C++: Accept test changes.

MathiasVP · MathiasVP · commit 2eb8d134393a · 2024-03-01T09:25:25.000Z
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.expected b/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.expected
@@ -1,31 +1,31 @@
 edges
-| NonConstantFormat.c:28:27:28:30 | **argv | NonConstantFormat.c:30:10:30:16 | *access to array |
-| NonConstantFormat.c:45:11:45:47 | *call to any_random_function | NonConstantFormat.c:45:9:45:48 | *call to gettext |
-| nested.cpp:19:29:19:32 | *fmt0 | nested.cpp:21:23:21:26 | *fmt0 |
-| nested.cpp:27:32:27:34 | *fmt | nested.cpp:28:16:28:18 | *fmt |
-| nested.cpp:28:16:28:18 | *fmt | nested.cpp:19:29:19:32 | *fmt0 |
-| nested.cpp:34:37:34:39 | *fmt | nested.cpp:35:19:35:21 | *fmt |
-| nested.cpp:35:19:35:21 | *fmt | nested.cpp:27:32:27:34 | *fmt |
-| nested.cpp:42:24:42:34 | *call to ext_fmt_str | nested.cpp:34:37:34:39 | *fmt |
-| nested.cpp:86:19:86:46 | *call to __builtin_alloca | nested.cpp:87:18:87:20 | *fmt |
-| test.cpp:27:39:27:39 | n | test.cpp:27:13:27:24 | **make_message |
-| test.cpp:46:14:46:17 | argc | test.cpp:51:23:51:30 | ... - ... |
-| test.cpp:46:27:46:30 | **argv | test.cpp:130:20:130:26 | *access to array |
-| test.cpp:51:23:51:30 | ... - ... | test.cpp:27:39:27:39 | n |
-| test.cpp:51:23:51:30 | ... - ... | test.cpp:51:10:51:21 | *call to make_message |
-| test.cpp:155:27:155:30 | data | test.cpp:157:12:157:15 | data |
-| test.cpp:167:31:167:34 | data | test.cpp:170:12:170:14 | *res |
-| test.cpp:193:32:193:34 | str | test.cpp:195:31:195:33 | str |
-| test.cpp:193:32:193:34 | str | test.cpp:197:11:197:14 | *wstr |
-| test.cpp:204:25:204:36 | *call to get_string | test.cpp:205:12:205:20 | *... + ... |
-| test.cpp:204:25:204:36 | *call to get_string | test.cpp:206:12:206:16 | *hello |
-| test.cpp:209:25:209:36 | *call to get_string | test.cpp:211:12:211:16 | *hello |
-| test.cpp:215:25:215:36 | *call to get_string | test.cpp:217:12:217:16 | *hello |
-| test.cpp:221:25:221:36 | *call to get_string | test.cpp:223:12:223:16 | *hello |
-| test.cpp:227:25:227:36 | *call to get_string | test.cpp:228:12:228:18 | *++ ... |
-| test.cpp:232:25:232:36 | *call to get_string | test.cpp:235:12:235:16 | *hello |
-| test.cpp:239:25:239:36 | *call to get_string | test.cpp:242:12:242:16 | *hello |
-| test.cpp:245:25:245:36 | *call to get_string | test.cpp:247:12:247:16 | *hello |
+| NonConstantFormat.c:28:27:28:30 | **argv | NonConstantFormat.c:30:10:30:16 | *access to array | provenance |  |
+| NonConstantFormat.c:45:11:45:47 | *call to any_random_function | NonConstantFormat.c:45:9:45:48 | *call to gettext | provenance |  |
+| nested.cpp:19:29:19:32 | *fmt0 | nested.cpp:21:23:21:26 | *fmt0 | provenance |  |
+| nested.cpp:27:32:27:34 | *fmt | nested.cpp:28:16:28:18 | *fmt | provenance |  |
+| nested.cpp:28:16:28:18 | *fmt | nested.cpp:19:29:19:32 | *fmt0 | provenance |  |
+| nested.cpp:34:37:34:39 | *fmt | nested.cpp:35:19:35:21 | *fmt | provenance |  |
+| nested.cpp:35:19:35:21 | *fmt | nested.cpp:27:32:27:34 | *fmt | provenance |  |
+| nested.cpp:42:24:42:34 | *call to ext_fmt_str | nested.cpp:34:37:34:39 | *fmt | provenance |  |
+| nested.cpp:86:19:86:46 | *call to __builtin_alloca | nested.cpp:87:18:87:20 | *fmt | provenance |  |
+| test.cpp:27:39:27:39 | n | test.cpp:27:13:27:24 | **make_message | provenance |  |
+| test.cpp:46:14:46:17 | argc | test.cpp:51:23:51:30 | ... - ... | provenance |  |
+| test.cpp:46:27:46:30 | **argv | test.cpp:130:20:130:26 | *access to array | provenance |  |
+| test.cpp:51:23:51:30 | ... - ... | test.cpp:27:39:27:39 | n | provenance |  |
+| test.cpp:51:23:51:30 | ... - ... | test.cpp:51:10:51:21 | *call to make_message | provenance |  |
+| test.cpp:155:27:155:30 | data | test.cpp:157:12:157:15 | data | provenance |  |
+| test.cpp:167:31:167:34 | data | test.cpp:170:12:170:14 | *res | provenance |  |
+| test.cpp:193:32:193:34 | str | test.cpp:195:31:195:33 | str | provenance |  |
+| test.cpp:193:32:193:34 | str | test.cpp:197:11:197:14 | *wstr | provenance |  |
