Merge pull request github#12185 from jketema/test-annotations

jketema · web-flow · commit 899f35a59b5c · 2023-02-14T15:48:35.000+01:00
C++: Update test annotations for use-use dataflow
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser/test.cpp
@@ -19,7 +19,7 @@ void test1(int p)
 {
 	sys_somesystemcall(&p);
 
-	unsafe_put_user(123, &p); // BAD
+	unsafe_put_user(123, &p); // BAD [NOT DETECTED]
 }
 
 void test2(int p)
@@ -40,7 +40,7 @@ void test3()
 
 	sys_somesystemcall(&v);
 
-	unsafe_put_user(123, &v); // BAD
+	unsafe_put_user(123, &v); // BAD [NOT DETECTED]
 }
 
 void test4()
@@ -68,7 +68,7 @@ void test5()
 
 	sys_somesystemcall(&myData);
 
-	unsafe_put_user(123, &(myData.x)); // BAD
+	unsafe_put_user(123, &(myData.x)); // BAD [NOT DETECTED]
 }
 
 void test6()
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/test.cpp
@@ -48,7 +48,7 @@ int main(int argc, char **argv) {
   printf(choose_message(argc - 1), argc - 1); // GOOD
   printf(messages[1]); // GOOD
   printf(message); // GOOD
-  printf(make_message(argc - 1)); // BAD
+  printf(make_message(argc - 1)); // BAD  [NOT DETECTED]
   printf("Hello, World\n"); // GOOD
   printf(_("Hello, World\n")); // GOOD
   {
@@ -97,7 +97,7 @@ int main(int argc, char **argv) {
     const char *hello = "Hello, World\n";
     const char **p = &hello;
     (*p)++;
-    printf(hello); // BAD [NOT DETECTED]
+    printf(hello); // BAD
   }
   {
     // Same as above block but through a C++ reference
@@ -112,7 +112,7 @@ int main(int argc, char **argv) {
   {
     const char *hello = "Hello, World\n";
     const char *const *p = &hello; // harmless reference to const pointer
-    printf(hello); // GOOD
+    printf(hello); // GOOD [FALSE POSITIVE]
     hello++; // modification comes after use and so does no harm
   }
   printf(argc > 2 ? "More than one\n" : _("Only one\n")); // GOOD
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Protocols/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/Protocols/test.cpp
@@ -8,37 +8,37 @@ void SetOptionsNoOldTls(boost::asio::ssl::context& ctx)
 
 void TestProperConfiguration_inter_CorrectUsage01()
 {
-	boost::asio::ssl::context ctx(boost::asio::ssl::context::tls_client);
+	boost::asio::ssl::context ctx(boost::asio::ssl::context::tls_client); // GOOD [FALSE POSITIVE]
 	SetOptionsNoOldTls(ctx);
 }
 
 void TestProperConfiguration_inter_CorrectUsage02()
 {
-	boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23);
+	boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23); // GOOD [FALSE POSITIVE]
 	ctx.set_options(boost::asio::ssl::context::no_tlsv1 | 
 		boost::asio::ssl::context::no_tlsv1_1 | 
 		boost::asio::ssl::context::no_sslv3);
 }
 
 void TestProperConfiguration_inter_IncorrectUsage01()
 {
-	boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23);	// BUG - missing disable SSLv3
+	boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23);	// BAD - missing disable SSLv3
 	SetOptionsNoOldTls(ctx);
 }
 
 void TestProperConfiguration_IncorrectUsage01()
 {
-	boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23);	// BUG
+	boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23);	// BAD
 }
 
 void TestProperConfiguration_IncorrectUsage02()
 {
-	boost::asio::ssl::context ctx(boost::asio::ssl::context::tls);	// BUG
+	boost::asio::ssl::context ctx(boost::asio::ssl::context::tls);	// BAD
 }
 
