Create test.cpp

nmouha · web-flow · commit 91a9a7eb32d3 · 2023-03-12T01:13:32.000-05:00
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp
@@ -0,0 +1,59 @@
+
+int getAnInt();
+double getADouble();
+unsigned short getAnUnsignedShort();
+
+void test()
+{
+	int a = getAnInt();
+	int b = getAnInt();
+	int c = getAnInt();
+ 	int x = getAnInt();
+	int y = getAnInt();
+	int d = getADouble();
+	int a1 = getAnUnsignedShort();
+	int b1 = getAnUnsignedShort();
+	int c1 = getAnUnsignedShort();
+
+	if (a+b>c) a = c-b; // BAD
+	if (a+b>c) { a = c-b; } // BAD
+	if (b+a>c) a = c-b; // BAD
+	if (b+a>c) { a = c-b; } // BAD
+	if (c>a+b) a = c-b; // BAD
+	if (c>a+b) { a = c-b; } // BAD
+	if (c>b+a) a = c-b; // BAD
+	if (c>b+a) { a = c-b; } // BAD
+
+	if (a+b>=c) a = c-b; // BAD
+	if (a+b>=c) { a = c-b; } // BAD
+	if (b+a>=c) a = c-b; // BAD
+	if (b+a>=c) { a = c-b; } // BAD
+	if (c>=a+b) a = c-b; // BAD
+	if (c>=a+b) { a = c-b; } // BAD
+	if (c>=b+a) a = c-b; // BAD
+	if (c>=b+a) { a = c-b; } // BAD
+
+	if (a+b<c) a = c-b; // BAD
+	if (a+b<c) { a = c-b; } // BAD
+	if (b+a<c) a = c-b; // BAD
+	if (b+a<c) { a = c-b; } // BAD
+	if (c<a+b) a = c-b; // BAD
+	if (c<a+b) { a = c-b; } // BAD
+	if (c<b+a) a = c-b; // BAD
+	if (c<b+a) { a = c-b; } // BAD
+
+	if (a+b<=c) a = c-b; // BAD
+	if (a+b<=c) { a = c-b; } // BAD
+	if (b+a<=c) a = c-b; // BAD
+	if (b+a<=c) { a = c-b; } // BAD
+	if (c<=a+b) a = c-b; // BAD
+	if (c<=a+b) { a = c-b; } // BAD
+	if (c<=b+a) a = c-b; // BAD
+	if (c<=b+a) { a = c-b; } // BAD
+
+	if (a+b>d) a = d-b; // GOOD
+	if (a+(-x)>c) a = c-(-y); // GOOD
+	if (a+b>c) { b++; a = c-b; } // GOOD
+	if (a+d>c) a = c-d; // GOOD
+	if (a1+b1>c1) a1 = c1-b1; // GOOD
+}
