Skip to content

Commit 83cc098

Browse files
rdmarsh2rdmarsh2
committed
C++: accept test output
1 parent 3cd08bc commit 83cc098

File tree

1 file changed

+21
-7
lines changed

1 file changed

+21
-7
lines changed

cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected

Lines changed: 21 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,8 @@ edges
1212
| test.cpp:22:13:22:20 | sprintf output argument | test.cpp:23:12:23:19 | command1 indirection |
1313
| test.cpp:22:45:22:52 | userName indirection | test.cpp:22:13:22:20 | sprintf output argument |
1414
| test.cpp:22:45:22:52 | userName indirection | test.cpp:22:13:22:20 | sprintf output argument |
15+
| test.cpp:22:45:22:52 | userName indirection | test.cpp:22:13:22:20 | sprintf output argument |
16+
| test.cpp:22:45:22:52 | userName indirection | test.cpp:22:13:22:20 | sprintf output argument |
1517
| test.cpp:31:13:31:20 | sprintf output argument | test.cpp:32:12:32:19 | command2 indirection |
1618
| test.cpp:38:17:38:22 | call to getenv | test.cpp:38:17:38:22 | Store |
1719
| test.cpp:38:17:38:22 | call to getenv | test.cpp:41:20:41:24 | (const char *)... |
@@ -26,6 +28,8 @@ edges
2628
| test.cpp:50:11:50:17 | sprintf output argument | test.cpp:51:10:51:16 | command indirection |
2729
| test.cpp:50:35:50:43 | envCflags indirection | test.cpp:50:11:50:17 | sprintf output argument |
2830
| test.cpp:50:35:50:43 | envCflags indirection | test.cpp:50:11:50:17 | sprintf output argument |
31+
| test.cpp:50:35:50:43 | envCflags indirection | test.cpp:50:11:50:17 | sprintf output argument |
32+
| test.cpp:50:35:50:43 | envCflags indirection | test.cpp:50:11:50:17 | sprintf output argument |
2933
| test.cpp:62:9:62:16 | (void *)... | test.cpp:62:9:62:16 | filename indirection |
3034
| test.cpp:62:9:62:16 | fread output argument | test.cpp:64:20:64:27 | (const char *)... |
3135
| test.cpp:62:9:62:16 | fread output argument | test.cpp:64:20:64:27 | filename indirection |
@@ -35,6 +39,8 @@ edges
3539
| test.cpp:64:11:64:17 | strncat output argument | test.cpp:65:10:65:16 | command indirection |
3640
| test.cpp:64:20:64:27 | filename indirection | test.cpp:64:11:64:17 | strncat output argument |
3741
| test.cpp:64:20:64:27 | filename indirection | test.cpp:64:11:64:17 | strncat output argument |
42+
| test.cpp:64:20:64:27 | filename indirection | test.cpp:64:11:64:17 | strncat output argument |
43+
| test.cpp:64:20:64:27 | filename indirection | test.cpp:64:11:64:17 | strncat output argument |
3844
| test.cpp:71:9:71:15 | (void *)... | test.cpp:71:9:71:15 | command indirection |
3945
| test.cpp:71:9:71:15 | fread output argument | test.cpp:73:11:73:17 | array to pointer conversion |
4046
| test.cpp:71:9:71:15 | fread output argument | test.cpp:73:11:73:17 | command indirection |
@@ -50,6 +56,8 @@ edges
5056
| test.cpp:84:11:84:17 | strncat output argument | test.cpp:85:32:85:38 | command indirection |
5157
| test.cpp:84:20:84:27 | filename indirection | test.cpp:84:11:84:17 | strncat output argument |
5258
| test.cpp:84:20:84:27 | filename indirection | test.cpp:84:11:84:17 | strncat output argument |
59+
| test.cpp:84:20:84:27 | filename indirection | test.cpp:84:11:84:17 | strncat output argument |
60+
| test.cpp:84:20:84:27 | filename indirection | test.cpp:84:11:84:17 | strncat output argument |
5361
| test.cpp:91:9:91:16 | (void *)... | test.cpp:91:9:91:16 | filename indirection |
5462
| test.cpp:91:9:91:16 | fread output argument | test.cpp:93:17:93:24 | (const char *)... |
5563
| test.cpp:91:9:91:16 | fread output argument | test.cpp:93:17:93:24 | filename indirection |
@@ -59,6 +67,8 @@ edges
5967
| test.cpp:93:11:93:14 | strncat output argument | test.cpp:94:45:94:48 | path indirection |
6068
| test.cpp:93:17:93:24 | filename indirection | test.cpp:93:11:93:14 | strncat output argument |
6169
| test.cpp:93:17:93:24 | filename indirection | test.cpp:93:11:93:14 | strncat output argument |
70+
| test.cpp:93:17:93:24 | filename indirection | test.cpp:93:11:93:14 | strncat output argument |
71+
| test.cpp:93:17:93:24 | filename indirection | test.cpp:93:11:93:14 | strncat output argument |
6272
| test.cpp:99:21:99:32 | (const char *)... | test.cpp:99:21:99:32 | call to getenv indirection |
6373
| test.cpp:99:21:99:32 | (const char *)... | test.cpp:99:21:99:33 | call to basic_string |
6474
| test.cpp:99:21:99:32 | (const char *)... | test.cpp:100:25:100:29 | (reference to) |
@@ -116,6 +126,8 @@ edges
116126
| test.cpp:142:11:142:17 | sprintf output argument | test.cpp:143:10:143:16 | command indirection |
117127
| test.cpp:142:31:142:33 | str indirection | test.cpp:142:11:142:17 | sprintf output argument |
118128
| test.cpp:142:31:142:33 | str indirection | test.cpp:142:11:142:17 | sprintf output argument |
129+
| test.cpp:142:31:142:33 | str indirection | test.cpp:142:11:142:17 | sprintf output argument |
130+
| test.cpp:142:31:142:33 | str indirection | test.cpp:142:11:142:17 | sprintf output argument |
119131
| test.cpp:150:9:150:11 | (void *)... | test.cpp:150:9:150:11 | str indirection |
