Skip to content

Commit 834b07e

Browse files
MathiasVPMathiasVP
committed
C++: Add failing tests.
1 parent 8be6aed commit 834b07e

File tree

2 files changed

+19
-5
lines changed

2 files changed

+19
-5
lines changed

cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/UnboundedWrite.expected

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,16 @@
11
edges
22
| main.cpp:6:27:6:30 | argv indirection | main.cpp:10:20:10:23 | argv indirection |
3-
| main.cpp:10:20:10:23 | argv indirection | tests.cpp:618:32:618:35 | argv indirection |
3+
| main.cpp:10:20:10:23 | argv indirection | tests.cpp:631:32:631:35 | argv indirection |
44
| tests.cpp:613:19:613:24 | source indirection | tests.cpp:615:17:615:22 | source indirection |
5-
| tests.cpp:618:32:618:35 | argv indirection | tests.cpp:643:9:643:15 | access to array indirection |
6-
| tests.cpp:643:9:643:15 | access to array indirection | tests.cpp:613:19:613:24 | source indirection |
5+
| tests.cpp:631:32:631:35 | argv indirection | tests.cpp:656:9:656:15 | access to array indirection |
6+
| tests.cpp:656:9:656:15 | access to array indirection | tests.cpp:613:19:613:24 | source indirection |
77
nodes
88
| main.cpp:6:27:6:30 | argv indirection | semmle.label | argv indirection |
99
| main.cpp:10:20:10:23 | argv indirection | semmle.label | argv indirection |
1010
| tests.cpp:613:19:613:24 | source indirection | semmle.label | source indirection |
1111
| tests.cpp:615:17:615:22 | source indirection | semmle.label | source indirection |
12-
| tests.cpp:618:32:618:35 | argv indirection | semmle.label | argv indirection |
13-
| tests.cpp:643:9:643:15 | access to array indirection | semmle.label | access to array indirection |
12+
| tests.cpp:631:32:631:35 | argv indirection | semmle.label | argv indirection |
13+
| tests.cpp:656:9:656:15 | access to array indirection | semmle.label | access to array indirection |
1414
subpaths
1515
#select
1616
| tests.cpp:615:2:615:7 | call to strcpy | main.cpp:6:27:6:30 | argv indirection | tests.cpp:615:17:615:22 | source indirection | This 'call to strcpy' with input from $@ may overflow the destination. | main.cpp:6:27:6:30 | argv indirection | a command-line argument |

cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -615,6 +615,19 @@ void test24(char* source) {
615615
strcpy(buffer, source); // BAD
616616
}
617617

618+
struct my_struct {
619+
char* home;
620+
};
621+
622+
void test25(char* source) {
623+
my_struct s;
624+
625+
s.home = source;
626+
627+
char buf[100];
628+
strcpy(buf, s.home); // BAD [NOT DETECTED]
629+
}
630+
618631
int tests_main(int argc, char *argv[])
619632
{
620633
long long arr17[19];
@@ -641,6 +654,7 @@ int tests_main(int argc, char *argv[])
641654
test22(argc == 0, argv[0]);
642655
test23();
643656
test24(argv[0]);
657+
test25(argv[0]);
644658

645659
return 0;
646660
}

0 commit comments

Comments
 (0)