+| test.cpp:204:25:204:36 | *call to get_string | test.cpp:205:12:205:20 | *... + ... | provenance |  |
+| test.cpp:204:25:204:36 | *call to get_string | test.cpp:206:12:206:16 | *hello | provenance |  |
+| test.cpp:209:25:209:36 | *call to get_string | test.cpp:211:12:211:16 | *hello | provenance |  |
+| test.cpp:215:25:215:36 | *call to get_string | test.cpp:217:12:217:16 | *hello | provenance |  |
+| test.cpp:221:25:221:36 | *call to get_string | test.cpp:223:12:223:16 | *hello | provenance |  |
+| test.cpp:227:25:227:36 | *call to get_string | test.cpp:228:12:228:18 | *++ ... | provenance |  |
+| test.cpp:232:25:232:36 | *call to get_string | test.cpp:235:12:235:16 | *hello | provenance |  |
+| test.cpp:239:25:239:36 | *call to get_string | test.cpp:242:12:242:16 | *hello | provenance |  |
+| test.cpp:245:25:245:36 | *call to get_string | test.cpp:247:12:247:16 | *hello | provenance |  |
 nodes
 | NonConstantFormat.c:28:27:28:30 | **argv | semmle.label | **argv |
 | NonConstantFormat.c:30:10:30:16 | *access to array | semmle.label | *access to array |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected
@@ -1,14 +1,83 @@
-| consts.cpp:86:9:86:10 | v1 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:91:9:91:10 | v2 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:95:9:95:10 | v3 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:100:9:100:10 | v4 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:103:9:103:15 | call to varFunc | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:107:9:107:10 | v5 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:112:9:112:10 | v6 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:116:9:116:13 | access to array | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:121:9:121:10 | v8 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:126:9:126:27 | call to nonConstFuncToArray | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:130:9:130:10 | v9 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:135:9:135:11 | v10 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:140:9:140:11 | v11 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:145:9:145:11 | v12 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+edges
+| consts.cpp:24:7:24:9 | **gv1 | consts.cpp:24:7:24:9 | **gv1 | provenance |  |
+| consts.cpp:24:7:24:9 | **gv1 | consts.cpp:29:7:29:25 | **nonConstFuncToArray | provenance |  |
+| consts.cpp:29:7:29:25 | **nonConstFuncToArray | consts.cpp:126:9:126:30 | *call to nonConstFuncToArray | provenance |  |
+| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:24:7:24:9 | **gv1 | provenance |  |
+| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:86:9:86:10 | *v1 | provenance |  |
+| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:95:9:95:10 | *v3 | provenance |  |
+| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:100:9:100:10 | *v4 | provenance |  |
+| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:116:9:116:13 | *access to array | provenance |  |
+| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:121:9:121:10 | *v8 | provenance |  |
+| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:130:9:130:10 | *v9 | provenance |  |
+| consts.cpp:85:7:85:8 | gets output argument | consts.cpp:135:9:135:11 | *v10 | provenance |  |
+| consts.cpp:90:7:90:10 | *call to gets | consts.cpp:91:9:91:10 | *v2 | provenance |  |
+| consts.cpp:90:7:90:10 | *call to gets | consts.cpp:116:9:116:13 | *access to array | provenance |  |
+| consts.cpp:90:7:90:10 | *call to gets | consts.cpp:121:9:121:10 | *v8 | provenance |  |
+| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:24:7:24:9 | **gv1 | provenance |  |
+| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:95:9:95:10 | *v3 | provenance |  |
+| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:100:9:100:10 | *v4 | provenance |  |
+| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:116:9:116:13 | *access to array | provenance |  |
+| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:121:9:121:10 | *v8 | provenance |  |
+| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:130:9:130:10 | *v9 | provenance |  |