120132
| test.cpp:150:9:150:11 | fread output argument | test.cpp:152:31:152:33 | array to pointer conversion |
121133
| test.cpp:150:9:150:11 | fread output argument | test.cpp:152:31:152:33 | str indirection |
@@ -139,13 +151,8 @@ edges
139151
| test.cpp:162:11:162:14 | call to atoi | test.cpp:168:10:168:16 | (const char *)... |
140152
| test.cpp:162:11:162:14 | call to atoi | test.cpp:168:10:168:16 | command indirection |
141153
| test.cpp:166:13:166:19 | sprintf output argument | test.cpp:168:10:168:16 | command indirection |
142-
#select
143-
| test.cpp:23:12:23:19 | command1 | test.cpp:16:20:16:23 | argv | test.cpp:23:12:23:19 | command1 indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string) | test.cpp:16:20:16:23 | argv | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument |
144-
| test.cpp:51:10:51:16 | command | test.cpp:47:21:47:26 | call to getenv | test.cpp:51:10:51:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string) | test.cpp:47:21:47:26 | call to getenv | user input (an environment variable) | test.cpp:50:11:50:17 | sprintf output argument | sprintf output argument |
145-
| test.cpp:65:10:65:16 | command | test.cpp:62:9:62:16 | fread output argument | test.cpp:65:10:65:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string) | test.cpp:62:9:62:16 | fread output argument | user input (String read by fread) | test.cpp:64:11:64:17 | strncat output argument | strncat output argument |
146-
| test.cpp:85:32:85:38 | command | test.cpp:82:9:82:16 | fread output argument | test.cpp:85:32:85:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl | test.cpp:82:9:82:16 | fread output argument | user input (String read by fread) | test.cpp:84:11:84:17 | strncat output argument | strncat output argument |
147-
| test.cpp:94:45:94:48 | path | test.cpp:91:9:91:16 | fread output argument | test.cpp:94:45:94:48 | path indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl | test.cpp:91:9:91:16 | fread output argument | user input (String read by fread) | test.cpp:93:11:93:14 | strncat output argument | strncat output argument |
148-
| test.cpp:143:10:143:16 | command | test.cpp:140:9:140:11 | fread output argument | test.cpp:143:10:143:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string) | test.cpp:140:9:140:11 | fread output argument | user input (String read by fread) | test.cpp:142:11:142:17 | sprintf output argument | sprintf output argument |
154+
| test.cpp:166:44:166:48 | temp2 indirection | test.cpp:166:13:166:19 | sprintf output argument |
155+
| test.cpp:166:44:166:48 | temp2 indirection | test.cpp:166:13:166:19 | sprintf output argument |
149156
nodes
150157
| test.cpp:16:20:16:23 | argv | semmle.label | argv |
151158
| test.cpp:16:20:16:23 | argv | semmle.label | argv |
@@ -337,3 +344,10 @@ nodes
337344
| test.cpp:168:10:168:16 | (const char *)... | semmle.label | (const char *)... |
338345
| test.cpp:168:10:168:16 | command indirection | semmle.label | command indirection |
339346
| test.cpp:168:10:168:16 | command indirection | semmle.label | command indirection |
347+
#select
348+
| test.cpp:23:12:23:19 | command1 | test.cpp:16:20:16:23 | argv | test.cpp:23:12:23:19 | command1 indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string) | test.cpp:16:20:16:23 | argv | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument |
349+
| test.cpp:51:10:51:16 | command | test.cpp:47:21:47:26 | call to getenv | test.cpp:51:10:51:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string) | test.cpp:47:21:47:26 | call to getenv | user input (an environment variable) | test.cpp:50:11:50:17 | sprintf output argument | sprintf output argument |
350+
| test.cpp:65:10:65:16 | command | test.cpp:62:9:62:16 | fread output argument | test.cpp:65:10:65:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string) | test.cpp:62:9:62:16 | fread output argument | user input (String read by fread) | test.cpp:64:11:64:17 | strncat output argument | strncat output argument |
351+
| test.cpp:85:32:85:38 | command | test.cpp:82:9:82:16 | fread output argument | test.cpp:85:32:85:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl | test.cpp:82:9:82:16 | fread output argument | user input (String read by fread) | test.cpp:84:11:84:17 | strncat output argument | strncat output argument |
352+
| test.cpp:94:45:94:48 | path | test.cpp:91:9:91:16 | fread output argument | test.cpp:94:45:94:48 | path indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl | test.cpp:91:9:91:16 | fread output argument | user input (String read by fread) | test.cpp:93:11:93:14 | strncat output argument | strncat output argument |
353+
| test.cpp:143:10:143:16 | command | test.cpp:140:9:140:11 | fread output argument | test.cpp:143:10:143:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string) | test.cpp:140:9:140:11 | fread output argument | user input (String read by fread) | test.cpp:142:11:142:17 | sprintf output argument | sprintf output argument |

0 commit comments

Comments
 (0)