 void TestProperConfiguration_IncorrectUsage03()
 {
-	boost::asio::ssl::context ctx(boost::asio::ssl::context::tls);	// BUG
+	boost::asio::ssl::context ctx(boost::asio::ssl::context::tls);	// BAD
 	SetOptionsNoOldTls(ctx);
 	ctx.set_options(boost::asio::ssl::context::no_tlsv1 |
 		boost::asio::ssl::context::no_tlsv1_2 );			// BUG - disabling TLS 1.2
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Protocols/test2.cpp b/cpp/ql/test/query-tests/Likely Bugs/Protocols/test2.cpp
@@ -2,7 +2,7 @@
 
 void good1()
 {
-	// GOOD
+	// GOOD [FALSE POSITIVE]
 	boost::asio::ssl::context::method m = boost::asio::ssl::context::sslv23;
 	boost::asio::ssl::context ctx(m);
 	ctx.set_options(boost::asio::ssl::context::no_tlsv1 | boost::asio::ssl::context::no_tlsv1_1 | boost::asio::ssl::context::no_sslv3);
@@ -34,7 +34,7 @@ void bad2()
 
 void good3()
 {
-	// GOOD
+	// GOOD [FALSE POSITIVE]
 	boost::asio::ssl::context *ctx = new boost::asio::ssl::context(boost::asio::ssl::context::sslv23);
 	ctx->set_options(boost::asio::ssl::context::no_tlsv1 | boost::asio::ssl::context::no_tlsv1_1 | boost::asio::ssl::context::no_sslv3);
 }
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Protocols/test3.cpp b/cpp/ql/test/query-tests/Likely Bugs/Protocols/test3.cpp
@@ -13,7 +13,7 @@ void useTLS_bad()
 void useTLS_good()
 {
 	boost::asio::ssl::context ctx(boost::asio::ssl::context::tls);
-	ctx.set_options(boost::asio::ssl::context::no_tlsv1 | boost::asio::ssl::context::no_tlsv1_1); // GOOD
+	ctx.set_options(boost::asio::ssl::context::no_tlsv1 | boost::asio::ssl::context::no_tlsv1_1); // GOOD [FALSE POSITIVE]
 
 	// ...
 }
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp
@@ -20,7 +20,7 @@ void test1()
 	char bigbuffer[20];
 	
 	memcpy(bigbuffer, smallbuffer, sizeof(smallbuffer)); // GOOD
-	memcpy(bigbuffer, smallbuffer, sizeof(bigbuffer)); // BAD: over-read [NOT DETECTED]
+	memcpy(bigbuffer, smallbuffer, sizeof(bigbuffer)); // BAD: over-read
 	memcpy(smallbuffer, bigbuffer, sizeof(smallbuffer)); // GOOD
 	memcpy(smallbuffer, bigbuffer, sizeof(bigbuffer)); // BAD: over-write
 }
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/unions.c b/cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/unions.c
@@ -29,5 +29,5 @@ void unions_test(MyUnion *mu)
 	mu->ptr = buffer;
 	strcpy(mu->ptr, "1234567890"); // GOOD
 	strcpy(mu->ptr, "12345678901234567890"); // GOOD
-	strcpy(mu->ptr, "123456789012345678901234567890"); // BAD
+	strcpy(mu->ptr, "123456789012345678901234567890"); // BAD [NOT DETECTED]
 }
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.c b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.c
@@ -150,14 +150,14 @@ int main(int argc, char **argv) {
 	printf(i8);
 	printWrapper(i8);
 
-	// BAD: i9 value comes from argv
+	// BAD: i9 value comes from argv [NOT DETECTED]
 	char i9buf[32];
 	char *i9 = i9buf;
 	memcpy(1 ? ++i9 : 0, argv[1], 1);
 	printf(i9);
 	printWrapper(i9);
 
