File tree Expand file tree Collapse file tree 4 files changed +18
-12
lines changed
cpp/ql/test/library-tests/dataflow/dataflow-tests Expand file tree Collapse file tree 4 files changed +18
-12
lines changed Original file line number Diff line number Diff line change 1
1
// semmle-extractor-options: --edg --clang
2
2
3
3
int source ();
4
- void sink (int ); void sink (const int *); void sink (int **);
4
+ void sink (int ); void sink (const int *); void sink (int **); void indirect_sink (...);
5
5
6
6
struct twoIntFields {
7
7
int m1, m2;
@@ -19,7 +19,8 @@ void following_pointers( // $ ast-def=sourceStruct1_ptr
19
19
20
20
sink (sourceArray1[0 ]); // no flow
21
21
sink (*sourceArray1); // no flow
22
- sink (&sourceArray1); // $ ast,ir // [should probably be taint only]
22
+ sink (&sourceArray1); // $ ast // [should probably be taint only]
23
+ indirect_sink (&sourceArray1); // $ ast,ir
23
24
24
25
sink (sourceStruct1.m1 ); // no flow
25
26
sink (sourceStruct1_ptr->m1 ); // no flow
@@ -48,5 +49,6 @@ void following_pointers( // $ ast-def=sourceStruct1_ptr
48
49
49
50
int stackArray[2 ] = { source (), source () };
50
51
stackArray[0 ] = source ();
51
- sink (stackArray); // $ ast ir ir=49:25 ir=49:35 ir=50:19
52
+ sink (stackArray); // $ ast,ir
53
+ indirect_sink (stackArray); // $ ast ir=50:25 ir=50:35 ir=51:19
52
54
}
Original file line number Diff line number Diff line change @@ -28,9 +28,10 @@ postWithInFlow
28
28
| BarrierGuard.cpp:49:6:49:6 | x [post update] | PostUpdateNode should not be the target of local flow. |
29
29
| BarrierGuard.cpp:60:7:60:7 | x [post update] | PostUpdateNode should not be the target of local flow. |
30
30
| clang.cpp:22:9:22:20 | sourceArray1 [inner post update] | PostUpdateNode should not be the target of local flow. |
31
- | clang.cpp:28:22:28:23 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
32
- | clang.cpp:50:3:50:12 | stackArray [inner post update] | PostUpdateNode should not be the target of local flow. |
33
- | clang.cpp:50:3:50:15 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
31
+ | clang.cpp:23:18:23:29 | sourceArray1 [inner post update] | PostUpdateNode should not be the target of local flow. |
32
+ | clang.cpp:29:22:29:23 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
33
+ | clang.cpp:51:3:51:12 | stackArray [inner post update] | PostUpdateNode should not be the target of local flow. |
34
+ | clang.cpp:51:3:51:15 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
34
35
| dispatch.cpp:60:3:60:14 | globalBottom [post update] | PostUpdateNode should not be the target of local flow. |
35
36
| dispatch.cpp:61:3:61:14 | globalMiddle [post update] | PostUpdateNode should not be the target of local flow. |
36
37
| dispatch.cpp:78:24:78:37 | call to allocateBottom [inner post update] | PostUpdateNode should not be the target of local flow. |
Original file line number Diff line number Diff line change 1
1
int source ();
2
- void sink (int ); void sink (const int *); void sink (int **);
2
+ void sink (int ); void sink (const int *); void sink (int **); void indirect_sink (...);
3
3
4
4
void intraprocedural_with_local_flow () {
5
5
int t2;
@@ -626,7 +626,7 @@ void test_def_via_phi_read(bool b)
626
626
use (buffer);
627
627
}
628
628
intPointerSource (buffer);
629
- sink (buffer); // $ ast,ir
629
+ indirect_sink (buffer); // $ ast,ir
630
630
}
631
631
632
632
void test_static_local_1 () {
@@ -692,7 +692,7 @@ void test_static_local_9() {
692
692
693
693
void increment_buf (int ** buf) { // $ ast-def=buf ir-def=*buf ir-def=**buf
694
694
*buf += 10 ;
695
- sink (buf); // $ SPURIOUS: ast,ir // should only be flow to the indirect argument, but there's also flow to the non-indirect argument
695
+ sink (buf); // $ SPURIOUS: ast,ir
696
696
}
697
697
698
698
void call_increment_buf (int ** buf) { // $ ast-def=buf
Original file line number Diff line number Diff line change @@ -34,7 +34,7 @@ module AstTest {
34
34
35
35
override predicate isSink ( DataFlow:: Node sink ) {
36
36
exists ( FunctionCall call |
37
- call .getTarget ( ) .getName ( ) = "sink" and
37
+ call .getTarget ( ) .getName ( ) = [ "sink" , "indirect_sink" ] and
38
38
sink .asExpr ( ) = call .getAnArgument ( )
39
39
)
40
40
}
@@ -83,9 +83,12 @@ module IRTest {
83
83
}
84
84
85
85
override predicate isSink ( DataFlow:: Node sink ) {
86
- exists ( FunctionCall call |
86
+ exists ( FunctionCall call , Expr e | e = call . getAnArgument ( ) |
87
87
call .getTarget ( ) .getName ( ) = "sink" and
88
- call .getAnArgument ( ) in [ sink .asExpr ( ) , sink .asIndirectExpr ( ) ]
88
+ sink .asExpr ( ) = e
89
+ or
90
+ call .getTarget ( ) .getName ( ) = "indirect_sink" and
91
+ sink .asIndirectExpr ( ) = e
89
92
)
90
93
}
91
94
You can’t perform that action at this time.
0 commit comments