C++: Add a model for 'std::format' and a failing test.

MathiasVP · MathiasVP · commit ff788c93c0df · 2024-07-30T10:13:39.000+01:00
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/format.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/format.cpp
@@ -1,4 +1,4 @@
-
+#include "stl.h"
 typedef unsigned long size_t;
 typedef struct {} FILE;
 
@@ -157,3 +157,8 @@ void test2()
 	sink(s[strlen(s) - 1]); // $ ast,ir
 	sink(ws + (wcslen(ws) / 2)); // $ ast,ir
 }
+
+void test_format() {
+  auto s = std::format("{}", string::source());
+  sink(s); // $ MISSING: ast,ir
+}
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
@@ -447,6 +447,8 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future
 | format.cpp:158:13:158:18 | call to wcslen | format.cpp:158:13:158:26 | ... / ... | TAINT |
 | format.cpp:158:13:158:26 | ... / ... | format.cpp:158:7:158:27 | ... + ... | TAINT |
 | format.cpp:158:26:158:26 | 2 | format.cpp:158:13:158:26 | ... / ... | TAINT |
+| format.cpp:162:12:162:22 | call to format | format.cpp:163:8:163:8 | s |  |
+| format.cpp:162:24:162:27 | {} | format.cpp:162:24:162:27 | call to basic_format_string | TAINT |
 | map.cpp:21:28:21:28 | call to pair | map.cpp:23:2:23:2 | a |  |
 | map.cpp:21:28:21:28 | call to pair | map.cpp:24:7:24:7 | a |  |
 | map.cpp:21:28:21:28 | call to pair | map.cpp:25:7:25:7 | a |  |
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/stl.h b/cpp/ql/test/library-tests/dataflow/taint-tests/stl.h
@@ -642,3 +642,38 @@ namespace std {
 		pair<const_iterator, const_iterator> equal_range(const key_type& k) const;
 	};
 }
+
+// --- string view ---
+
+namespace std {
+	template<class CharT, class Traits = char_traits<CharT>>
+	class basic_string_view {
+	public:
+		using size_type = size_t;
+
+		basic_string_view() noexcept;
+		basic_string_view(const basic_string_view&) noexcept;
+		basic_string_view(const CharT*, size_type);
+		basic_string_view(const CharT*);
+		template<class It, class End> basic_string_view(It, End);
+		template<class R> explicit basic_string_view(R&&);
+		basic_string_view& operator=(const basic_string_view&) noexcept;
+	};
+
+	using string_view = basic_string_view<char>;
+}
+
+// --- format ---
+namespace std {
+	template<class CharT /* class... Args */>
+	struct basic_format_string {
+	public:
+		template<class T> basic_format_string(const T&);
+
+		basic_string_view<CharT> get() const noexcept;
+	};
+
+	using format_string = basic_format_string<char>; // simplified from `char, std::type_identity_t<Args>...`
+
+	template<class... Args> string format( format_string fmt, Args&&... args );
+}
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected
@@ -650,3 +650,4 @@ getParameterTypeName
 | stl.h:636:37:636:41 | merge | 0 | unordered_set & |
 | stl.h:639:12:639:15 | find | 0 | const key_type & |
 | stl.h:641:28:641:38 | equal_range | 0 | const key_type & |
+| stl.h:671:21:671:39 | basic_format_string | 0 | const func:0 & |
