Skip to content

Commit 35e91ba

Browse files
committed
C++: Introduce 'indirect_sink' in dataflow tests.
1 parent afd1a12 commit 35e91ba

File tree

4 files changed

+18
-12
lines changed

4 files changed

+18
-12
lines changed

cpp/ql/test/library-tests/dataflow/dataflow-tests/clang.cpp

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
// semmle-extractor-options: --edg --clang
22

33
int source();
4-
void sink(int); void sink(const int *); void sink(int **);
4+
void sink(int); void sink(const int *); void sink(int **); void indirect_sink(...);
55

66
struct twoIntFields {
77
int m1, m2;
@@ -19,7 +19,8 @@ void following_pointers( // $ ast-def=sourceStruct1_ptr
1919

2020
sink(sourceArray1[0]); // no flow
2121
sink(*sourceArray1); // no flow
22-
sink(&sourceArray1); // $ ast,ir // [should probably be taint only]
22+
sink(&sourceArray1); // $ ast // [should probably be taint only]
23+
indirect_sink(&sourceArray1); // $ ast,ir
2324

2425
sink(sourceStruct1.m1); // no flow
2526
sink(sourceStruct1_ptr->m1); // no flow
@@ -48,5 +49,6 @@ void following_pointers( // $ ast-def=sourceStruct1_ptr
4849

4950
int stackArray[2] = { source(), source() };
5051
stackArray[0] = source();
51-
sink(stackArray); // $ ast ir ir=49:25 ir=49:35 ir=50:19
52+
sink(stackArray); // $ ast,ir
53+
indirect_sink(stackArray); // $ ast ir=50:25 ir=50:35 ir=51:19
5254
}

cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -28,9 +28,10 @@ postWithInFlow
2828
| BarrierGuard.cpp:49:6:49:6 | x [post update] | PostUpdateNode should not be the target of local flow. |
2929
| BarrierGuard.cpp:60:7:60:7 | x [post update] | PostUpdateNode should not be the target of local flow. |
3030
| clang.cpp:22:9:22:20 | sourceArray1 [inner post update] | PostUpdateNode should not be the target of local flow. |
31-
| clang.cpp:28:22:28:23 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
32-
| clang.cpp:50:3:50:12 | stackArray [inner post update] | PostUpdateNode should not be the target of local flow. |
33-
| clang.cpp:50:3:50:15 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
31+
| clang.cpp:23:18:23:29 | sourceArray1 [inner post update] | PostUpdateNode should not be the target of local flow. |
32+
| clang.cpp:29:22:29:23 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
33+
| clang.cpp:51:3:51:12 | stackArray [inner post update] | PostUpdateNode should not be the target of local flow. |
34+
| clang.cpp:51:3:51:15 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
3435
| dispatch.cpp:60:3:60:14 | globalBottom [post update] | PostUpdateNode should not be the target of local flow. |
3536
| dispatch.cpp:61:3:61:14 | globalMiddle [post update] | PostUpdateNode should not be the target of local flow. |
3637
| dispatch.cpp:78:24:78:37 | call to allocateBottom [inner post update] | PostUpdateNode should not be the target of local flow. |

cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
int source();
2-
void sink(int); void sink(const int *); void sink(int **);
2+
void sink(int); void sink(const int *); void sink(int **); void indirect_sink(...);
33

44
void intraprocedural_with_local_flow() {
55
int t2;
@@ -626,7 +626,7 @@ void test_def_via_phi_read(bool b)
626626
use(buffer);
627627
}
628628
intPointerSource(buffer);
629-
sink(buffer); // $ ast,ir
629+
indirect_sink(buffer); // $ ast,ir
630630
}
631631

632632
void test_static_local_1() {
@@ -692,7 +692,7 @@ void test_static_local_9() {
692692

693693
void increment_buf(int** buf) { // $ ast-def=buf ir-def=*buf ir-def=**buf
694694
*buf += 10;
695-
sink(buf); // $ SPURIOUS: ast,ir // should only be flow to the indirect argument, but there's also flow to the non-indirect argument
695+
sink(buf); // $ SPURIOUS: ast,ir
696696
}
697697

698698
void call_increment_buf(int** buf) { // $ ast-def=buf

cpp/ql/test/library-tests/dataflow/dataflow-tests/test.ql

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ module AstTest {
3434

3535
override predicate isSink(DataFlow::Node sink) {
3636
exists(FunctionCall call |
37-
call.getTarget().getName() = "sink" and
37+
call.getTarget().getName() = ["sink", "indirect_sink"] and
3838
sink.asExpr() = call.getAnArgument()
3939
)
4040
}
@@ -83,9 +83,12 @@ module IRTest {
8383
}
8484

8585
override predicate isSink(DataFlow::Node sink) {
86-
exists(FunctionCall call |
86+
exists(FunctionCall call, Expr e | e = call.getAnArgument() |
8787
call.getTarget().getName() = "sink" and
88-
call.getAnArgument() in [sink.asExpr(), sink.asIndirectExpr()]
88+
sink.asExpr() = e
89+
or
90+
call.getTarget().getName() = "indirect_sink" and
91+
sink.asIndirectExpr() = e
8992
)
9093
}
9194

0 commit comments

Comments
 (0)