C++: Add testcase that demonstrate the need for self-flow out of indirect parameters.

MathiasVP · MathiasVP · commit da54751d8506 · 2023-06-22T19:33:13.000+01:00
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected
@@ -67,6 +67,8 @@ postWithInFlow
 | ref.cpp:109:9:109:11 | val [post update] | PostUpdateNode should not be the target of local flow. |
 | ref.cpp:113:11:113:13 | val [post update] | PostUpdateNode should not be the target of local flow. |
 | ref.cpp:115:11:115:13 | val [post update] | PostUpdateNode should not be the target of local flow. |
+| self_parameter_flow.cpp:3:4:3:5 | ps [inner post update] | PostUpdateNode should not be the target of local flow. |
+| self_parameter_flow.cpp:8:9:8:9 | s [inner post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:91:3:91:9 | source1 [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:115:3:115:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:115:4:115:6 | out [inner post update] | PostUpdateNode should not be the target of local flow. |
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/self_parameter_flow.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/self_parameter_flow.cpp
@@ -0,0 +1,14 @@
+void incr(unsigned char **ps) // $ ast-def=ps ir-def=*ps ir-def=**ps 
+{
+  *ps += 1;
+}
+
+void callincr(unsigned char *s) // $ ast-def=s 
+{
+  incr(&s);
+}
+
+void test(unsigned char *s) // $ ast-def=s
+{
+  callincr(s); // $ MISSING: flow
+}
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test_self_parameter_flow.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test_self_parameter_flow.expected
@@ -0,0 +1,2 @@
+failures
+testFailures
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test_self_parameter_flow.ql b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test_self_parameter_flow.ql
@@ -0,0 +1,34 @@
+import cpp
+import semmle.code.cpp.dataflow.new.DataFlow
+import TestUtilities.InlineExpectationsTest
+
+module TestConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
+    source.getLocation().getFile().getBaseName() = "self_parameter_flow.cpp" and
+    source.asIndirectArgument() =
+      any(Call call | call.getTarget().hasName("callincr")).getAnArgument()
+  }
+
+  predicate isSink(DataFlow::Node sink) {
+    sink.asDefiningArgument() =
+      any(Call call | call.getTarget().hasName("callincr")).getAnArgument()
+  }
+}
+
+import DataFlow::Global<TestConfig>
+
+module TestSelfParameterFlow implements TestSig {
+  string getARelevantTag() { result = "flow" }
+
+  predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(DataFlow::Node sink |
+      flowTo(sink) and
+      location = sink.getLocation() and
+      element = sink.toString() and
+      tag = "flow" and
+      value = ""
+    )
+  }
+}
+
+import MakeTest<TestSelfParameterFlow>
