Skip to content

Commit 7207a17

Browse files
MathiasVPMathiasVP
committed
C++: Accept more tests.
1 parent e2c0bf3 commit 7207a17

File tree

5 files changed

+58
-32
lines changed

5 files changed

+58
-32
lines changed

cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/CgiXss.expected

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -8,14 +8,18 @@ edges
88
| search.c:22:24:22:28 | *query | search.c:23:39:23:43 | query |
99
| search.c:22:24:22:28 | query | search.c:23:39:23:43 | query |
1010
| search.c:22:24:22:28 | query | search.c:23:39:23:43 | query |
11-
| search.c:51:21:51:26 | call to getenv | search.c:14:24:14:28 | *query |
12-
| search.c:51:21:51:26 | call to getenv | search.c:14:24:14:28 | *query |
13-
| search.c:51:21:51:26 | call to getenv | search.c:14:24:14:28 | query |
14-
| search.c:51:21:51:26 | call to getenv | search.c:14:24:14:28 | query |
15-
| search.c:51:21:51:26 | call to getenv | search.c:22:24:22:28 | *query |
16-
| search.c:51:21:51:26 | call to getenv | search.c:22:24:22:28 | *query |
17-
| search.c:51:21:51:26 | call to getenv | search.c:22:24:22:28 | query |
18-
| search.c:51:21:51:26 | call to getenv | search.c:22:24:22:28 | query |
11+
| search.c:51:21:51:26 | call to getenv | search.c:55:5:55:15 | Argument 0 |
12+
| search.c:51:21:51:26 | call to getenv | search.c:55:5:55:15 | Argument 0 |
13+
| search.c:51:21:51:26 | call to getenv | search.c:55:17:55:25 | Argument 0 indirection |
14+
| search.c:51:21:51:26 | call to getenv | search.c:55:17:55:25 | Argument 0 indirection |
15+
| search.c:51:21:51:26 | call to getenv | search.c:57:5:57:15 | Argument 0 |
16+
| search.c:51:21:51:26 | call to getenv | search.c:57:5:57:15 | Argument 0 |
17+
| search.c:51:21:51:26 | call to getenv | search.c:57:17:57:25 | Argument 0 indirection |
18+
| search.c:51:21:51:26 | call to getenv | search.c:57:17:57:25 | Argument 0 indirection |
19+
| search.c:55:5:55:15 | Argument 0 | search.c:14:24:14:28 | query |
20+
| search.c:55:17:55:25 | Argument 0 indirection | search.c:14:24:14:28 | *query |
21+
| search.c:57:5:57:15 | Argument 0 | search.c:22:24:22:28 | query |
22+
| search.c:57:17:57:25 | Argument 0 indirection | search.c:22:24:22:28 | *query |
1923
nodes
2024
| search.c:14:24:14:28 | *query | semmle.label | *query |
2125
| search.c:14:24:14:28 | query | semmle.label | query |

cpp/ql/test/query-tests/Security/CWE/CWE-114/semmle/UncontrolledProcessOperation/UncontrolledProcessOperation.expected

