Merge pull request #11428 from jketema/default-taint-tests

jketema · web-flow · commit 53b86fd53bae · 2022-11-25T12:13:18.000+01:00
C++: Add more tests that exercise the default taint barrier implementation
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/test.cpp
@@ -332,4 +332,13 @@ void ptr_diff_case() {
 	char* admin_begin_pos = strstr(user, "ADMIN");
 	int offset = admin_begin_pos ? user - admin_begin_pos : 0; 
 	malloc(offset); // GOOD
-}
+}
+
+void equality_barrier() {
+	int size1 = atoi(getenv("USER"));
+	int size2 = atoi(getenv("USER"));
+
+	if (size1 == size2) {
+		int* a = (int*)malloc(size1 * sizeof(int)); // GOOD
+	}
+}
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/test.c b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/test.c
@@ -95,5 +95,12 @@ int main(int argc, char** argv) {
     }
   }
 
+  // GOOD: check the user input first
+  int maxConnections3 = atoi(argv[1]);
+  int maxConnections4 = atoi(argv[1]);
+  if (maxConnections3 == maxConnections4) {
+    startServer(maxConnections3 * 1000);
+  }
+
   return 0;
 }

Original file line number	Diff line number	Diff line change
`@@ -95,5 +95,12 @@ int main(int argc, char** argv) {`
`95`	`95`	`}`
`96`	`96`	`}`
`97`	`97`
	`98`	`+ // GOOD: check the user input first`
	`99`	`+ int maxConnections3 = atoi(argv[1]);`
	`100`	`+ int maxConnections4 = atoi(argv[1]);`
	`101`	`+ if (maxConnections3 == maxConnections4) {`
	`102`	`+ startServer(maxConnections3 * 1000);`
	`103`	`+ }`
	`104`	`+`
`98`	`105`	`return 0;`
`99`	`106`	`}`