C++: Add CSimpleStringT model and accept tests.

MathiasVP · MathiasVP · commit ba0ba15e8819 · 2024-12-10T18:13:42.000Z
diff --git a/cpp/ql/lib/ext/CSimpleStringT.model.yml b/cpp/ql/lib/ext/CSimpleStringT.model.yml
@@ -0,0 +1,41 @@
+extensions:
+  - addsTo:
+      pack: codeql/cpp-all
+      extensible: summaryModel
+    data: # TODO this model can be improved a lot once we have MapKey content # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
+      - ["", "CSimpleStringT", True, "CSimpleStringT", "(const XCHAR *,int,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
+      - ["", "CSimpleStringT", True, "CSimpleStringT", "(PCXSTR,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
+      - ["", "CSimpleStringT", True, "CSimpleStringT", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
+      - ["", "CSimpleStringT", True, "Append", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "AppendChar", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "CopyChars", "(XCHAR *,const XCHAR *,int)", "", "Argument[*1]", "Argument[*0]", "value", "manual"]
+      - ["", "CSimpleStringT", True, "CopyChars", "(XCHAR *,size_t,const XCHAR *,int)", "", "Argument[*2]", "Argument[*0]", "value", "manual"]
+      - ["", "CSimpleStringT", True, "CopyCharsOverlapped", "(XCHAR *,const XCHAR *,int)", "", "Argument[*1]", "Argument[*0]", "value", "manual"]
+      - ["", "CSimpleStringT", True, "GetString", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
+      - ["", "CSimpleStringT", True, "LockString", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
+      - ["", "CSimpleStringT", True, "SetAt", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "SetString", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
+      - ["", "CSimpleStringT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
+      - ["", "CSimpleStringT", True, "operator[]", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "operator+=", "(PCXSTR)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "operator+=", "(const CStaticString &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "operator+=", "(char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "operator+=", "(char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "operator+=", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "operator+=", "(unsigned char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "operator+=", "(unsigned char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "operator+=", "(unsigned char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "operator+=", "(wchar_t)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "operator+=", "(wchar_t)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "operator+=", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
+      - ["", "CSimpleStringT", True, "GetAt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["", "CSimpleStringT", True, "GetBuffer", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
+      - ["", "CSimpleStringT", True, "GetBufferSetLength", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
diff --git a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected
@@ -10,14 +10,14 @@ edges
 | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 |
 | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance |  |
 | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 |
-| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:801 |
-| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:799  |
-| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:800 |
+| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:837 |
+| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:835  |
+| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:836 |
 | test.cpp:7:10:7:18 | call to ymlSource | test.cpp:13:18:13:18 | x | provenance |  |
 | test.cpp:13:10:13:16 | call to ymlStep | test.cpp:13:10:13:16 | call to ymlStep | provenance |  |
-| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:800 |
+| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:836 |
 | test.cpp:13:18:13:18 | x | test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | provenance |  |
-| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:801 |
+| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:837 |
 nodes
 | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer |
 | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer |
diff --git a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected
@@ -18,11 +18,17 @@
 | Dubious signature "(InputIterator,InputIterator,const Allocator &)" in summary model. |
 | Dubious signature "(LPCTSTR,DWORD *,void *,ULONG *)" in summary model. |
 | Dubious signature "(LPTSTR,LPCTSTR,DWORD *)" in summary model. |
+| Dubious signature "(PCXSTR,IAtlStringMgr *)" in summary model. |
+| Dubious signature "(XCHAR *,const XCHAR *,int)" in summary model. |
+| Dubious signature "(XCHAR *,size_t,const XCHAR *,int)" in summary model. |
 | Dubious signature "(const CComBSTR &)" in summary model. |
 | Dubious signature "(const CComSafeArray &)" in summary model. |
+| Dubious signature "(const CSimpleStringT &)" in summary model. |
+| Dubious signature "(const CStaticString &)" in summary model. |
 | Dubious signature "(const SAFEARRAY &)" in summary model. |
 | Dubious signature "(const SAFEARRAY *)" in summary model. |
 | Dubious signature "(const T &,BOOL)" in summary model. |
+| Dubious signature "(const XCHAR *,int,IAtlStringMgr *)" in summary model. |
 | Dubious signature "(const deque &)" in summary model. |
 | Dubious signature "(const deque &,const Allocator &)" in summary model. |
 | Dubious signature "(const forward_list &)" in summary model. |
@@ -43,5 +49,6 @@
 | Dubious signature "(list &&,const Allocator &)" in summary model. |
 | Dubious signature "(size_type,const T &)" in summary model. |
 | Dubious signature "(size_type,const T &,const Allocator &)" in summary model. |
+| Dubious signature "(unsigned char)" in summary model. |
 | Dubious signature "(vector &&)" in summary model. |
 | Dubious signature "(vector &&,const Allocator &)" in summary model. |
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp
@@ -954,58 +954,58 @@ void test_CSimpleStringT() {
   char* x = indirect_source<char>();
 