-	// BAD: i91 value comes from argv
+	// BAD: i91 value comes from argv [NOT DETECTED]
 	char i91buf[64];
 	char *i91 = &i91buf[0];
 	memcpy(0 ? 0 : i91, argv[1] + 1, 1);
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/test.cpp
@@ -21,7 +21,7 @@ void doNothing(char *url)
 {
 }
 
-const char *url_g = "http://example.com"; // BAD [NOT DETECTED]
+const char *url_g = "http://example.com"; // BAD
 
 void test()
 {
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-611/tests3.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-611/tests3.cpp
@@ -22,7 +22,7 @@ class XMLReaderFactory
 void test3_1(InputSource &data) {
 	SAX2XMLReader *p = XMLReaderFactory::createXMLReader();
 
-	p->parse(data); // BAD (parser not correctly configured) [NOT DETECTED]
+	p->parse(data); // BAD (parser not correctly configured)
 }
 
 void test3_2(InputSource &data) {
@@ -35,14 +35,14 @@ void test3_2(InputSource &data) {
 SAX2XMLReader *p_3_3 = XMLReaderFactory::createXMLReader();
 
 void test3_3(InputSource &data) {
-	p_3_3->parse(data); // BAD (parser not correctly configured)
+	p_3_3->parse(data); // BAD (parser not correctly configured) [NOT DETECTED]
 }
 
 SAX2XMLReader *p_3_4 = XMLReaderFactory::createXMLReader();
 
 void test3_4(InputSource &data) {
 	p_3_4->setFeature(XMLUni::fgXercesDisableDefaultEntityResolution, true);
-	p_3_4->parse(data); // GOOD [FALSE POSITIVE]
+	p_3_4->parse(data); // GOOD
 }
 
 SAX2XMLReader *p_3_5 = XMLReaderFactory::createXMLReader();
@@ -53,7 +53,7 @@ void test3_5_init() {
 
 void test3_5(InputSource &data) {
 	test3_5_init();
-	p_3_5->parse(data); // GOOD [FALSE POSITIVE]
+	p_3_5->parse(data); // GOOD
 }
 
 void test3_6(InputSource &data) {
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-611/tests5.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-611/tests5.cpp
@@ -73,7 +73,7 @@ void test5_6_init() {
 void test5_6() {
 	test5_6_init();
 
-	g_p1->parse(*g_data); // GOOD [FALSE POSITIVE]
+	g_p1->parse(*g_data); // GOOD
 	g_p2->parse(*g_data); // BAD (parser not correctly configured)
 }
 

