C++: Add testcase with missing model.

MathiasVP · MathiasVP · commit 8c07a3e55298 · 2025-08-27T15:12:52.000+02:00
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp
@@ -1347,6 +1347,12 @@ void test_CopyTo()
   Microsoft::WRL::ComPtr<int> p2;
   p1.CopyTo(nullptr, (void**)&raw);
   sink(*raw); // $ ir MISSING: ast
+
+  Microsoft::WRL::ComPtr<int> p3(new int(x));
+
+  int* raw2 = nullptr;
+  p3.CopyTo<int>(&raw2);
+  sink(*raw2); // $ MISSING: ast,ir
 }
 
 void test_Swap()
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
@@ -1328,70 +1328,81 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future
 | atl.cpp:1336:9:1336:10 | ref arg p2 | atl.cpp:1337:1:1337:1 | p2 |  |
 | atl.cpp:1336:12:1336:14 | call to Get | atl.cpp:1336:8:1336:16 | * ... | TAINT |
 | atl.cpp:1341:11:1341:21 | call to source | atl.cpp:1342:42:1342:42 | x |  |
+| atl.cpp:1341:11:1341:21 | call to source | atl.cpp:1351:42:1351:42 | x |  |
 | atl.cpp:1342:34:1342:43 | new | atl.cpp:1342:34:1342:44 | call to ComPtr | TAINT |
 | atl.cpp:1342:34:1342:44 | call to ComPtr | atl.cpp:1344:3:1344:4 | p1 |  |
 | atl.cpp:1342:34:1342:44 | call to ComPtr | atl.cpp:1348:3:1348:4 | p1 |  |
-| atl.cpp:1342:34:1342:44 | call to ComPtr | atl.cpp:1350:1:1350:1 | p1 |  |
+| atl.cpp:1342:34:1342:44 | call to ComPtr | atl.cpp:1356:1:1356:1 | p1 |  |
 | atl.cpp:1342:42:1342:42 | x | atl.cpp:1342:34:1342:43 | new |  |
 | atl.cpp:1343:14:1343:20 | 0 | atl.cpp:1344:14:1344:16 | raw |  |
 | atl.cpp:1343:14:1343:20 | 0 | atl.cpp:1345:9:1345:11 | raw |  |
 | atl.cpp:1343:14:1343:20 | 0 | atl.cpp:1348:31:1348:33 | raw |  |
 | atl.cpp:1343:14:1343:20 | 0 | atl.cpp:1349:9:1349:11 | raw |  |
 | atl.cpp:1344:3:1344:4 | ref arg p1 | atl.cpp:1348:3:1348:4 | p1 |  |
-| atl.cpp:1344:3:1344:4 | ref arg p1 | atl.cpp:1350:1:1350:1 | p1 |  |
+| atl.cpp:1344:3:1344:4 | ref arg p1 | atl.cpp:1356:1:1356:1 | p1 |  |
 | atl.cpp:1344:13:1344:16 | ref arg & ... | atl.cpp:1344:14:1344:16 | raw [inner post update] |  |
 | atl.cpp:1344:13:1344:16 | ref arg & ... | atl.cpp:1345:9:1345:11 | raw |  |
 | atl.cpp:1344:13:1344:16 | ref arg & ... | atl.cpp:1348:31:1348:33 | raw |  |
 | atl.cpp:1344:13:1344:16 | ref arg & ... | atl.cpp:1349:9:1349:11 | raw |  |
 | atl.cpp:1344:14:1344:16 | raw | atl.cpp:1344:13:1344:16 | & ... |  |
 | atl.cpp:1345:9:1345:11 | raw | atl.cpp:1345:8:1345:11 | * ... | TAINT |
-| atl.cpp:1347:31:1347:32 | call to ComPtr | atl.cpp:1350:1:1350:1 | p2 |  |
+| atl.cpp:1347:31:1347:32 | call to ComPtr | atl.cpp:1356:1:1356:1 | p2 |  |
 | atl.cpp:1348:30:1348:33 | ref arg & ... | atl.cpp:1348:31:1348:33 | raw [inner post update] |  |
 | atl.cpp:1348:30:1348:33 | ref arg & ... | atl.cpp:1349:9:1349:11 | raw |  |