   CSimpleStringT<char> s1(x, 10, nullptr);
-  sink(s1.GetString()); // $ MISSING: ir
+  sink(s1.GetString()); // $ ir
 
   CSimpleStringT<char> s2(x, nullptr);
-  sink(s2.GetString()); // $ MISSING: ir
+  sink(s2.GetString()); // $ ir
 
   CSimpleStringT<char> s3(s2);
-  sink(s3.GetString()); // $ MISSING: ir
+  sink(s3.GetString()); // $ ir
 
   CSimpleStringT<char> s4;
   s4.Append(indirect_source<char>());
-  sink(s4.GetString()); // $ MISSING: ir
+  sink(s4.GetString()); // $ ir
 
   CSimpleStringT<char> s5;
   s5.Append(s4);
-  sink(s5.GetString()); // $ MISSING: ir
+  sink(s5.GetString()); // $ ir
 
   CSimpleStringT<char> s6;
   s6.Append(indirect_source<char>(), 42);
-  sink(s6.GetString()); // $ MISSING: ir
+  sink(s6.GetString()); // $ ir
 
   char buffer1[128];
   CSimpleStringT<char>::CopyChars(buffer1, x, 10);
-  sink(buffer1); // $ ast MISSING: ir
+  sink(buffer1); // $ ast ir
 
   char buffer2[128];
   CSimpleStringT<char>::CopyChars(buffer2, 128, x, 10);
-  sink(buffer2); // $ ast MISSING: ir
+  sink(buffer2); // $ ast ir
 
   char buffer3[128];
   CSimpleStringT<char>::CopyCharsOverlapped(buffer3, x, 10);
-  sink(buffer3); // $ ast MISSING: ir
+  sink(buffer3); // $ ast ir
 
-  sink(s4.GetAt(0)); // $ MISSING: ir
-  sink(s4.GetBuffer(10)); // $ MISSING: ir
-  sink(s4.GetBuffer()); // $ MISSING: ir
-  sink(s4.GetBufferSetLength(10)); // $ MISSING: ir
+  sink(s4.GetAt(0)); // $ ir
+  sink(s4.GetBuffer(10)); // $ ir
+  sink(s4.GetBuffer()); // $ ir
+  sink(s4.GetBufferSetLength(10)); // $ ir
 
   sink(s4.LockBuffer());
 
   CSimpleStringT<char> s7;
   s7.SetAt(0, source<char>());
-  sink(s7.GetAt(0)); // $ MISSING: ir
+  sink(s7.GetAt(0)); // $ ir
 
   CSimpleStringT<char> s8;
   s8.SetString(indirect_source<char>());
-  sink(s8.GetAt(0)); // $ MISSING: ir
+  sink(s8.GetAt(0)); // $ ir
 
   CSimpleStringT<char> s9;
   s9.SetString(indirect_source<char>(), 1024);
-  sink(s9.GetAt(0)); // $ MISSING: ir
+  sink(s9.GetAt(0)); // $ ir
 
-  sink(static_cast<CSimpleStringT<char>::PCXSTR>(s1)); // $ MISSING: ir
+  sink(static_cast<CSimpleStringT<char>::PCXSTR>(s1)); // $ ir
   
-  sink(s1[0]); // $ MISSING: ir
+  sink(s1[0]); // $ ir
 }
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected