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ void test1(int p)`
`19`	`19`	`{`
`20`	`20`	`sys_somesystemcall(&p);`
`21`	`21`
`22`		`- unsafe_put_user(123, &p); // BAD`
	`22`	`+ unsafe_put_user(123, &p); // BAD [NOT DETECTED]`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`void test2(int p)`
`@@ -40,7 +40,7 @@ void test3()`
`40`	`40`
`41`	`41`	`sys_somesystemcall(&v);`
`42`	`42`
`43`		`- unsafe_put_user(123, &v); // BAD`
	`43`	`+ unsafe_put_user(123, &v); // BAD [NOT DETECTED]`
`44`	`44`	`}`
`45`	`45`
`46`	`46`	`void test4()`
`@@ -68,7 +68,7 @@ void test5()`
`68`	`68`
`69`	`69`	`sys_somesystemcall(&myData);`
`70`	`70`
`71`		`- unsafe_put_user(123, &(myData.x)); // BAD`
	`71`	`+ unsafe_put_user(123, &(myData.x)); // BAD [NOT DETECTED]`
`72`	`72`	`}`
`73`	`73`
`74`	`74`	`void test6()`
Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,7 @@ int main(int argc, char **argv) {`
`48`	`48`	`printf(choose_message(argc - 1), argc - 1); // GOOD`
`49`	`49`	`printf(messages[1]); // GOOD`
`50`	`50`	`printf(message); // GOOD`
`51`		`- printf(make_message(argc - 1)); // BAD`
	`51`	`+ printf(make_message(argc - 1)); // BAD [NOT DETECTED]`
`52`	`52`	`printf("Hello, World\n"); // GOOD`
`53`	`53`	`printf(_("Hello, World\n")); // GOOD`
`54`	`54`	`{`
`@@ -97,7 +97,7 @@ int main(int argc, char **argv) {`
`97`	`97`	`const char *hello = "Hello, World\n";`
`98`	`98`	`const char **p = &hello;`
`99`	`99`	`(*p)++;`
`100`		`- printf(hello); // BAD [NOT DETECTED]`
	`100`	`+ printf(hello); // BAD`
`101`	`101`	`}`
`102`	`102`	`{`
`103`	`103`	`// Same as above block but through a C++ reference`
`@@ -112,7 +112,7 @@ int main(int argc, char **argv) {`
`112`	`112`	`{`
`113`	`113`	`const char *hello = "Hello, World\n";`
`114`	`114`	`const char const p = &hello; // harmless reference to const pointer`
`115`		`- printf(hello); // GOOD`
	`115`	`+ printf(hello); // GOOD [FALSE POSITIVE]`
`116`	`116`	`hello++; // modification comes after use and so does no harm`
`117`	`117`	`}`
`118`	`118`	`printf(argc > 2 ? "More than one\n" : _("Only one\n")); // GOOD`
Original file line number	Diff line number	Diff line change
`@@ -8,37 +8,37 @@ void SetOptionsNoOldTls(boost::asio::ssl::context& ctx)`
`8`	`8`
`9`	`9`	`void TestProperConfiguration_inter_CorrectUsage01()`
`10`	`10`	`{`
`11`		`- boost::asio::ssl::context ctx(boost::asio::ssl::context::tls_client);`
	`11`	`+ boost::asio::ssl::context ctx(boost::asio::ssl::context::tls_client); // GOOD [FALSE POSITIVE]`
`12`	`12`	`SetOptionsNoOldTls(ctx);`
`13`	`13`	`}`
`14`	`14`
`15`	`15`	`void TestProperConfiguration_inter_CorrectUsage02()`
`16`	`16`	`{`
`17`		`- boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23);`
	`17`	`+ boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23); // GOOD [FALSE POSITIVE]`
`18`	`18`	`ctx.set_options(boost::asio::ssl::context::no_tlsv1 \|`
`19`	`19`	`boost::asio::ssl::context::no_tlsv1_1 \|`
`20`	`20`	`boost::asio::ssl::context::no_sslv3);`
`21`	`21`	`}`
`22`	`22`
`23`	`23`	`void TestProperConfiguration_inter_IncorrectUsage01()`
`24`	`24`	`{`
`25`		`- boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23); // BUG - missing disable SSLv3`
	`25`	`+ boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23); // BAD - missing disable SSLv3`
`26`	`26`	`SetOptionsNoOldTls(ctx);`
`27`	`27`	`}`
`28`	`28`
`29`	`29`	`void TestProperConfiguration_IncorrectUsage01()`
`30`	`30`	`{`