 | atl.cpp:1348:31:1348:33 | raw | atl.cpp:1348:30:1348:33 | & ... |  |
 | atl.cpp:1349:9:1349:11 | raw | atl.cpp:1349:8:1349:11 | * ... | TAINT |
-| atl.cpp:1354:11:1354:21 | call to source | atl.cpp:1355:42:1355:42 | x |  |
-| atl.cpp:1355:34:1355:43 | new | atl.cpp:1355:34:1355:44 | call to ComPtr | TAINT |
-| atl.cpp:1355:34:1355:44 | call to ComPtr | atl.cpp:1357:3:1357:4 | p1 |  |
-| atl.cpp:1355:34:1355:44 | call to ComPtr | atl.cpp:1359:9:1359:10 | p1 |  |
-| atl.cpp:1355:34:1355:44 | call to ComPtr | atl.cpp:1360:1:1360:1 | p1 |  |
-| atl.cpp:1355:42:1355:42 | x | atl.cpp:1355:34:1355:43 | new |  |
-| atl.cpp:1356:31:1356:32 | call to ComPtr | atl.cpp:1357:11:1357:12 | p2 |  |
-| atl.cpp:1356:31:1356:32 | call to ComPtr | atl.cpp:1358:9:1358:10 | p2 |  |
-| atl.cpp:1356:31:1356:32 | call to ComPtr | atl.cpp:1360:1:1360:1 | p2 |  |
-| atl.cpp:1357:3:1357:4 | ref arg p1 | atl.cpp:1359:9:1359:10 | p1 |  |
-| atl.cpp:1357:3:1357:4 | ref arg p1 | atl.cpp:1360:1:1360:1 | p1 |  |
-| atl.cpp:1357:11:1357:12 | ref arg p2 | atl.cpp:1358:9:1358:10 | p2 |  |
-| atl.cpp:1357:11:1357:12 | ref arg p2 | atl.cpp:1360:1:1360:1 | p2 |  |
-| atl.cpp:1358:9:1358:10 | ref arg p2 | atl.cpp:1360:1:1360:1 | p2 |  |
-| atl.cpp:1358:12:1358:14 | call to Get | atl.cpp:1358:8:1358:16 | * ... | TAINT |
-| atl.cpp:1359:9:1359:10 | ref arg p1 | atl.cpp:1360:1:1360:1 | p1 |  |
-| atl.cpp:1359:12:1359:14 | call to Get | atl.cpp:1359:8:1359:16 | * ... | TAINT |
-| atl.cpp:1364:11:1364:21 | call to source | atl.cpp:1365:42:1365:42 | x |  |
-| atl.cpp:1364:11:1364:21 | call to source | atl.cpp:1368:48:1368:48 | x |  |
-| atl.cpp:1364:11:1364:21 | call to source | atl.cpp:1371:42:1371:42 | x |  |
-| atl.cpp:1365:34:1365:43 | new | atl.cpp:1365:34:1365:44 | call to ComPtr | TAINT |
-| atl.cpp:1365:34:1365:44 | call to ComPtr | atl.cpp:1366:10:1366:11 | p1 |  |
-| atl.cpp:1365:34:1365:44 | call to ComPtr | atl.cpp:1374:1:1374:1 | p1 |  |
-| atl.cpp:1365:42:1365:42 | x | atl.cpp:1365:34:1365:43 | new |  |
-| atl.cpp:1366:9:1366:26 | * ... | atl.cpp:1366:8:1366:26 | * ... | TAINT |
-| atl.cpp:1366:10:1366:11 | ref arg p1 | atl.cpp:1374:1:1374:1 | p1 |  |
-| atl.cpp:1366:13:1366:24 | call to GetAddressOf | atl.cpp:1366:9:1366:26 | * ... | TAINT |
-| atl.cpp:1368:40:1368:49 | new | atl.cpp:1368:40:1368:50 | call to ComPtr | TAINT |
-| atl.cpp:1368:40:1368:50 | call to ComPtr | atl.cpp:1369:10:1369:11 | p2 |  |
-| atl.cpp:1368:40:1368:50 | call to ComPtr | atl.cpp:1374:1:1374:1 | p2 |  |
-| atl.cpp:1368:48:1368:48 | x | atl.cpp:1368:40:1368:49 | new |  |
-| atl.cpp:1369:9:1369:26 | * ... | atl.cpp:1369:8:1369:26 | * ... | TAINT |
