cpp:7:34:7:35 | _v |  |
+| copyableclass.cpp:7:34:7:35 | _v | copyableclass.cpp:7:32:7:36 | constructor init of field v | TAINT |
+| copyableclass.cpp:8:2:8:16 | this | copyableclass.cpp:8:50:8:59 | constructor init of field v [pre-this] |  |
+| copyableclass.cpp:8:41:8:45 | other | copyableclass.cpp:8:52:8:56 | other |  |
+| copyableclass.cpp:8:58:8:58 | v | copyableclass.cpp:8:50:8:59 | constructor init of field v | TAINT |
+| copyableclass.cpp:8:58:8:58 | v | copyableclass.cpp:8:58:8:58 | v |  |
+| copyableclass.cpp:9:19:9:27 | this | copyableclass.cpp:10:3:10:3 | this |  |
+| copyableclass.cpp:9:52:9:56 | other | copyableclass.cpp:10:7:10:11 | other |  |
+| copyableclass.cpp:10:3:10:3 | this | copyableclass.cpp:11:11:11:14 | this |  |
+| copyableclass.cpp:10:3:10:3 | this [post update] | copyableclass.cpp:11:11:11:14 | this |  |
+| copyableclass.cpp:10:13:10:13 | v | copyableclass.cpp:10:3:10:13 | ... = ... |  |
+| copyableclass.cpp:11:11:11:14 | this | copyableclass.cpp:11:10:11:14 | * ... | TAINT |
+| copyableclass.cpp:20:22:20:23 | call to MyCopyableClass | copyableclass.cpp:22:22:22:23 | s1 |  |
+| copyableclass.cpp:20:22:20:23 | call to MyCopyableClass | copyableclass.cpp:26:8:26:9 | s1 |  |
+| copyableclass.cpp:21:23:21:24 | call to MyCopyableClass | copyableclass.cpp:27:8:27:9 | s2 |  |
+| copyableclass.cpp:22:22:22:24 | call to MyCopyableClass | copyableclass.cpp:28:8:28:9 | s3 |  |
+| copyableclass.cpp:23:19:23:20 | call to MyCopyableClass | copyableclass.cpp:24:3:24:4 | s4 |  |
+| copyableclass.cpp:23:19:23:20 | call to MyCopyableClass | copyableclass.cpp:29:8:29:9 | s4 |  |
+| copyableclass.cpp:24:3:24:4 | ref arg s4 | copyableclass.cpp:29:8:29:9 | s4 |  |
+| copyableclass.cpp:33:22:33:30 | call to MyCopyableClass | copyableclass.cpp:35:22:35:23 | s1 |  |
+| copyableclass.cpp:33:22:33:30 | call to MyCopyableClass | copyableclass.cpp:39:8:39:9 | s1 |  |
+| copyableclass.cpp:34:23:34:31 | call to MyCopyableClass | copyableclass.cpp:40:8:40:9 | s2 |  |
+| copyableclass.cpp:35:22:35:24 | call to MyCopyableClass | copyableclass.cpp:41:8:41:9 | s3 |  |
+| copyableclass.cpp:36:19:36:20 | call to MyCopyableClass | copyableclass.cpp:37:3:37:4 | s4 |  |
+| copyableclass.cpp:36:19:36:20 | call to MyCopyableClass | copyableclass.cpp:42:8:42:9 | s4 |  |
+| copyableclass.cpp:37:3:37:4 | ref arg s4 | copyableclass.cpp:42:8:42:9 | s4 |  |
+| copyableclass.cpp:46:19:46:20 | call to MyCopyableClass | copyableclass.cpp:47:24:47:25 | s1 |  |
+| copyableclass.cpp:46:19:46:20 | call to MyCopyableClass | copyableclass.cpp:48:22:48:23 | s1 |  |
+| copyableclass.cpp:46:19:46:20 | call to MyCopyableClass | copyableclass.cpp:50:8:50:9 | s1 |  |
+| copyableclass.cpp:46:19:46:20 | call to MyCopyableClass | copyableclass.cpp:52:8:52:9 | s1 |  |
+| copyableclass.cpp:47:23:47:25 | call to MyCopyableClass | copyableclass.cpp:53:8:53:9 | s2 |  |
+| copyableclass.cpp:48:22:48:24 | call to MyCopyableClass | copyableclass.cpp:54:8:54:9 | s3 |  |
+| copyableclass.cpp:49:19:49:20 | call to MyCopyableClass | copyableclass.cpp:50:3:50:4 | s4 |  |