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -7,14 +7,18 @@ edges
77
| test.cpp:29:30:29:36 | *command | test.cpp:31:10:31:16 | command |
88
| test.cpp:29:30:29:36 | command | test.cpp:31:10:31:16 | command |
99
| test.cpp:29:30:29:36 | command | test.cpp:31:10:31:16 | command |
10-
| test.cpp:42:18:42:23 | call to getenv | test.cpp:24:30:24:36 | *command |
11-
| test.cpp:42:18:42:23 | call to getenv | test.cpp:24:30:24:36 | command |
12-
| test.cpp:42:18:42:34 | (const char *)... | test.cpp:24:30:24:36 | *command |
13-
| test.cpp:42:18:42:34 | (const char *)... | test.cpp:24:30:24:36 | command |
14-
| test.cpp:43:18:43:23 | call to getenv | test.cpp:29:30:29:36 | *command |
15-
| test.cpp:43:18:43:23 | call to getenv | test.cpp:29:30:29:36 | command |
16-
| test.cpp:43:18:43:34 | (const char *)... | test.cpp:29:30:29:36 | *command |
17-
| test.cpp:43:18:43:34 | (const char *)... | test.cpp:29:30:29:36 | command |
10+
| test.cpp:42:7:42:16 | Argument 0 | test.cpp:24:30:24:36 | command |
11+
| test.cpp:42:18:42:23 | call to getenv | test.cpp:42:7:42:16 | Argument 0 |
12+
| test.cpp:42:18:42:23 | call to getenv | test.cpp:42:18:42:34 | Argument 0 indirection |
13+
| test.cpp:42:18:42:34 | (const char *)... | test.cpp:42:7:42:16 | Argument 0 |
14+
| test.cpp:42:18:42:34 | (const char *)... | test.cpp:42:18:42:34 | Argument 0 indirection |
15+
| test.cpp:42:18:42:34 | Argument 0 indirection | test.cpp:24:30:24:36 | *command |
16+
| test.cpp:43:7:43:16 | Argument 0 | test.cpp:29:30:29:36 | command |
17+
| test.cpp:43:18:43:23 | call to getenv | test.cpp:43:7:43:16 | Argument 0 |
18+
| test.cpp:43:18:43:23 | call to getenv | test.cpp:43:18:43:34 | Argument 0 indirection |
19+
| test.cpp:43:18:43:34 | (const char *)... | test.cpp:43:7:43:16 | Argument 0 |
20+
| test.cpp:43:18:43:34 | (const char *)... | test.cpp:43:18:43:34 | Argument 0 indirection |
21+
| test.cpp:43:18:43:34 | Argument 0 indirection | test.cpp:29:30:29:36 | *command |
1822
| test.cpp:56:12:56:17 | buffer | test.cpp:62:10:62:15 | (const char *)... |
1923
| test.cpp:56:12:56:17 | buffer | test.cpp:62:10:62:15 | buffer |
2024
| test.cpp:56:12:56:17 | buffer | test.cpp:63:10:63:13 | (const char *)... |

cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.expected

Lines changed: 20 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -53,22 +53,26 @@ edges
5353
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | (const char *)... |
5454
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | i3 |
5555
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | i3 |
56+
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:2:117:13 | Argument 0 |
57+
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:2:117:13 | Argument 0 |
58+
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | Argument 0 indirection |
59+
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | Argument 0 indirection |
5660
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | array to pointer conversion |
5761
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | array to pointer conversion |
5862
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | i3 |
5963
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | i3 |
60-
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | printWrapper output argument |
61-
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | printWrapper output argument |
6264
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:121:9:121:10 | (const char *)... |
6365
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:121:9:121:10 | (const char *)... |
6466
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:121:9:121:10 | i4 |
6567
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:121:9:121:10 | i4 |
68+
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:2:122:13 | Argument 0 |
69+
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:2:122:13 | Argument 0 |
70+
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | Argument 0 indirection |
71+
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | Argument 0 indirection |
6672
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | i4 |
6773
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | i4 |
6874
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | i4 |
6975
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | i4 |
70-
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | printWrapper output argument |
71-
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | printWrapper output argument |
7276
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:12 | (const char *)... |
7377
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:12 | (const char *)... |
7478
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:12 | ... ++ |
@@ -77,15 +81,20 @@ edges
7781
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... |
7882
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... |
7983
| argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... |
84+
| argvLocal.c:117:2:117:13 | Argument 0 | argvLocal.c:117:15:117:16 | printWrapper output argument |
85+
| argvLocal.c:117:15:117:16 | Argument 0 indirection | argvLocal.c:117:15:117:16 | printWrapper output argument |
8086
| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:121:9:121:10 | (const char *)... |
8187
| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:121:9:121:10 | i4 |
88+
| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:122:2:122:13 | Argument 0 |
89+
| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:122:15:122:16 | Argument 0 indirection |
8290
| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:122:15:122:16 | i4 |
8391
| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:122:15:122:16 | i4 |
84-
| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:122:15:122:16 | printWrapper output argument |
8592
| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | (const char *)... |
8693
| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | ... ++ |
8794
| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:136:15:136:18 | -- ... |
8895
| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:136:15:136:18 | -- ... |
96+
| argvLocal.c:122:2:122:13 | Argument 0 | argvLocal.c:122:15:122:16 | printWrapper output argument |
97+
| argvLocal.c:122:15:122:16 | Argument 0 indirection | argvLocal.c:122:15:122:16 | printWrapper output argument |
8998
| argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | (const char *)... |
9099
| argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | ... ++ |
91100
| argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:136:15:136:18 | -- ... |
@@ -94,12 +103,14 @@ edges
94103
| argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | (const char *)... |
95104
| argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | i5 |
96105
| argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | i5 |
106+
| argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:2:128:13 | Argument 0 |
107+
| argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:2:128:13 | Argument 0 |
108+
| argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:15:128:16 | Argument 0 indirection |
109+
| argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:15:128:16 | Argument 0 indirection |
97110
| argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:15:128:16 | array to pointer conversion |
98111
| argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:15:128:16 | array to pointer conversion |
99112
| argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:15:128:16 | i5 |
100113
| argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:15:128:16 | i5 |
101-
| argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:15:128:16 | printWrapper output argument |
102-
| argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:15:128:16 | printWrapper output argument |
103114
| argvLocal.c:126:10:126:13 | argv | argvLocal.c:131:9:131:14 | (const char *)... |
104115
| argvLocal.c:126:10:126:13 | argv | argvLocal.c:131:9:131:14 | (const char *)... |
105116
| argvLocal.c:126:10:126:13 | argv | argvLocal.c:131:9:131:14 | ... + ... |
@@ -108,6 +119,8 @@ edges
108119
| argvLocal.c:126:10:126:13 | argv | argvLocal.c:132:15:132:20 | ... + ... |
109120
| argvLocal.c:126:10:126:13 | argv | argvLocal.c:132:15:132:20 | ... + ... |
110121
| argvLocal.c:126:10:126:13 | argv | argvLocal.c:132:15:132:20 | ... + ... |
122+
| argvLocal.c:128:2:128:13 | Argument 0 | argvLocal.c:128:15:128:16 | printWrapper output argument |
123+
| argvLocal.c:128:15:128:16 | Argument 0 indirection | argvLocal.c:128:15:128:16 | printWrapper output argument |
111124
| argvLocal.c:128:15:128:16 | printWrapper output argument | argvLocal.c:131:9:131:14 | (const char *)... |
112125
| argvLocal.c:128:15:128:16 | printWrapper output argument | argvLocal.c:131:9:131:14 | ... + ... |
113126
| argvLocal.c:128:15:128:16 | printWrapper output argument | argvLocal.c:132:15:132:20 | ... + ... |

cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/globalVars/UncontrolledFormatStringThroughGlobalVar.expected