-| atl.cpp:1369:10:1369:11 | ref arg p2 | atl.cpp:1374:1:1374:1 | p2 |  |
-| atl.cpp:1369:13:1369:24 | call to GetAddressOf | atl.cpp:1369:9:1369:26 | * ... | TAINT |
+| atl.cpp:1351:34:1351:43 | new | atl.cpp:1351:34:1351:44 | call to ComPtr | TAINT |
+| atl.cpp:1351:34:1351:44 | call to ComPtr | atl.cpp:1354:3:1354:4 | p3 |  |
+| atl.cpp:1351:34:1351:44 | call to ComPtr | atl.cpp:1356:1:1356:1 | p3 |  |
+| atl.cpp:1351:42:1351:42 | x | atl.cpp:1351:34:1351:43 | new |  |
+| atl.cpp:1353:15:1353:21 | 0 | atl.cpp:1354:19:1354:22 | raw2 |  |
+| atl.cpp:1353:15:1353:21 | 0 | atl.cpp:1355:9:1355:12 | raw2 |  |
+| atl.cpp:1354:18:1354:22 | ref arg & ... | atl.cpp:1354:19:1354:22 | raw2 [inner post update] |  |
+| atl.cpp:1354:18:1354:22 | ref arg & ... | atl.cpp:1355:9:1355:12 | raw2 |  |
+| atl.cpp:1354:19:1354:22 | raw2 | atl.cpp:1354:18:1354:22 | & ... |  |
+| atl.cpp:1355:9:1355:12 | raw2 | atl.cpp:1355:8:1355:12 | * ... | TAINT |
+| atl.cpp:1360:11:1360:21 | call to source | atl.cpp:1361:42:1361:42 | x |  |
+| atl.cpp:1361:34:1361:43 | new | atl.cpp:1361:34:1361:44 | call to ComPtr | TAINT |
+| atl.cpp:1361:34:1361:44 | call to ComPtr | atl.cpp:1363:3:1363:4 | p1 |  |
+| atl.cpp:1361:34:1361:44 | call to ComPtr | atl.cpp:1365:9:1365:10 | p1 |  |
+| atl.cpp:1361:34:1361:44 | call to ComPtr | atl.cpp:1366:1:1366:1 | p1 |  |
+| atl.cpp:1361:42:1361:42 | x | atl.cpp:1361:34:1361:43 | new |  |
+| atl.cpp:1362:31:1362:32 | call to ComPtr | atl.cpp:1363:11:1363:12 | p2 |  |
+| atl.cpp:1362:31:1362:32 | call to ComPtr | atl.cpp:1364:9:1364:10 | p2 |  |
+| atl.cpp:1362:31:1362:32 | call to ComPtr | atl.cpp:1366:1:1366:1 | p2 |  |
+| atl.cpp:1363:3:1363:4 | ref arg p1 | atl.cpp:1365:9:1365:10 | p1 |  |
+| atl.cpp:1363:3:1363:4 | ref arg p1 | atl.cpp:1366:1:1366:1 | p1 |  |
+| atl.cpp:1363:11:1363:12 | ref arg p2 | atl.cpp:1364:9:1364:10 | p2 |  |
+| atl.cpp:1363:11:1363:12 | ref arg p2 | atl.cpp:1366:1:1366:1 | p2 |  |
+| atl.cpp:1364:9:1364:10 | ref arg p2 | atl.cpp:1366:1:1366:1 | p2 |  |
+| atl.cpp:1364:12:1364:14 | call to Get | atl.cpp:1364:8:1364:16 | * ... | TAINT |
+| atl.cpp:1365:9:1365:10 | ref arg p1 | atl.cpp:1366:1:1366:1 | p1 |  |
+| atl.cpp:1365:12:1365:14 | call to Get | atl.cpp:1365:8:1365:16 | * ... | TAINT |
+| atl.cpp:1370:11:1370:21 | call to source | atl.cpp:1371:42:1371:42 | x |  |
+| atl.cpp:1370:11:1370:21 | call to source | atl.cpp:1374:48:1374:48 | x |  |
+| atl.cpp:1370:11:1370:21 | call to source | atl.cpp:1377:42:1377:42 | x |  |
 | atl.cpp:1371:34:1371:43 | new | atl.cpp:1371:34:1371:44 | call to ComPtr | TAINT |
-| atl.cpp:1371:34:1371:44 | call to ComPtr | atl.cpp:1372:14:1372:15 | p3 |  |
-| atl.cpp:1371:34:1371:44 | call to ComPtr | atl.cpp:1374:1:1374:1 | p3 |  |
