C++: Test for cpp/uninitialized-local

calumgrant · calumgrant · commit 60abea17e62b · 2024-10-01T10:32:17.000+01:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected
@@ -1,5 +1,7 @@
 edges
 nodes
+| errors.cpp:4:7:4:7 | definition of x | semmle.label | definition of x |
+| errors.cpp:13:7:13:7 | definition of x | semmle.label | definition of x |
 | test.cpp:11:6:11:8 | definition of foo | semmle.label | definition of foo |
 | test.cpp:111:6:111:8 | definition of foo | semmle.label | definition of foo |
 | test.cpp:226:7:226:7 | definition of x | semmle.label | definition of x |
@@ -14,6 +16,8 @@ nodes
 | test.cpp:472:6:472:6 | definition of x | semmle.label | definition of x |
 | test.cpp:479:6:479:6 | definition of x | semmle.label | definition of x |
 #select
+| errors.cpp:6:10:6:10 | x | errors.cpp:4:7:4:7 | definition of x | errors.cpp:4:7:4:7 | definition of x | The variable $@ may not be initialized at this access. | errors.cpp:4:7:4:7 | x | x |
+| errors.cpp:14:18:14:18 | x | errors.cpp:13:7:13:7 | definition of x | errors.cpp:13:7:13:7 | definition of x | The variable $@ may not be initialized at this access. | errors.cpp:13:7:13:7 | x | x |
 | test.cpp:12:6:12:8 | foo | test.cpp:11:6:11:8 | definition of foo | test.cpp:11:6:11:8 | definition of foo | The variable $@ may not be initialized at this access. | test.cpp:11:6:11:8 | foo | foo |
 | test.cpp:113:6:113:8 | foo | test.cpp:111:6:111:8 | definition of foo | test.cpp:111:6:111:8 | definition of foo | The variable $@ may not be initialized at this access. | test.cpp:111:6:111:8 | foo | foo |
 | test.cpp:227:3:227:3 | x | test.cpp:226:7:226:7 | definition of x | test.cpp:226:7:226:7 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:226:7:226:7 | x | x |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/errors.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/errors.cpp
@@ -0,0 +1,15 @@
+// semmle-extractor-options: --expect_errors
+
+int f1() {
+  int x;
+  initialize(&x); // error expression - initialize() is not defined
+  return x;       // GOOD - assume x is initialized
+}
+
+void * operator new(unsigned long, bool);
+void operator delete(void*, bool);
+
+int f2() {
+  int x;
+  new(true) int (x);  // BAD, ignore implicit error expression
+}
