C++: Add test cases involving file descriptor versions.

geoffw0 · geoffw0 · commit d86a0ab7a5c0 · 2021-07-02T18:17:59.000+01:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-367/semmle/TOCTOUFilesystemRace.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-367/semmle/TOCTOUFilesystemRace.expected
@@ -1,11 +1,13 @@
-| test2.cpp:31:7:31:11 | call to fopen | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:31:13:31:16 | path | filename | test2.cpp:26:6:26:10 | call to fopen | checked |
-| test2.cpp:44:7:44:11 | call to fopen | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:44:13:44:16 | path | filename | test2.cpp:44:7:44:11 | call to fopen | checked |
-| test2.cpp:61:7:61:11 | call to fopen | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:61:13:61:16 | path | filename | test2.cpp:59:6:59:9 | call to stat | checked |
-| test2.cpp:90:7:90:11 | call to fopen | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:90:13:90:16 | path | filename | test2.cpp:88:15:88:17 | foo | checked |
-| test2.cpp:155:3:155:7 | call to chmod | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:155:9:155:12 | path | filename | test2.cpp:148:6:148:10 | call to fopen | checked |
-| test2.cpp:195:3:195:8 | call to remove | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:195:10:195:14 | path1 | filename | test2.cpp:193:7:193:12 | call to rename | checked |
-| test2.cpp:205:3:205:8 | call to remove | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:205:10:205:14 | path1 | filename | test2.cpp:201:6:201:11 | call to rename | checked |
-| test2.cpp:237:7:237:11 | call to fopen | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:237:13:237:16 | path | filename | test2.cpp:235:6:235:11 | call to access | checked |
+| test2.cpp:39:7:39:11 | call to fopen | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:39:13:39:16 | path | filename | test2.cpp:34:6:34:10 | call to fopen | checked |
+| test2.cpp:52:7:52:11 | call to fopen | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:52:13:52:16 | path | filename | test2.cpp:52:7:52:11 | call to fopen | checked |
+| test2.cpp:69:7:69:11 | call to fopen | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:69:13:69:16 | path | filename | test2.cpp:67:6:67:9 | call to stat | checked |
+| test2.cpp:98:7:98:11 | call to fopen | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:98:13:98:16 | path | filename | test2.cpp:96:15:96:17 | foo | checked |
+| test2.cpp:157:7:157:10 | call to open | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:157:12:157:15 | path | filename | test2.cpp:155:6:155:9 | call to stat | checked |
+| test2.cpp:170:7:170:10 | call to open | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:170:12:170:15 | path | filename | test2.cpp:168:6:168:10 | call to lstat | checked |
+| test2.cpp:229:3:229:7 | call to chmod | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:229:9:229:12 | path | filename | test2.cpp:222:6:222:10 | call to fopen | checked |
+| test2.cpp:269:3:269:8 | call to remove | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:269:10:269:14 | path1 | filename | test2.cpp:267:7:267:12 | call to rename | checked |
+| test2.cpp:279:3:279:8 | call to remove | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:279:10:279:14 | path1 | filename | test2.cpp:275:6:275:11 | call to rename | checked |
+| test2.cpp:311:7:311:11 | call to fopen | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test2.cpp:311:13:311:16 | path | filename | test2.cpp:309:6:309:11 | call to access | checked |
 | test.cpp:21:3:21:8 | call to remove | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test.cpp:21:10:21:14 | file1 | filename | test.cpp:19:7:19:12 | call to rename | checked |
 | test.cpp:35:3:35:8 | call to remove | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test.cpp:35:10:35:14 | file1 | filename | test.cpp:32:7:32:12 | call to rename | checked |
 | test.cpp:49:3:49:8 | call to remove | The $@ being operated upon was previously $@, but the underlying file may have been changed since then. | test.cpp:49:10:49:14 | file1 | filename | test.cpp:47:7:47:12 | call to rename | checked |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-367/semmle/test2.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-367/semmle/test2.cpp
@@ -10,14 +10,22 @@ typedef struct {
 FILE *fopen(const char *filename, const char *mode);
 int fclose(FILE *stream);
 
+int open(const char *filename, int arg);
+int creat(const char *filename, int arg);
+int openat(int dir, const char *filename, int arg);
+int close(int file);
+
 bool stat(const char *path, stat_data *buf);
+bool fstat(int file, stat_data *buf);
+bool lstat(const char *path, stat_data *buf);
+bool fstatat(int dir, const char *path, stat_data *buf);
 void chmod(const char *path, int setting);
 bool rename(const char *from, const char *to);
 bool remove(const char *path);
 
 bool access(const char *path);
 
-// ---
+// --- open -> open ---
 
 void test1_1(const char *path)
 {
@@ -49,7 +57,7 @@ void test1_2(const char *path)
 	// ...
 }
 
-// ---
+// --- stat -> open ---
 
 void test2_1(const char *path)
 {
@@ -139,7 +147,73 @@ void test2_6(const char *path)
 	// ...
 }
 
-// ---
+void test2_7(const char *path, int arg)
+{
+	stat_data buf;
+	int f;
+
+	if (stat(path, &buf))
+	{
+		f = open(path, arg); // BAD
+	}
+
+	// ...
+}
+
+void test2_8(const char *path, int arg)
+{
+	stat_data buf;
+	int f;
+
+	if (lstat(path, &buf))
+	{
+		f = open(path, arg); // BAD
+	}
+
+	// ...
+}
+
+void test2_9(const char *path, int arg)
+{
+	stat_data buf;
+	int f;
+
+	if (stat(path, &buf))
+	{
+		f = creat(path, arg); // BAD [NOT DETECTED]
+	}
+
+	// ...
+}
+
+void test2_10(int dir, const char *path, int arg)
+{
+	stat_data buf;
+	int f;
+
+	if (fstatat(dir, path, &buf))
+	{
+		f = openat(dir, path, arg); // BAD [NOT DETECTED]
+	}
+
+	// ...
+}
+
+void test2_11(const char *path, int arg)
+{
+	stat_data buf;
+	int f;
+
+	f = open(path, arg);
+	if (fstat(f, &buf)) // GOOD (uses file descriptor, not path)
+	{
+		// ...
+	}
+
+	// ...
+}
+
+// --- open -> chmod ---
 
 void test3_1(const char *path)
 {
@@ -186,7 +260,7 @@ void test3_3(const char *path1, const char *path2)
 	}
 }
 
-// ---
+// --- rename -> remove / open ---
 
 void test4_1(const char *path1, const char *path2)
 {
@@ -226,7 +300,7 @@ void test4_4(const char *path1, const char *path2)
 	}
 }
 
-// ---
+// --- access -> open ---
 
 void test5_1(const char *path)
 {