+| atl.cpp:1371:34:1371:44 | call to ComPtr | atl.cpp:1372:10:1372:11 | p1 |  |
+| atl.cpp:1371:34:1371:44 | call to ComPtr | atl.cpp:1380:1:1380:1 | p1 |  |
 | atl.cpp:1371:42:1371:42 | x | atl.cpp:1371:34:1371:43 | new |  |
-| atl.cpp:1372:14:1372:15 | ref arg p3 | atl.cpp:1374:1:1374:1 | p3 |  |
-| atl.cpp:1372:17:1372:38 | call to ReleaseAndGetAddressOf | atl.cpp:1373:10:1373:11 | pp |  |
-| atl.cpp:1373:9:1373:11 | * ... | atl.cpp:1373:8:1373:11 | * ... | TAINT |
-| atl.cpp:1373:10:1373:11 | pp | atl.cpp:1373:9:1373:11 | * ... | TAINT |
+| atl.cpp:1372:9:1372:26 | * ... | atl.cpp:1372:8:1372:26 | * ... | TAINT |
+| atl.cpp:1372:10:1372:11 | ref arg p1 | atl.cpp:1380:1:1380:1 | p1 |  |
+| atl.cpp:1372:13:1372:24 | call to GetAddressOf | atl.cpp:1372:9:1372:26 | * ... | TAINT |
+| atl.cpp:1374:40:1374:49 | new | atl.cpp:1374:40:1374:50 | call to ComPtr | TAINT |
+| atl.cpp:1374:40:1374:50 | call to ComPtr | atl.cpp:1375:10:1375:11 | p2 |  |
+| atl.cpp:1374:40:1374:50 | call to ComPtr | atl.cpp:1380:1:1380:1 | p2 |  |
+| atl.cpp:1374:48:1374:48 | x | atl.cpp:1374:40:1374:49 | new |  |
+| atl.cpp:1375:9:1375:26 | * ... | atl.cpp:1375:8:1375:26 | * ... | TAINT |
+| atl.cpp:1375:10:1375:11 | ref arg p2 | atl.cpp:1380:1:1380:1 | p2 |  |
+| atl.cpp:1375:13:1375:24 | call to GetAddressOf | atl.cpp:1375:9:1375:26 | * ... | TAINT |
+| atl.cpp:1377:34:1377:43 | new | atl.cpp:1377:34:1377:44 | call to ComPtr | TAINT |
+| atl.cpp:1377:34:1377:44 | call to ComPtr | atl.cpp:1378:14:1378:15 | p3 |  |
+| atl.cpp:1377:34:1377:44 | call to ComPtr | atl.cpp:1380:1:1380:1 | p3 |  |
+| atl.cpp:1377:42:1377:42 | x | atl.cpp:1377:34:1377:43 | new |  |
+| atl.cpp:1378:14:1378:15 | ref arg p3 | atl.cpp:1380:1:1380:1 | p3 |  |
+| atl.cpp:1378:17:1378:38 | call to ReleaseAndGetAddressOf | atl.cpp:1379:10:1379:11 | pp |  |
+| atl.cpp:1379:9:1379:11 | * ... | atl.cpp:1379:8:1379:11 | * ... | TAINT |
+| atl.cpp:1379:10:1379:11 | pp | atl.cpp:1379:9:1379:11 | * ... | TAINT |
 | bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s |  |
 | bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr |  |
 | bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr |  |
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected
@@ -46427,6 +46427,7 @@ getParameterTypeName
 | atl.cpp:1285:13:1285:18 | CopyTo | 0 | GUID * |
 | atl.cpp:1285:13:1285:18 | CopyTo | 0 | REFIID |
 | atl.cpp:1285:13:1285:18 | CopyTo | 1 | void ** |
+| atl.cpp:1288:13:1288:18 | CopyTo | 0 | func:0 ** |
 | atl.cpp:1303:10:1303:13 | Swap | 0 | ComPtr & |
 | atl.cpp:1310:25:1310:28 | move | 0 | func:0 & |
 | bsd.cpp:6:8:6:8 | operator= | 0 | const sockaddr & |
