C++: Add FP.

Author: MathiasVP

cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected

@@ -4,22 +4,27 @@ edges
 | test1.c:8:11:8:14 | call to atoi | test1.c:11:9:11:9 | i | provenance |  |
 | test1.c:8:11:8:14 | call to atoi | test1.c:12:9:12:9 | i | provenance |  |
 | test1.c:8:11:8:14 | call to atoi | test1.c:13:9:13:9 | i | provenance |  |
+| test1.c:8:11:8:14 | call to atoi | test1.c:14:9:14:9 | i | provenance |  |
 | test1.c:9:9:9:9 | i | test1.c:17:16:17:16 | i | provenance |  |
 | test1.c:11:9:11:9 | i | test1.c:33:16:33:16 | i | provenance |  |
 | test1.c:12:9:12:9 | i | test1.c:41:16:41:16 | i | provenance |  |
 | test1.c:13:9:13:9 | i | test1.c:49:16:49:16 | i | provenance |  |
+| test1.c:14:9:14:9 | i | test1.c:59:16:59:16 | i | provenance |  |
 | test1.c:17:16:17:16 | i | test1.c:19:16:19:16 | i | provenance |  |
 | test1.c:33:16:33:16 | i | test1.c:34:11:34:11 | i | provenance |  |
 | test1.c:41:16:41:16 | i | test1.c:42:11:42:11 | i | provenance |  |
 | test1.c:49:16:49:16 | i | test1.c:52:3:52:7 | ... = ... | provenance |  |
 | test1.c:52:3:52:7 | ... = ... | test1.c:54:15:54:15 | j | provenance |  |
+| test1.c:59:16:59:16 | i | test1.c:60:21:60:21 | i | provenance |  |
+| test1.c:60:21:60:21 | i | test1.c:62:11:62:11 | s | provenance |  |
 nodes
 | test1.c:7:26:7:29 | **argv | semmle.label | **argv |
 | test1.c:8:11:8:14 | call to atoi | semmle.label | call to atoi |
 | test1.c:9:9:9:9 | i | semmle.label | i |
 | test1.c:11:9:11:9 | i | semmle.label | i |
 | test1.c:12:9:12:9 | i | semmle.label | i |
 | test1.c:13:9:13:9 | i | semmle.label | i |
+| test1.c:14:9:14:9 | i | semmle.label | i |
 | test1.c:17:16:17:16 | i | semmle.label | i |
 | test1.c:19:16:19:16 | i | semmle.label | i |
 | test1.c:33:16:33:16 | i | semmle.label | i |
@@ -29,9 +34,13 @@ nodes
 | test1.c:49:16:49:16 | i | semmle.label | i |
 | test1.c:52:3:52:7 | ... = ... | semmle.label | ... = ... |
 | test1.c:54:15:54:15 | j | semmle.label | j |
+| test1.c:59:16:59:16 | i | semmle.label | i |
+| test1.c:60:21:60:21 | i | semmle.label | i |
+| test1.c:62:11:62:11 | s | semmle.label | s |
 subpaths
 #select
 | test1.c:19:16:19:16 | i | test1.c:7:26:7:29 | **argv | test1.c:19:16:19:16 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | **argv | a command-line argument |
 | test1.c:34:11:34:11 | i | test1.c:7:26:7:29 | **argv | test1.c:34:11:34:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | **argv | a command-line argument |
 | test1.c:42:11:42:11 | i | test1.c:7:26:7:29 | **argv | test1.c:42:11:42:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | **argv | a command-line argument |
 | test1.c:54:15:54:15 | j | test1.c:7:26:7:29 | **argv | test1.c:54:15:54:15 | j | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | **argv | a command-line argument |
+| test1.c:62:11:62:11 | s | test1.c:7:26:7:29 | **argv | test1.c:62:11:62:11 | s | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | **argv | a command-line argument |

cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/test1.c

@@ -54,6 +54,10 @@ void test5(int i) {
   j = myArray[j]; // BAD: j has not been validated
 }
 
+extern int myTable[256];
+
 void test6(int i) {
+  unsigned char s = i;
 
+  myTable[s] = 0; // GOOD: Input is small [FALSE POSITIVE]
 }