`31`		`- boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23); // BUG`
	`31`	`+ boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23); // BAD`
`32`	`32`	`}`
`33`	`33`
`34`	`34`	`void TestProperConfiguration_IncorrectUsage02()`
`35`	`35`	`{`
`36`		`- boost::asio::ssl::context ctx(boost::asio::ssl::context::tls); // BUG`
	`36`	`+ boost::asio::ssl::context ctx(boost::asio::ssl::context::tls); // BAD`
`37`	`37`	`}`
`38`	`38`
`39`	`39`	`void TestProperConfiguration_IncorrectUsage03()`
`40`	`40`	`{`
`41`		`- boost::asio::ssl::context ctx(boost::asio::ssl::context::tls); // BUG`
	`41`	`+ boost::asio::ssl::context ctx(boost::asio::ssl::context::tls); // BAD`
`42`	`42`	`SetOptionsNoOldTls(ctx);`
`43`	`43`	`ctx.set_options(boost::asio::ssl::context::no_tlsv1 \|`
`44`	`44`	`boost::asio::ssl::context::no_tlsv1_2 ); // BUG - disabling TLS 1.2`
Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@`
`2`	`2`
`3`	`3`	`void good1()`
`4`	`4`	`{`
`5`		`- // GOOD`
	`5`	`+ // GOOD [FALSE POSITIVE]`
`6`	`6`	`boost::asio::ssl::context::method m = boost::asio::ssl::context::sslv23;`
`7`	`7`	`boost::asio::ssl::context ctx(m);`
`8`	`8`	`ctx.set_options(boost::asio::ssl::context::no_tlsv1 \| boost::asio::ssl::context::no_tlsv1_1 \| boost::asio::ssl::context::no_sslv3);`
`@@ -34,7 +34,7 @@ void bad2()`
`34`	`34`
`35`	`35`	`void good3()`
`36`	`36`	`{`
`37`		`- // GOOD`
	`37`	`+ // GOOD [FALSE POSITIVE]`
`38`	`38`	`boost::asio::ssl::context *ctx = new boost::asio::ssl::context(boost::asio::ssl::context::sslv23);`
`39`	`39`	`ctx->set_options(boost::asio::ssl::context::no_tlsv1 \| boost::asio::ssl::context::no_tlsv1_1 \| boost::asio::ssl::context::no_sslv3);`
`40`	`40`	`}`
Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ void useTLS_bad()`
`13`	`13`	`void useTLS_good()`
`14`	`14`	`{`
`15`	`15`	`boost::asio::ssl::context ctx(boost::asio::ssl::context::tls);`
`16`		`- ctx.set_options(boost::asio::ssl::context::no_tlsv1 \| boost::asio::ssl::context::no_tlsv1_1); // GOOD`
	`16`	`+ ctx.set_options(boost::asio::ssl::context::no_tlsv1 \| boost::asio::ssl::context::no_tlsv1_1); // GOOD [FALSE POSITIVE]`
`17`	`17`
`18`	`18`	`// ...`
`19`	`19`	`}`
Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ void test1()`
`20`	`20`	`char bigbuffer[20];`
`21`	`21`
`22`	`22`	`memcpy(bigbuffer, smallbuffer, sizeof(smallbuffer)); // GOOD`
`23`		`- memcpy(bigbuffer, smallbuffer, sizeof(bigbuffer)); // BAD: over-read [NOT DETECTED]`
	`23`	`+ memcpy(bigbuffer, smallbuffer, sizeof(bigbuffer)); // BAD: over-read`
`24`	`24`	`memcpy(smallbuffer, bigbuffer, sizeof(smallbuffer)); // GOOD`
`25`	`25`	`memcpy(smallbuffer, bigbuffer, sizeof(bigbuffer)); // BAD: over-write`
`26`	`26`	`}`
Original file line number	Diff line number	Diff line change
`@@ -29,5 +29,5 @@ void unions_test(MyUnion *mu)`
`29`	`29`	`mu->ptr = buffer;`
`30`	`30`	`strcpy(mu->ptr, "1234567890"); // GOOD`
`31`	`31`	`strcpy(mu->ptr, "12345678901234567890"); // GOOD`
`32`		`- strcpy(mu->ptr, "123456789012345678901234567890"); // BAD`
	`32`	`+ strcpy(mu->ptr, "123456789012345678901234567890"); // BAD [NOT DETECTED]`
`33`	`33`	`}`
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ void doNothing(char *url)`
`21`	`21`	`{`
`22`	`22`	`}`
`23`	`23`
`24`		`-const char *url_g = "http://example.com"; // BAD [NOT DETECTED]`
	`24`	`+const char *url_g = "http://example.com"; // BAD`
`25`	`25`
`26`	`26`	`void test()`
`27`	`27`	`{`