+| copyableclass.cpp:49:19:49:20 | call to MyCopyableClass | copyableclass.cpp:55:8:55:9 | s4 |  |
+| copyableclass.cpp:50:3:50:4 | ref arg s4 | copyableclass.cpp:55:8:55:9 | s4 |  |
+| copyableclass.cpp:59:23:59:48 | call to MyCopyableClass | copyableclass.cpp:64:8:64:9 | s1 |  |
+| copyableclass.cpp:60:19:60:20 | call to MyCopyableClass | copyableclass.cpp:62:3:62:4 | s2 |  |
+| copyableclass.cpp:60:19:60:20 | call to MyCopyableClass | copyableclass.cpp:65:8:65:9 | s2 |  |
+| copyableclass.cpp:61:19:61:20 | call to MyCopyableClass | copyableclass.cpp:66:8:66:9 | s3 |  |
+| copyableclass.cpp:62:3:62:4 | ref arg s2 | copyableclass.cpp:65:8:65:9 | s2 |  |
 | file://:0:0:0:0 | p#0 | file://:0:0:0:0 | p#0 |  |
 | file://:0:0:0:0 | p#0 | file://:0:0:0:0 | p#0 |  |
 | file://:0:0:0:0 | p#0 | file://:0:0:0:0 | p#0 |  |
@@ -132,6 +173,43 @@
 | format.cpp:158:13:158:18 | call to wcslen | format.cpp:158:13:158:26 | ... / ... | TAINT |
 | format.cpp:158:13:158:26 | ... / ... | format.cpp:158:7:158:27 | ... + ... | TAINT |
 | format.cpp:158:26:158:26 | 2 | format.cpp:158:13:158:26 | ... / ... | TAINT |
+| movableclass.cpp:7:2:7:15 | this | movableclass.cpp:7:31:7:35 | constructor init of field v [pre-this] |  |
+| movableclass.cpp:7:21:7:22 | _v | movableclass.cpp:7:33:7:34 | _v |  |
+| movableclass.cpp:7:33:7:34 | _v | movableclass.cpp:7:31:7:35 | constructor init of field v | TAINT |
+| movableclass.cpp:8:2:8:15 | this | movableclass.cpp:9:3:9:3 | this |  |
+| movableclass.cpp:8:34:8:38 | other | movableclass.cpp:8:34:8:38 | other |  |
+| movableclass.cpp:8:34:8:38 | other | movableclass.cpp:9:7:9:11 | other |  |
+| movableclass.cpp:8:34:8:38 | other | movableclass.cpp:10:3:10:7 | other |  |
+| movableclass.cpp:9:13:9:13 | v | movableclass.cpp:9:3:9:13 | ... = ... |  |
+| movableclass.cpp:10:3:10:7 | other [post update] | movableclass.cpp:8:34:8:38 | other |  |
+| movableclass.cpp:10:13:10:13 | 0 | movableclass.cpp:10:3:10:13 | ... = ... |  |
+| movableclass.cpp:12:18:12:26 | this | movableclass.cpp:13:3:13:3 | this |  |
+| movableclass.cpp:12:45:12:49 | other | movableclass.cpp:12:45:12:49 | other |  |
+| movableclass.cpp:12:45:12:49 | other | movableclass.cpp:13:7:13:11 | other |  |
+| movableclass.cpp:12:45:12:49 | other | movableclass.cpp:14:3:14:7 | other |  |
+| movableclass.cpp:13:3:13:3 | this | movableclass.cpp:15:11:15:14 | this |  |
+| movableclass.cpp:13:3:13:3 | this [post update] | movableclass.cpp:15:11:15:14 | this |  |
+| movableclass.cpp:13:13:13:13 | v | movableclass.cpp:13:3:13:13 | ... = ... |  |
+| movableclass.cpp:14:3:14:7 | other [post update] | movableclass.cpp:12:45:12:49 | other |  |
+| movableclass.cpp:14:13:14:13 | 0 | movableclass.cpp:14:3:14:13 | ... = ... |  |
+| movableclass.cpp:15:11:15:14 | this | movableclass.cpp:15:10:15:14 | * ... | TAINT |
+| movableclass.cpp:27:21:27:22 | call to MyMovableClass | movableclass.cpp:32:8:32:9 | s1 |  |
+| movableclass.cpp:28:22:28:23 | call to MyMovableClass | movableclass.cpp:33:8:33:9 | s2 |  |
