C++: Move some variant tests to a case we definitely do want to flag the base case of.

Author: geoffw0

cpp/ql/test/query-tests/Security/CWE/CWE-367/semmle/TOCTOUFilesystemRace.expected

@@ -5,9 +5,10 @@
 | test2.cpp:157:7:157:10 | call to open | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:157:12:157:15 | path | filename | test2.cpp:155:6:155:9 | call to stat | checked |
 | test2.cpp:170:7:170:10 | call to open | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:170:12:170:15 | path | filename | test2.cpp:168:6:168:10 | call to lstat | checked |
 | test2.cpp:229:3:229:7 | call to chmod | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:229:9:229:12 | path | filename | test2.cpp:222:6:222:10 | call to fopen | checked |
-| test2.cpp:269:3:269:8 | call to remove | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:269:10:269:14 | path1 | filename | test2.cpp:267:7:267:12 | call to rename | checked |
-| test2.cpp:279:3:279:8 | call to remove | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:279:10:279:14 | path1 | filename | test2.cpp:275:6:275:11 | call to rename | checked |
-| test2.cpp:311:7:311:11 | call to fopen | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:311:13:311:16 | path | filename | test2.cpp:309:6:309:11 | call to access | checked |
+| test2.cpp:239:3:239:8 | call to remove | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:239:10:239:14 | path1 | filename | test2.cpp:237:7:237:12 | call to rename | checked |
+| test2.cpp:261:7:261:11 | call to fopen | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:261:13:261:16 | path | filename | test2.cpp:259:6:259:11 | call to access | checked |
+| test2.cpp:287:7:287:11 | call to fopen | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:287:13:287:16 | path | filename | test2.cpp:285:7:285:12 | call to access | checked |
+| test2.cpp:301:7:301:11 | call to fopen | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:301:13:301:16 | path | filename | test2.cpp:297:6:297:11 | call to access | checked |
 | test.cpp:21:3:21:8 | call to remove | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test.cpp:21:10:21:14 | file1 | filename | test.cpp:19:7:19:12 | call to rename | checked |
 | test.cpp:35:3:35:8 | call to remove | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test.cpp:35:10:35:14 | file1 | filename | test.cpp:32:7:32:12 | call to rename | checked |
 | test.cpp:49:3:49:8 | call to remove | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test.cpp:49:10:49:14 | file1 | filename | test.cpp:47:7:47:12 | call to rename | checked |

cpp/ql/test/query-tests/Security/CWE/CWE-367/semmle/test2.cpp

@@ -230,96 +230,88 @@ void test3_1(const char *path)
 	}
 }
 
-void test3_2(const char *path)
-{
-	FILE *f = NULL;
+// --- rename -> remove / open ---
 
-	f = fopen(path, "w");
-	if (f)
+void test4_1(const char *path1, const char *path2)
+{
+	if (!rename(path1, path2))
 	{
-		// ...
-
-		fclose(f);
+		remove(path1); // BAD???
 	}
-
-	chmod(path, 0); // GOOD (doesn't depend on the fopen)
 }
 
-void test3_3(const char *path1, const char *path2)
+void test4_4(const char *path1, const char *path2)
 {
 	FILE *f = NULL;
 
-	f = fopen(path1, "w");
-	if (f)
+	if (rename(path1, path2))
 	{
-		// ...
-
-		fclose(f);
-
-		chmod(path2, 0); // GOOD (different file)
+		f = fopen(path2, "r"); // BAD??? [NOT DETECTED]
 	}
 }
 
-// --- rename -> remove / open ---
+// --- access -> open ---
 
-void test4_1(const char *path1, const char *path2)
+void test5_1(const char *path)
 {
-	if (!rename(path1, path2))
-	{
-		remove(path1); // BAD???
-	}
-}
+	FILE *f = NULL;
 
-void test4_2(const char *path1, const char *path2)
-{
-	if (rename(path1, path2))
+	if (access(path))
 	{
+		f = fopen(path, "r"); // BAD
+
 		// ...
-	} else {
-		remove(path1); // BAD???
 	}
 }
 
-void test4_3(const char *path1, const char *path2)
+void test5_2(const char *path)
 {
-	if (rename(path1, path2))
+	FILE *f = NULL;
+
+	if (access(path))
 	{
 		// ...
 	}
 
-	remove(path1); // GOOD (does not depend on the rename)
+	f = fopen(path, "r"); // GOOD (doesn't depend on the access check)
+
+	// ...
 }
 
-void test4_4(const char *path1, const char *path2)
+void test5_3(const char *path)
 {
 	FILE *f = NULL;
 
-	if (rename(path1, path2))
+	if (!access(path))
 	{
-		f = fopen(path2, "r"); // BAD??? [NOT DETECTED]
+		f = fopen(path, "r"); // BAD
+
+		// ...
 	}
 }
 
-// --- access -> open ---
-
-void test5_1(const char *path)
+void test5_4(const char *path)
 {
 	FILE *f = NULL;
 
 	if (access(path))
 	{
+		// ...
+	} else {
 		f = fopen(path, "r"); // BAD
+
+		// ...
 	}
 }
 
-void test5_2(const char *path)
+void test5_5(const char *path1, const char *path2)
 {
 	FILE *f = NULL;
 
-	if (access(path))
+	if (access(path1))
 	{
+		f = fopen(path2, "r"); // GOOD (different file)
+
 		// ...
 	}
-
-	f = fopen(path, "r"); // GOOD
 }