+| consts.cpp:90:12:90:13 | gets output argument | consts.cpp:135:9:135:11 | *v10 | provenance |  |
+| consts.cpp:106:13:106:19 | *call to varFunc | consts.cpp:107:9:107:10 | *v5 | provenance |  |
+| consts.cpp:111:7:111:13 | *call to varFunc | consts.cpp:112:9:112:10 | *v6 | provenance |  |
+| consts.cpp:139:13:139:16 | readString output argument | consts.cpp:140:9:140:11 | *v11 | provenance |  |
+| consts.cpp:139:13:139:16 | readString output argument | consts.cpp:140:9:140:11 | v11 | provenance |  |
+| consts.cpp:144:16:144:18 | readStringRef output argument | consts.cpp:145:9:145:11 | *v12 | provenance |  |
+| consts.cpp:144:16:144:18 | readStringRef output argument | consts.cpp:145:9:145:11 | v12 | provenance |  |
+nodes
+| consts.cpp:24:7:24:9 | **gv1 | semmle.label | **gv1 |
+| consts.cpp:29:7:29:25 | **nonConstFuncToArray | semmle.label | **nonConstFuncToArray |
+| consts.cpp:85:7:85:8 | gets output argument | semmle.label | gets output argument |
+| consts.cpp:86:9:86:10 | *v1 | semmle.label | *v1 |
+| consts.cpp:90:7:90:10 | *call to gets | semmle.label | *call to gets |
+| consts.cpp:90:12:90:13 | gets output argument | semmle.label | gets output argument |
+| consts.cpp:91:9:91:10 | *v2 | semmle.label | *v2 |
+| consts.cpp:95:9:95:10 | *v3 | semmle.label | *v3 |
+| consts.cpp:100:9:100:10 | *v4 | semmle.label | *v4 |
+| consts.cpp:103:9:103:17 | *call to varFunc | semmle.label | *call to varFunc |
+| consts.cpp:106:13:106:19 | *call to varFunc | semmle.label | *call to varFunc |
+| consts.cpp:107:9:107:10 | *v5 | semmle.label | *v5 |
+| consts.cpp:111:7:111:13 | *call to varFunc | semmle.label | *call to varFunc |
+| consts.cpp:112:9:112:10 | *v6 | semmle.label | *v6 |
+| consts.cpp:116:9:116:13 | *access to array | semmle.label | *access to array |
+| consts.cpp:121:9:121:10 | *v8 | semmle.label | *v8 |
+| consts.cpp:126:9:126:30 | *call to nonConstFuncToArray | semmle.label | *call to nonConstFuncToArray |
+| consts.cpp:130:9:130:10 | *v9 | semmle.label | *v9 |
+| consts.cpp:135:9:135:11 | *v10 | semmle.label | *v10 |
+| consts.cpp:139:13:139:16 | readString output argument | semmle.label | readString output argument |
+| consts.cpp:139:13:139:16 | readString output argument | semmle.label | readString output argument |
+| consts.cpp:140:9:140:11 | *v11 | semmle.label | *v11 |
+| consts.cpp:140:9:140:11 | v11 | semmle.label | v11 |
+| consts.cpp:144:16:144:18 | readStringRef output argument | semmle.label | readStringRef output argument |
+| consts.cpp:144:16:144:18 | readStringRef output argument | semmle.label | readStringRef output argument |
+| consts.cpp:145:9:145:11 | *v12 | semmle.label | *v12 |
+| consts.cpp:145:9:145:11 | v12 | semmle.label | v12 |
+subpaths
+#select
+| consts.cpp:86:9:86:10 | *v1 | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:86:9:86:10 | *v1 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:86:2:86:7 | call to printf | printf |
+| consts.cpp:91:9:91:10 | *v2 | consts.cpp:90:7:90:10 | *call to gets | consts.cpp:91:9:91:10 | *v2 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:91:2:91:7 | call to printf | printf |
+| consts.cpp:95:9:95:10 | *v3 | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:95:9:95:10 | *v3 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:95:2:95:7 | call to printf | printf |
+| consts.cpp:95:9:95:10 | *v3 | consts.cpp:90:12:90:13 | gets output argument | consts.cpp:95:9:95:10 | *v3 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:95:2:95:7 | call to printf | printf |
+| consts.cpp:100:9:100:10 | *v4 | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:100:9:100:10 | *v4 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:100:2:100:7 | call to printf | printf |
+| consts.cpp:100:9:100:10 | *v4 | consts.cpp:90:12:90:13 | gets output argument | consts.cpp:100:9:100:10 | *v4 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:100:2:100:7 | call to printf | printf |
