Create test1.cpp

ihsinme · web-flow · commit 6d800de37729 · 2022-07-04T11:11:49.000+03:00
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-125/semmle/tests/test1.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-125/semmle/tests/test1.cpp
@@ -0,0 +1,95 @@
+#define CP_ACP 1
+#define CP_UTF8 1
+#define WC_COMPOSITECHECK 1
+#define NULL 0
+typedef unsigned int UINT;
+typedef unsigned long DWORD, *PDWORD, *LPDWORD;
+typedef char CHAR;
+#define CONST const
+typedef wchar_t WCHAR;
+
+typedef CHAR *LPSTR;
+typedef CONST CHAR *LPCSTR;
+typedef CONST WCHAR *LPCWSTR;
+
+typedef int BOOL;
+typedef BOOL *LPBOOL;
+
+
+int WideCharToMultiByte(UINT CodePage,DWORD dwFlags,LPCWSTR lpWideCharStr,int cchWideChar,LPSTR lpMultiByteStr,int cbMultiByte,LPCWSTR lpDefaultChar,LPBOOL lpUsedDefaultChar);
+int MultiByteToWideChar(UINT CodePage,DWORD dwFlags,LPCSTR lpMultiByteStr,int cbMultiByte,LPCWSTR lpWideCharStr,int cchWideChar);
+
+int printf ( const char * format, ... );
+typedef unsigned int size_t;
+void* calloc (size_t num, size_t size);
+void* malloc (size_t size);
+
+void badTest1(void *src,  int size) {
+    WideCharToMultiByte(CP_ACP, 0, (LPCWSTR)src, -1, (LPSTR)src, size, 0, 0); // BAD
+    MultiByteToWideChar(CP_ACP, 0, (LPCSTR)src, -1, (LPCWSTR)src, 30); // BAD
+}
+void goodTest2(){
+  wchar_t src[] = L"0123456789ABCDEF";
+  char dst[16];
+  int res = WideCharToMultiByte(CP_UTF8, 0, src, -1, dst, 16, NULL, NULL); // GOOD
+  if (res == sizeof(dst)) {
+      dst[res-1] = NULL;
+  } else {
+      dst[res] = NULL;
+  }
+  printf("%s\n", dst);
+}
+void badTest2(){
+  wchar_t src[] = L"0123456789ABCDEF";
+  char dst[16];
+  WideCharToMultiByte(CP_UTF8, 0, src, -1, dst, 16, NULL, NULL); // BAD
+  printf("%s\n", dst);
+}
+void goodTest3(){
+  char src[] = "0123456789ABCDEF";
+  int size = MultiByteToWideChar(CP_UTF8, 0, src,sizeof(src),NULL,0);
+  wchar_t * dst = (wchar_t*)calloc(size + 1, sizeof(wchar_t));
+  MultiByteToWideChar(CP_UTF8, 0, src, -1, dst, size+1); // GOOD
+}
+void badTest3(){
+  char src[] = "0123456789ABCDEF";
+  int size = MultiByteToWideChar(CP_UTF8, 0, src,sizeof(src),NULL,0);
+  wchar_t * dst = (wchar_t*)calloc(size + 1, 1);
+  MultiByteToWideChar(CP_UTF8, 0, src, -1, dst, size+1); // BAD
+}
+void goodTest4(){
+  char src[] = "0123456789ABCDEF";
+  int size = MultiByteToWideChar(CP_UTF8, 0, src,sizeof(src),NULL,0);
+  wchar_t * dst = (wchar_t*)malloc((size + 1)*sizeof(wchar_t));
+  MultiByteToWideChar(CP_UTF8, 0, src, -1, dst, size+1); // GOOD
+}
+void badTest4(){
+  char src[] = "0123456789ABCDEF";
+  int size = MultiByteToWideChar(CP_UTF8, 0, src,sizeof(src),NULL,0);
+  wchar_t * dst = (wchar_t*)malloc(size + 1);
+  MultiByteToWideChar(CP_UTF8, 0, src, -1, dst, size+1); // BAD
+}
+int goodTest5(void *src){
+  return WideCharToMultiByte(CP_ACP, 0, (LPCWSTR)src, -1, 0, 0, 0, 0); // GOOD
+}
+int badTest5 (void *src) {
+  return WideCharToMultiByte(CP_ACP, 0, (LPCWSTR)src, -1, 0, 3, 0, 0);  // BAD
+}
+void goodTest6(WCHAR *src)
+{
+  int size;
+  char dst[5] ="";
+  size = WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK, src, -1, dst, 0, 0, 0);
+  if(size>=sizeof(dst)){
+      printf("buffer size error\n");
+      return;
+  }
+  WideCharToMultiByte(CP_ACP, 0, src, -1, dst, sizeof(dst), 0, 0); // GOOD
+  printf("%s\n", dst);
+}
+void badTest6(WCHAR *src)
+{
+    char dst[5] ="";
+    WideCharToMultiByte(CP_ACP, 0, src, -1, dst, 260, 0, 0); // BAD
+    printf("%s\n", dst);
+}