+| movableclass.cpp:29:18:29:19 | call to MyMovableClass | movableclass.cpp:30:3:30:4 | s3 |  |
+| movableclass.cpp:29:18:29:19 | call to MyMovableClass | movableclass.cpp:34:8:34:9 | s3 |  |
+| movableclass.cpp:30:3:30:4 | ref arg s3 | movableclass.cpp:34:8:34:9 | s3 |  |
+| movableclass.cpp:38:21:38:29 | call to MyMovableClass | movableclass.cpp:43:8:43:9 | s1 |  |
+| movableclass.cpp:39:22:39:30 | call to MyMovableClass | movableclass.cpp:44:8:44:9 | s2 |  |
+| movableclass.cpp:40:18:40:19 | call to MyMovableClass | movableclass.cpp:41:3:41:4 | s3 |  |
+| movableclass.cpp:40:18:40:19 | call to MyMovableClass | movableclass.cpp:45:8:45:9 | s3 |  |
+| movableclass.cpp:41:3:41:4 | ref arg s3 | movableclass.cpp:45:8:45:9 | s3 |  |
+| movableclass.cpp:49:22:49:46 | call to MyMovableClass | movableclass.cpp:53:8:53:9 | s1 |  |
+| movableclass.cpp:50:18:50:19 | call to MyMovableClass | movableclass.cpp:51:3:51:4 | s2 |  |
+| movableclass.cpp:50:18:50:19 | call to MyMovableClass | movableclass.cpp:54:8:54:9 | s2 |  |
+| movableclass.cpp:51:3:51:4 | ref arg s2 | movableclass.cpp:54:8:54:9 | s2 |  |
+| movableclass.cpp:58:21:58:35 | call to MyMovableClass | movableclass.cpp:62:8:62:9 | s1 |  |
+| movableclass.cpp:59:21:59:33 | call to MyMovableClass | movableclass.cpp:63:8:63:9 | s2 |  |
+| movableclass.cpp:60:18:60:19 | call to MyMovableClass | movableclass.cpp:64:8:64:9 | s3 |  |
 | stl.cpp:67:12:67:17 | call to source | stl.cpp:71:7:71:7 | a |  |
 | stl.cpp:68:16:68:20 | 123 | stl.cpp:68:16:68:21 | call to basic_string | TAINT |
 | stl.cpp:68:16:68:21 | call to basic_string | stl.cpp:72:7:72:7 | b |  |

cpp/ql/test/library-tests/dataflow/taint-tests/movableclass.cpp

@@ -0,0 +1,66 @@
+
+int source();
+void sink(...) {};
+
+class MyMovableClass {
+public:
+	MyMovableClass(int _v = 0) : v(_v) {} // Constructor
+	MyMovableClass(MyMovableClass &&other) noexcept { // ConversionConstructor, MoveConstructor
+		v = other.v;
+		other.v = 0;
+	}
+	MyMovableClass &operator=(MyMovableClass &&other) noexcept { // MoveAssignmentOperator
+		v = other.v;
+		other.v = 0;
+		return *this;
+	}
+
+	int v;
+};
+
+MyMovableClass &&getUnTainted() { return MyMovableClass(1); }
+MyMovableClass &&getTainted() { return MyMovableClass(source()); }
+
+void test_copyableclass()
+{
+	{
+		MyMovableClass s1(1);
+		MyMovableClass s2 = 1;
+		MyMovableClass s3;
+		s3 = 1;
+
+		sink(s1);
+		sink(s2);
+		sink(s3);
+	}
+
+	{
+		MyMovableClass s1(source());
+		MyMovableClass s2 = source();
+		MyMovableClass s3;
+		s3 = source();
+
+		sink(s1); // tainted [NOT DETECTED]
+		sink(s2); // tainted [NOT DETECTED]
+		sink(s3); // tainted [NOT DETECTED]
+	}
+
+	{
+		MyMovableClass s1 = MyMovableClass(source());
+		MyMovableClass s2;
+		s2 = MyMovableClass(source());
+
+		sink(s1); // tainted [NOT DETECTED]
+		sink(s2); // tainted [NOT DETECTED]
+	}
+
+	{
+		MyMovableClass s1(getUnTainted());
+		MyMovableClass s2(getTainted());
+		MyMovableClass s3;
+
+		sink(s1);
+		sink(s2); // tainted [NOT DETECTED]
+		sink(s3 = source()); // tainted [NOT DETECTED]
+	}
+}