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -21,16 +21,19 @@ edges
2121
| globalVars.c:12:2:12:15 | Store | globalVars.c:8:7:8:10 | copy |
2222
| globalVars.c:15:21:15:23 | val | globalVars.c:16:2:16:12 | Store |
2323
| globalVars.c:16:2:16:12 | Store | globalVars.c:9:7:9:11 | copy2 |
24-
| globalVars.c:24:11:24:14 | argv | globalVars.c:11:22:11:25 | *argv |
25-
| globalVars.c:24:11:24:14 | argv | globalVars.c:11:22:11:25 | *argv |
26-
| globalVars.c:24:11:24:14 | argv | globalVars.c:11:22:11:25 | argv |
27-
| globalVars.c:24:11:24:14 | argv | globalVars.c:11:22:11:25 | argv |
24+
| globalVars.c:24:2:24:9 | Argument 0 | globalVars.c:11:22:11:25 | argv |
25+
| globalVars.c:24:11:24:14 | Argument 0 indirection | globalVars.c:11:22:11:25 | *argv |
26+
| globalVars.c:24:11:24:14 | argv | globalVars.c:24:2:24:9 | Argument 0 |
27+
| globalVars.c:24:11:24:14 | argv | globalVars.c:24:2:24:9 | Argument 0 |
28+
| globalVars.c:24:11:24:14 | argv | globalVars.c:24:11:24:14 | Argument 0 indirection |
29+
| globalVars.c:24:11:24:14 | argv | globalVars.c:24:11:24:14 | Argument 0 indirection |
2830
| globalVars.c:27:9:27:12 | copy | globalVars.c:27:9:27:12 | (const char *)... |
2931
| globalVars.c:27:9:27:12 | copy | globalVars.c:27:9:27:12 | copy |
3032
| globalVars.c:30:15:30:18 | copy | globalVars.c:30:15:30:18 | copy |
3133
| globalVars.c:30:15:30:18 | copy | globalVars.c:30:15:30:18 | copy |
3234
| globalVars.c:30:15:30:18 | copy | globalVars.c:30:15:30:18 | copy |
33-
| globalVars.c:35:11:35:14 | copy | globalVars.c:15:21:15:23 | val |
35+
| globalVars.c:35:2:35:9 | Argument 0 | globalVars.c:15:21:15:23 | val |
36+
| globalVars.c:35:11:35:14 | copy | globalVars.c:35:2:35:9 | Argument 0 |
3437
| globalVars.c:38:9:38:13 | copy2 | globalVars.c:38:9:38:13 | (const char *)... |
3538
| globalVars.c:38:9:38:13 | copy2 | globalVars.c:38:9:38:13 | copy2 |
3639
| globalVars.c:41:15:41:19 | copy2 | globalVars.c:41:15:41:19 | copy2 |

cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -47,16 +47,18 @@ edges
4747
| test.cpp:214:23:214:23 | s | test.cpp:215:21:215:21 | s |
4848
| test.cpp:220:21:220:21 | s | test.cpp:221:21:221:21 | s |
4949
| test.cpp:220:21:220:21 | s | test.cpp:221:21:221:21 | s |
50-
| test.cpp:227:24:227:29 | call to getenv | test.cpp:214:23:214:23 | s |
51-
| test.cpp:227:24:227:29 | call to getenv | test.cpp:220:21:220:21 | s |
5250
| test.cpp:227:24:227:29 | call to getenv | test.cpp:229:9:229:18 | (size_t)... |
5351
| test.cpp:227:24:227:29 | call to getenv | test.cpp:229:9:229:18 | local_size |
5452
| test.cpp:227:24:227:29 | call to getenv | test.cpp:229:9:229:18 | local_size |
55-
| test.cpp:227:24:227:37 | (const char *)... | test.cpp:214:23:214:23 | s |
56-
| test.cpp:227:24:227:37 | (const char *)... | test.cpp:220:21:220:21 | s |
53+
| test.cpp:227:24:227:29 | call to getenv | test.cpp:235:2:235:9 | Argument 0 |
54+
| test.cpp:227:24:227:29 | call to getenv | test.cpp:237:2:237:8 | Argument 0 |
5755
| test.cpp:227:24:227:37 | (const char *)... | test.cpp:229:9:229:18 | (size_t)... |
5856
| test.cpp:227:24:227:37 | (const char *)... | test.cpp:229:9:229:18 | local_size |
5957
| test.cpp:227:24:227:37 | (const char *)... | test.cpp:229:9:229:18 | local_size |
58+
| test.cpp:227:24:227:37 | (const char *)... | test.cpp:235:2:235:9 | Argument 0 |
59+
| test.cpp:227:24:227:37 | (const char *)... | test.cpp:237:2:237:8 | Argument 0 |
60+
| test.cpp:235:2:235:9 | Argument 0 | test.cpp:214:23:214:23 | s |
61+
| test.cpp:237:2:237:8 | Argument 0 | test.cpp:220:21:220:21 | s |
6062
| test.cpp:241:2:241:32 | Chi [array content] | test.cpp:279:17:279:20 | get_size output argument [array content] |
6163
| test.cpp:241:2:241:32 | Chi [array content] | test.cpp:295:18:295:21 | get_size output argument [array content] |
6264
| test.cpp:241:18:241:23 | call to getenv | test.cpp:241:2:241:32 | Chi [array content] |

0 commit comments

Comments
 (0)