C++: Add tests expanding on the issue with (global) variables.

Author: geoffw0

cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/UseOfHttp.expected

@@ -1,15 +1,25 @@
 edges
-| test.cpp:11:20:11:22 | url | test.cpp:15:30:15:32 | url |
-| test.cpp:28:10:28:29 | http://example.com | test.cpp:11:20:11:22 | url |
-| test.cpp:38:18:38:26 | http:// | test.cpp:41:11:41:16 | buffer |
-| test.cpp:41:11:41:16 | buffer | test.cpp:11:20:11:22 | url |
+| test.cpp:11:26:11:28 | url | test.cpp:15:30:15:32 | url |
+| test.cpp:28:10:28:29 | http://example.com | test.cpp:11:26:11:28 | url |
+| test.cpp:35:23:35:42 | http://example.com | test.cpp:39:11:39:15 | url_l |
+| test.cpp:36:26:36:45 | http://example.com | test.cpp:40:11:40:17 | access to array |
+| test.cpp:39:11:39:15 | url_l | test.cpp:11:26:11:28 | url |
+| test.cpp:40:11:40:17 | access to array | test.cpp:11:26:11:28 | url |
+| test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | buffer |
+| test.cpp:49:11:49:16 | buffer | test.cpp:11:26:11:28 | url |
 nodes
-| test.cpp:11:20:11:22 | url | semmle.label | url |
+| test.cpp:11:26:11:28 | url | semmle.label | url |
 | test.cpp:15:30:15:32 | url | semmle.label | url |
 | test.cpp:28:10:28:29 | http://example.com | semmle.label | http://example.com |
-| test.cpp:38:18:38:26 | http:// | semmle.label | http:// |
-| test.cpp:41:11:41:16 | buffer | semmle.label | buffer |
+| test.cpp:35:23:35:42 | http://example.com | semmle.label | http://example.com |
+| test.cpp:36:26:36:45 | http://example.com | semmle.label | http://example.com |
+| test.cpp:39:11:39:15 | url_l | semmle.label | url_l |
+| test.cpp:40:11:40:17 | access to array | semmle.label | access to array |
+| test.cpp:46:18:46:26 | http:// | semmle.label | http:// |
+| test.cpp:49:11:49:16 | buffer | semmle.label | buffer |
 subpaths
 #select
 | test.cpp:28:10:28:29 | http://example.com | test.cpp:28:10:28:29 | http://example.com | test.cpp:15:30:15:32 | url | A URL may be constructed with the HTTP protocol. |
-| test.cpp:38:18:38:26 | http:// | test.cpp:38:18:38:26 | http:// | test.cpp:15:30:15:32 | url | A URL may be constructed with the HTTP protocol. |
+| test.cpp:35:23:35:42 | http://example.com | test.cpp:35:23:35:42 | http://example.com | test.cpp:15:30:15:32 | url | A URL may be constructed with the HTTP protocol. |
+| test.cpp:36:26:36:45 | http://example.com | test.cpp:36:26:36:45 | http://example.com | test.cpp:15:30:15:32 | url | A URL may be constructed with the HTTP protocol. |
+| test.cpp:46:18:46:26 | http:// | test.cpp:46:18:46:26 | http:// | test.cpp:15:30:15:32 | url | A URL may be constructed with the HTTP protocol. |

cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/test.cpp

@@ -4,11 +4,11 @@ struct host
 	// ...
 };
 
-host gethostbyname(char *str);
+host gethostbyname(const char *str);
 char *strcpy(char *s1, const char *s2);
 char *strcat(char *s1, const char *s2);
 
-void openUrl(char *url)
+void openUrl(const char *url)
 {
 	// ...
 
@@ -21,7 +21,7 @@ void doNothing(char *url)
 {
 }
 
-char *urls[] = { "http://example.com" };
+const char *url_g = "http://example.com"; // BAD [NOT DETECTED]
 
 void test()
 {
@@ -30,7 +30,15 @@ void test()
 	openUrl("http://localhost/example"); // GOOD (localhost)
 	openUrl("https://localhost/example"); // GOOD (https, localhost)
 	doNothing("http://example.com"); // GOOD (URL not used)
-	openUrl(urls[0]); // BAD [NOT DETECTED]
+
+	{
+		const char *url_l = "http://example.com"; // BAD
+		const char *urls[] = { "http://example.com" }; // BAD
+
+		openUrl(url_g);
+		openUrl(url_l);
+		openUrl(urls[0]);
+	}
 
 	{
 		char buffer[1024];