C++: Fix missing result by properly specifying that the function with unknown code actually didn't throw an exception.

MathiasVP · MathiasVP · commit fc7d9c2c09f9 · 2021-05-07T12:34:38.000+02:00
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-570/semmle/tests/IncorrectAllocationErrorHandling.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-570/semmle/tests/IncorrectAllocationErrorHandling.expected
@@ -14,4 +14,5 @@
 | test.cpp:93:15:93:41 | new[] | This allocation cannot throw. $@ is unnecessary. | test.cpp:97:36:98:3 | { ... } | This catch block |
 | test.cpp:96:10:96:36 | new[] | This allocation cannot throw. $@ is unnecessary. | test.cpp:97:36:98:3 | { ... } | This catch block |
 | test.cpp:151:9:151:24 | new | This allocation cannot throw. $@ is unnecessary. | test.cpp:152:15:152:18 | { ... } | This catch block |
+| test.cpp:199:15:199:35 | new | This allocation cannot throw. $@ is unnecessary. | test.cpp:201:16:201:19 | { ... } | This catch block |
 | test.cpp:212:14:212:34 | new | This allocation cannot throw. $@ is unnecessary. | test.cpp:213:34:213:36 | { ... } | This catch block |
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-570/semmle/tests/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-570/semmle/tests/test.cpp
@@ -158,10 +158,10 @@ void good_placement_new_with_exception_handling() {
   catch (...) {  }
 }
 
-int rand();
+int unknown_value_without_exceptions() noexcept;
 
 void may_throw() {
-  if(rand()) {
+  if(unknown_value_without_exceptions()) {
     throw "bad luck exception!";
   }
 }
@@ -170,11 +170,11 @@ void unknown_code_that_may_throw(int*);
 void unknown_code_that_will_not_throw(int*) noexcept;
 
 void calls_throwing_code(int* p) {
-  if(rand()) unknown_code_that_may_throw(p);
+  if(unknown_value_without_exceptions()) unknown_code_that_may_throw(p);
 }
 
 void calls_non_throwing(int* p) {
-  if (rand()) unknown_code_that_will_not_throw(p);
+  if (unknown_value_without_exceptions()) unknown_code_that_will_not_throw(p);
 }
 
 void good_new_with_throwing_call() {
@@ -196,7 +196,7 @@ void good_new_with_throwing_call() {
 
 void bad_new_with_nonthrowing_call() {
   try {
-    int* p1 = new(std::nothrow) int; // BAD [NOT DETECTED]
+    int* p1 = new(std::nothrow) int; // BAD
     calls_non_throwing(p1);
   } catch(...) {  }
 

Original file line number	Diff line number	Diff line change
`@@ -158,10 +158,10 @@ void good_placement_new_with_exception_handling() {`
`158`	`158`	`catch (...) { }`
`159`	`159`	`}`
`160`	`160`
`161`		`-int rand();`
	`161`	`+int unknown_value_without_exceptions() noexcept;`
`162`	`162`
`163`	`163`	`void may_throw() {`
`164`		`- if(rand()) {`
	`164`	`+ if(unknown_value_without_exceptions()) {`
`165`	`165`	`throw "bad luck exception!";`
`166`	`166`	`}`
`167`	`167`	`}`
`@@ -170,11 +170,11 @@ void unknown_code_that_may_throw(int*);`
`170`	`170`	`void unknown_code_that_will_not_throw(int*) noexcept;`
`171`	`171`
`172`	`172`	`void calls_throwing_code(int* p) {`
`173`		`- if(rand()) unknown_code_that_may_throw(p);`
	`173`	`+ if(unknown_value_without_exceptions()) unknown_code_that_may_throw(p);`
`174`	`174`	`}`
`175`	`175`
`176`	`176`	`void calls_non_throwing(int* p) {`
`177`		`- if (rand()) unknown_code_that_will_not_throw(p);`
	`177`	`+ if (unknown_value_without_exceptions()) unknown_code_that_will_not_throw(p);`
`178`	`178`	`}`
`179`	`179`
`180`	`180`	`void good_new_with_throwing_call() {`
`@@ -196,7 +196,7 @@ void good_new_with_throwing_call() {`
`196`	`196`
`197`	`197`	`void bad_new_with_nonthrowing_call() {`
`198`	`198`	`try {`
`199`		`- int* p1 = new(std::nothrow) int; // BAD [NOT DETECTED]`
	`199`	`+ int* p1 = new(std::nothrow) int; // BAD`
`200`	`200`	`calls_non_throwing(p1);`
`201`	`201`	`} catch(...) { }`
`202`	`202`