remove unused imports, add tests for libarchive

Author: am0o0

cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/Brotli.qll

@@ -4,7 +4,6 @@
 
 import cpp
 import semmle.code.cpp.ir.dataflow.TaintTracking
-import semmle.code.cpp.security.FlowSources
 import semmle.code.cpp.commons.File
 import DecompressionBomb
 

cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/Bzip2.qll

@@ -4,12 +4,10 @@
 
 import cpp
 import semmle.code.cpp.ir.dataflow.TaintTracking
-import semmle.code.cpp.security.FlowSources
-import semmle.code.cpp.commons.File
 import DecompressionBomb
 
 /**
- * The `BZ2_bzDecompress` function as a Flow source
+ * The `BZ2_bzDecompress` function is used in flow sink
  */
 class BZ2BzDecompressFunction extends DecompressionFunction {
   BZ2BzDecompressFunction() { this.hasGlobalName(["BZ2_bzDecompress"]) }

cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/LibArchive.qll

@@ -4,7 +4,6 @@
 
 import cpp
 import semmle.code.cpp.ir.dataflow.TaintTracking
-import semmle.code.cpp.security.FlowSources
 import DecompressionBomb
 
 /**
@@ -18,3 +17,17 @@ class Archive_read_data_block extends DecompressionFunction {
 
   override int getArchiveParameterIndex() { result = 0 }
 }
+
+/**
+ * The `archive_read_open_filename` function as a flow step.
+ */
+class ReadOpenFunction extends DecompressionFlowStep {
+  ReadOpenFunction() { this.hasGlobalName("archive_read_open_filename") }
+
+  override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
+    exists(FunctionCall fc | fc.getTarget() = this |
+      node1.asIndirectExpr() = fc.getArgument(1) and
+      node2.asIndirectExpr() = fc.getArgument(0)
+    )
+  }
+}

cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/MiniZip.qll

@@ -4,7 +4,6 @@
 
 import cpp
 import semmle.code.cpp.ir.dataflow.TaintTracking
-import semmle.code.cpp.security.FlowSources
 import DecompressionBomb
 
 /**
@@ -18,7 +17,7 @@ class Mz_zip_entry extends DecompressionFunction {
 }
 
 /**
- * The `mz_zip_reader_entry_*` and `mz_zip_reader_save_all` functions are used in flow source.
+ * The `mz_zip_reader_entry_*` and `mz_zip_reader_save_all` functions are used in flow sink.
  * [docuemnt](https://github.com/zlib-ng/minizip-ng/blob/master/doc/mz_zip_rw.md)
  */
 class Mz_zip_reader_entry extends DecompressionFunction {
@@ -42,7 +41,7 @@ class UnzOpenFunction extends DecompressionFunction {
 }
 
 /**
- * The `mz_zip_reader_open_file` and `mz_zip_reader_open_file_in_memory` functions as a flow source.
+ * The `mz_zip_reader_open_file` and `mz_zip_reader_open_file_in_memory` functions as a flow step.
  */
 class ReaderOpenFunction extends DecompressionFlowStep {
   ReaderOpenFunction() {

cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/XZ.qll

@@ -4,7 +4,6 @@
 
 import cpp
 import semmle.code.cpp.ir.dataflow.TaintTracking
-import semmle.code.cpp.security.FlowSources
 import DecompressionBomb
 
 /**

cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZSTD.qll

@@ -4,8 +4,6 @@
 
 import cpp
 import semmle.code.cpp.ir.dataflow.TaintTracking
-import semmle.code.cpp.security.FlowSources
-import semmle.code.cpp.commons.File
 import DecompressionBomb
 
 /**

cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZlibGzopen.qll

@@ -4,7 +4,6 @@
 
 import cpp
 import semmle.code.cpp.ir.dataflow.TaintTracking
-import semmle.code.cpp.security.FlowSources
 import DecompressionBomb
 
 /**

cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZlibInflator.qll

@@ -4,7 +4,6 @@
 
 import cpp
 import semmle.code.cpp.ir.dataflow.TaintTracking
-import semmle.code.cpp.security.FlowSources
 import DecompressionBomb
 
 /**

cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZlibUncompress.qll

@@ -4,7 +4,6 @@
 
 import cpp
 import semmle.code.cpp.ir.dataflow.TaintTracking
-import semmle.code.cpp.security.FlowSources
 import DecompressionBomb
 
 /**