Merge pull request github#12336 from jketema/docs-examples

C++: Add tests for all dataflow examples that occur in our docs

Author: jketema

cpp/ql/test/examples/docs-examples/README.md

@@ -0,0 +1,2 @@
+This directory contains the C++ demo queries from the docs directory.
+Maintaining this copy should ensure that they continue to work.

cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/exercise1.expected

@@ -0,0 +1,2 @@
+| gethostbyname.cpp:6:25:6:44 | https://github.com | gethostbyname.cpp:11:23:11:35 | call to gethostbyname |
+| gethostbyname.cpp:9:37:9:56 | https://github.com | gethostbyname.cpp:9:23:9:35 | call to gethostbyname |

cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/exercise1.ql

@@ -0,0 +1,10 @@
+import cpp
+import semmle.code.cpp.dataflow.new.DataFlow
+
+from StringLiteral sl, FunctionCall fc, DataFlow::Node source, DataFlow::Node sink
+where
+  fc.getTarget().hasName("gethostbyname") and
+  source.asIndirectExpr(1) = sl and
+  sink.asIndirectExpr(1) = fc.getArgument(0) and
+  DataFlow::localFlow(source, sink)
+select sl, fc

cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/exercise2.expected

@@ -0,0 +1,2 @@
+| gethostbyname.cpp:6:25:6:44 | https://github.com | gethostbyname.cpp:11:23:11:35 | call to gethostbyname |
+| gethostbyname.cpp:9:37:9:56 | https://github.com | gethostbyname.cpp:9:23:9:35 | call to gethostbyname |

cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/exercise2.ql

@@ -0,0 +1,26 @@
+import cpp
+import semmle.code.cpp.dataflow.new.DataFlow
+
+class LiteralToGethostbynameConfiguration extends DataFlow::Configuration {
+  LiteralToGethostbynameConfiguration() { this = "LiteralToGethostbynameConfiguration" }
+
+  override predicate isSource(DataFlow::Node source) {
+    source.asIndirectExpr(1) instanceof StringLiteral
+  }
+
+  override predicate isSink(DataFlow::Node sink) {
+    exists(FunctionCall fc |
+      sink.asIndirectExpr(1) = fc.getArgument(0) and
+      fc.getTarget().hasName("gethostbyname")
+    )
+  }
+}
+
+from
+  StringLiteral sl, FunctionCall fc, LiteralToGethostbynameConfiguration cfg, DataFlow::Node source,
+  DataFlow::Node sink
+where
+  source.asIndirectExpr(1) = sl and
+  sink.asIndirectExpr(1) = fc.getArgument(0) and
+  cfg.hasFlow(source, sink)
+select sl, fc

cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/exercise4.expected

@@ -0,0 +1,2 @@
+| gethostbyname.cpp:7:30:7:35 | call to getenv | gethostbyname.cpp:13:23:13:35 | call to gethostbyname |
+| gethostbyname.cpp:12:37:12:42 | call to getenv | gethostbyname.cpp:12:23:12:35 | call to gethostbyname |

cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/exercise4.ql

@@ -0,0 +1,28 @@
+import cpp
+import semmle.code.cpp.dataflow.new.DataFlow
+
+class GetenvSource extends DataFlow::Node {
+  GetenvSource() { this.asIndirectExpr(1).(FunctionCall).getTarget().hasQualifiedName("getenv") }
+}
+
+class GetenvToGethostbynameConfiguration extends DataFlow::Configuration {
+  GetenvToGethostbynameConfiguration() { this = "GetenvToGethostbynameConfiguration" }
+
+  override predicate isSource(DataFlow::Node source) { source instanceof GetenvSource }
+
+  override predicate isSink(DataFlow::Node sink) {
+    exists(FunctionCall fc |
+      sink.asIndirectExpr(1) = fc.getArgument(0) and
+      fc.getTarget().hasName("gethostbyname")
+    )
+  }
+}
+
+from
+  Expr getenv, FunctionCall fc, GetenvToGethostbynameConfiguration cfg, DataFlow::Node source,
+  DataFlow::Node sink
+where
+  source.asIndirectExpr(1) = getenv and
+  sink.asIndirectExpr(1) = fc.getArgument(0) and
+  cfg.hasFlow(source, sink)
+select getenv, fc

cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/fopen-flow-from-expr.expected

@@ -0,0 +1,10 @@
+| fopen.cpp:6:30:6:37 | a_file |
+| fopen.cpp:8:26:8:33 | a_file |
+| fopen.cpp:9:26:9:34 | filename1 |
+| fopen.cpp:10:26:10:34 | filename2 |
+| fopen.cpp:18:18:18:25 | filename |
+| fopen.cpp:23:30:23:38 | call to do_getenv |
+| fopen.cpp:24:30:24:35 | call to getenv |
+| fopen.cpp:27:26:27:31 | call to getenv |
+| fopen.cpp:28:26:28:34 | filename1 |
+| fopen.cpp:29:26:29:34 | filename2 |

cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/fopen-flow-from-expr.ql

@@ -0,0 +1,11 @@
+import cpp
+import semmle.code.cpp.dataflow.new.DataFlow
+
+from Function fopen, FunctionCall fc, Expr src, DataFlow::Node source, DataFlow::Node sink
+where
+  fopen.hasQualifiedName("fopen") and
+  fc.getTarget() = fopen and
+  source.asIndirectExpr(1) = src and
+  sink.asIndirectExpr(1) = fc.getArgument(0) and
+  DataFlow::localFlow(source, sink)
+select src

cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/fopen-flow-from-getenv.expected

@@ -0,0 +1,5 @@
+| fopen.cpp:18:18:18:25 | filename | This 'fopen' uses data from $@. | fopen.cpp:25:30:25:35 | call to getenv | call to 'getenv' |
+| fopen.cpp:18:18:18:25 | filename | This 'fopen' uses data from $@. | fopen.cpp:30:29:30:34 | call to getenv | call to 'getenv' |
+| fopen.cpp:27:26:27:31 | call to getenv | This 'fopen' uses data from $@. | fopen.cpp:27:26:27:31 | call to getenv | call to 'getenv' |
+| fopen.cpp:28:26:28:34 | filename1 | This 'fopen' uses data from $@. | fopen.cpp:14:12:14:17 | call to getenv | call to 'getenv' |
+| fopen.cpp:29:26:29:34 | filename2 | This 'fopen' uses data from $@. | fopen.cpp:24:30:24:35 | call to getenv | call to 'getenv' |