Updating tests to account for removing const char* heuristic.

bdrodes · bdrodes · commit 9e50fc6893cd · 2024-02-15T09:54:03.000-05:00
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.expected b/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.expected
@@ -1,6 +1,8 @@
 | NonConstantFormat.c:30:10:30:16 | access to array | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | NonConstantFormat.c:41:9:41:27 | call to any_random_function | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | NonConstantFormat.c:45:9:45:48 | call to gettext | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| nested.cpp:21:23:21:26 | fmt0 | The format string argument to snprintf should be constant to prevent security issues and other potential errors. |
+| nested.cpp:79:32:79:38 | call to get_fmt | The format string argument to diagnostic should be constant to prevent security issues and other potential errors. |
 | nested.cpp:87:18:87:20 | fmt | The format string argument to diagnostic should be constant to prevent security issues and other potential errors. |
 | test.cpp:51:10:51:21 | call to make_message | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | test.cpp:130:20:130:26 | access to array | The format string argument to sprintf should be constant to prevent security issues and other potential errors. |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/nested.cpp b/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/nested.cpp
@@ -18,7 +18,7 @@ extern "C" int snprintf ( char * s, int n, const char * format, ... );
 struct A {
   void do_print(const char *fmt0) {
     char buf[32];
-    snprintf(buf, 32, fmt0); // GOOD, all paths to year use const char*
+    snprintf(buf, 32, fmt0); // BAD, all paths from unknown const char*, not assuming literal
   }
 };
 
@@ -34,7 +34,7 @@ struct C {
   void do_some_printing(const char *fmt) {
     b.do_printing(fmt);
   }
-  const char *ext_fmt_str(void);
+  const char *ext_fmt_str(void); // NOTE: not assuming result is literal
 };
 
 void foo(void) {
@@ -76,7 +76,7 @@ void diagnostic(const char *fmt, ...)
 }
 
 void bar(void) {
-    diagnostic (some_instance->get_fmt());  // GOOD get_fmt is const char* assumed static
+    diagnostic (some_instance->get_fmt());  // BAD const char* but not assuming literal
 }
 
 namespace ns {

Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@ extern "C" int snprintf ( char * s, int n, const char * format, ... );`
`18`	`18`	`struct A {`
`19`	`19`	`void do_print(const char *fmt0) {`
`20`	`20`	`char buf[32];`
`21`		`- snprintf(buf, 32, fmt0); // GOOD, all paths to year use const char*`
	`21`	`+ snprintf(buf, 32, fmt0); // BAD, all paths from unknown const char*, not assuming literal`
`22`	`22`	`}`
`23`	`23`	`};`
`24`	`24`
`@@ -34,7 +34,7 @@ struct C {`
`34`	`34`	`void do_some_printing(const char *fmt) {`
`35`	`35`	`b.do_printing(fmt);`
`36`	`36`	`}`
`37`		`- const char *ext_fmt_str(void);`
	`37`	`+ const char *ext_fmt_str(void); // NOTE: not assuming result is literal`
`38`	`38`	`};`
`39`	`39`
`40`	`40`	`void foo(void) {`
`@@ -76,7 +76,7 @@ void diagnostic(const char *fmt, ...)`
`76`	`76`	`}`
`77`	`77`
`78`	`78`	`void bar(void) {`
`79`		`- diagnostic (some_instance->get_fmt()); // GOOD get_fmt is const char* assumed static`
	`79`	`+ diagnostic (some_instance->get_fmt()); // BAD const char* but not assuming literal`
`80`	`80`	`}`
`81`	`81`
`82`	`82`	`namespace ns {`