+| consts.cpp:103:9:103:17 | *call to varFunc | consts.cpp:103:9:103:17 | *call to varFunc | consts.cpp:103:9:103:17 | *call to varFunc | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:103:2:103:7 | call to printf | printf |
+| consts.cpp:107:9:107:10 | *v5 | consts.cpp:106:13:106:19 | *call to varFunc | consts.cpp:107:9:107:10 | *v5 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:107:2:107:7 | call to printf | printf |
+| consts.cpp:112:9:112:10 | *v6 | consts.cpp:111:7:111:13 | *call to varFunc | consts.cpp:112:9:112:10 | *v6 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:112:2:112:7 | call to printf | printf |
+| consts.cpp:116:9:116:13 | *access to array | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:116:9:116:13 | *access to array | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:116:2:116:7 | call to printf | printf |
+| consts.cpp:116:9:116:13 | *access to array | consts.cpp:90:7:90:10 | *call to gets | consts.cpp:116:9:116:13 | *access to array | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:116:2:116:7 | call to printf | printf |
+| consts.cpp:116:9:116:13 | *access to array | consts.cpp:90:12:90:13 | gets output argument | consts.cpp:116:9:116:13 | *access to array | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:116:2:116:7 | call to printf | printf |
+| consts.cpp:121:9:121:10 | *v8 | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:121:9:121:10 | *v8 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:121:2:121:7 | call to printf | printf |
+| consts.cpp:121:9:121:10 | *v8 | consts.cpp:90:7:90:10 | *call to gets | consts.cpp:121:9:121:10 | *v8 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:121:2:121:7 | call to printf | printf |
+| consts.cpp:121:9:121:10 | *v8 | consts.cpp:90:12:90:13 | gets output argument | consts.cpp:121:9:121:10 | *v8 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:121:2:121:7 | call to printf | printf |
+| consts.cpp:126:9:126:30 | *call to nonConstFuncToArray | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:126:9:126:30 | *call to nonConstFuncToArray | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:126:2:126:7 | call to printf | printf |
+| consts.cpp:126:9:126:30 | *call to nonConstFuncToArray | consts.cpp:90:12:90:13 | gets output argument | consts.cpp:126:9:126:30 | *call to nonConstFuncToArray | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:126:2:126:7 | call to printf | printf |
+| consts.cpp:130:9:130:10 | *v9 | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:130:9:130:10 | *v9 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:130:2:130:7 | call to printf | printf |
+| consts.cpp:130:9:130:10 | *v9 | consts.cpp:90:12:90:13 | gets output argument | consts.cpp:130:9:130:10 | *v9 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:130:2:130:7 | call to printf | printf |
+| consts.cpp:135:9:135:11 | *v10 | consts.cpp:85:7:85:8 | gets output argument | consts.cpp:135:9:135:11 | *v10 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:135:2:135:7 | call to printf | printf |
+| consts.cpp:135:9:135:11 | *v10 | consts.cpp:90:12:90:13 | gets output argument | consts.cpp:135:9:135:11 | *v10 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:135:2:135:7 | call to printf | printf |
+| consts.cpp:140:9:140:11 | *v11 | consts.cpp:139:13:139:16 | readString output argument | consts.cpp:140:9:140:11 | *v11 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:140:2:140:7 | call to printf | printf |
+| consts.cpp:140:9:140:11 | v11 | consts.cpp:139:13:139:16 | readString output argument | consts.cpp:140:9:140:11 | v11 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:140:2:140:7 | call to printf | printf |
+| consts.cpp:145:9:145:11 | *v12 | consts.cpp:144:16:144:18 | readStringRef output argument | consts.cpp:145:9:145:11 | *v12 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:145:2:145:7 | call to printf | printf |
+| consts.cpp:145:9:145:11 | v12 | consts.cpp:144:16:144:18 | readStringRef output argument | consts.cpp:145:9:145:11 | v12 | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | consts.cpp:145:2:145:7 | call to printf | printf |
