C++: Fix missing result and accept test changes.

Author: MathiasVP

cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql

@@ -35,7 +35,8 @@ class Configuration extends TaintTrackingConfiguration {
       op.getAnOperand() = e
     |
       op instanceof UnaryArithmeticOperation or
-      op instanceof BinaryArithmeticOperation
+      op instanceof BinaryArithmeticOperation or
+      op instanceof AssignArithmeticOperation
     )
   }
 

cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/ArithmeticTainted.expected

@@ -8,8 +8,14 @@ edges
 | test2.cpp:36:9:36:14 | buffer | test2.cpp:39:9:39:11 | num |
 | test2.cpp:36:9:36:14 | buffer | test2.cpp:39:9:39:11 | num |
 | test2.cpp:36:9:36:14 | buffer | test2.cpp:39:9:39:11 | num |
+| test2.cpp:36:9:36:14 | buffer | test2.cpp:40:3:40:5 | num |
+| test2.cpp:36:9:36:14 | buffer | test2.cpp:40:3:40:5 | num |
+| test2.cpp:36:9:36:14 | buffer | test2.cpp:40:3:40:5 | num |
+| test2.cpp:36:9:36:14 | buffer | test2.cpp:40:3:40:5 | num |
 | test2.cpp:36:9:36:14 | fgets output argument | test2.cpp:39:9:39:11 | num |
 | test2.cpp:36:9:36:14 | fgets output argument | test2.cpp:39:9:39:11 | num |
+| test2.cpp:36:9:36:14 | fgets output argument | test2.cpp:40:3:40:5 | num |
+| test2.cpp:36:9:36:14 | fgets output argument | test2.cpp:40:3:40:5 | num |
 | test5.cpp:5:5:5:17 | getTaintedInt indirection | test5.cpp:17:6:17:18 | call to getTaintedInt |
 | test5.cpp:5:5:5:17 | getTaintedInt indirection | test5.cpp:17:6:17:18 | call to getTaintedInt |
 | test5.cpp:5:5:5:17 | getTaintedInt indirection | test5.cpp:18:6:18:18 | call to getTaintedInt |
@@ -43,6 +49,8 @@ nodes
 | test2.cpp:36:9:36:14 | fgets output argument | semmle.label | fgets output argument |
 | test2.cpp:39:9:39:11 | num | semmle.label | num |
 | test2.cpp:39:9:39:11 | num | semmle.label | num |
+| test2.cpp:40:3:40:5 | num | semmle.label | num |
+| test2.cpp:40:3:40:5 | num | semmle.label | num |
 | test5.cpp:5:5:5:17 | getTaintedInt indirection | semmle.label | getTaintedInt indirection |
 | test5.cpp:9:7:9:9 | buf | semmle.label | buf |
 | test5.cpp:9:7:9:9 | buf | semmle.label | buf |
@@ -68,6 +76,7 @@ nodes
 | test2.cpp:14:11:14:11 | v | test2.cpp:25:22:25:23 | & ... | test2.cpp:14:11:14:11 | v | $@ flows to an operand of an arithmetic expression, potentially causing an overflow. | test2.cpp:25:22:25:23 | & ... | User-provided value |
 | test2.cpp:14:11:14:11 | v | test2.cpp:25:22:25:23 | & ... | test2.cpp:14:11:14:11 | v | $@ flows to an operand of an arithmetic expression, potentially causing an underflow. | test2.cpp:25:22:25:23 | & ... | User-provided value |
 | test2.cpp:39:9:39:11 | num | test2.cpp:36:9:36:14 | buffer | test2.cpp:39:9:39:11 | num | $@ flows to an operand of an arithmetic expression, potentially causing an overflow. | test2.cpp:36:9:36:14 | buffer | User-provided value |
+| test2.cpp:40:3:40:5 | num | test2.cpp:36:9:36:14 | buffer | test2.cpp:40:3:40:5 | num | $@ flows to an operand of an arithmetic expression, potentially causing an overflow. | test2.cpp:36:9:36:14 | buffer | User-provided value |
 | test5.cpp:17:6:17:18 | call to getTaintedInt | test5.cpp:9:7:9:9 | buf | test5.cpp:17:6:17:18 | call to getTaintedInt | $@ flows to an operand of an arithmetic expression, potentially causing an overflow. | test5.cpp:9:7:9:9 | buf | User-provided value |
 | test5.cpp:19:6:19:6 | y | test5.cpp:9:7:9:9 | buf | test5.cpp:19:6:19:6 | y | $@ flows to an operand of an arithmetic expression, potentially causing an overflow. | test5.cpp:9:7:9:9 | buf | User-provided value |
 | test5.cpp:19:6:19:6 | y | test5.cpp:9:7:9:9 | buf | test5.cpp:19:6:19:6 | y | $@ flows to an operand of an arithmetic expression, potentially causing an underflow. | test5.cpp:9:7:9:9 | buf | User-provided value |

cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/test2.cpp

@@ -37,5 +37,5 @@ void test3()
 
   int num = atoi(buffer);
   num = num + 1000; // BAD
-  num += 1000; // BAD [NOT DETECTED]
+  num += 1000; // BAD
 }