Skip to content

Commit e85ca79

Browse files
am0o0am0o0
committed
add tests for brotli
1 parent 49eaaf5 commit e85ca79

File tree

2 files changed

+48
-0
lines changed

2 files changed

+48
-0
lines changed

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.expected

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
11
edges
2+
| brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | provenance | |
3+
| brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | provenance | TaintFunction |
24
| zlibTest.cpp:52:25:52:25 | *a | zlibTest.cpp:63:25:63:35 | *a | provenance | |
35
| zlibTest.cpp:63:25:63:35 | *a | zlibTest.cpp:52:25:52:25 | *a | provenance | |
46
| zlibTest.cpp:63:25:63:35 | *a | zlibTest.cpp:69:17:69:26 | & ... | provenance | Config |
@@ -45,6 +47,9 @@ edges
4547
| zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument | zlibTest.cpp:174:19:174:66 | *access to array | provenance | |
4648
| zlibTest.cpp:174:19:174:66 | *access to array | zlibTest.cpp:156:41:156:45 | *input | provenance | |
4749
nodes
50+
| brotliTest.cpp:29:32:29:35 | **argv | semmle.label | **argv |
51+
| brotliTest.cpp:31:42:31:60 | *access to array | semmle.label | *access to array |
52+
| brotliTest.cpp:37:35:37:40 | *input2 | semmle.label | *input2 |
4853
| zlibTest.cpp:52:25:52:25 | *a | semmle.label | *a |
4954
| zlibTest.cpp:52:25:52:25 | *a | semmle.label | *a |
5055
| zlibTest.cpp:63:25:63:35 | *a | semmle.label | *a |
@@ -86,6 +91,8 @@ subpaths
8691
| zlibTest.cpp:171:19:171:25 | *access to array | zlibTest.cpp:52:25:52:25 | *a | zlibTest.cpp:52:25:52:25 | *a | zlibTest.cpp:171:19:171:25 | UnsafeInflate output argument |
8792
| zlibTest.cpp:172:18:172:24 | *access to array | zlibTest.cpp:93:24:93:31 | *fileName | zlibTest.cpp:93:24:93:31 | *fileName | zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument |
8893
#select
94+
| brotliTest.cpp:31:42:31:60 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
95+
| brotliTest.cpp:37:35:37:40 | *input2 | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
8996
| zlibTest.cpp:70:13:70:22 | & ... | zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:70:13:70:22 | & ... | This Decompression output $@. | zlibTest.cpp:168:27:168:30 | **argv | is not limited |
9097
| zlibTest.cpp:101:32:101:38 | inFileZ | zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:101:32:101:38 | inFileZ | This Decompression output $@. | zlibTest.cpp:168:27:168:30 | **argv | is not limited |
9198
| zlibTest.cpp:121:38:121:44 | inFileZ | zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:121:38:121:44 | inFileZ | This Decompression output $@. | zlibTest.cpp:168:27:168:30 | **argv | is not limited |

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/brotliTest.cpp

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
typedef long unsigned int size_t;
2+
typedef unsigned char uint8_t;
3+
typedef enum {
4+
} BrotliDecoderResult;
5+
6+
BrotliDecoderResult BrotliDecoderDecompress(
7+
size_t encoded_size,
8+
const uint8_t encoded_buffer[],
9+
size_t *decoded_size,
10+
uint8_t decoded_buffer[]) { return static_cast<BrotliDecoderResult>(0); };
11+
12+
struct {
13+
} BrotliDecoderStateStruct;
14+
15+
void strncpy(char *string, const char *string1, int i);
16+
17+
typedef struct BrotliDecoderStateStruct BrotliDecoderState;
18+
19+
BrotliDecoderResult BrotliDecoderDecompressStream(
20+
BrotliDecoderState *state, size_t *available_in, const uint8_t **next_in,
21+
size_t *available_out, uint8_t **next_out, size_t *total_out) { return static_cast<BrotliDecoderResult>(0); };
22+
23+
namespace std {
24+
void strncpy(char *string, const char *string1, int i) {
25+
26+
}
27+
}
28+
29+
int main(int argc, const char *argv[]) {
30+
uint8_t *output = nullptr;
31+
BrotliDecoderDecompress(1024 * 1024, (uint8_t *) argv[2],
32+
reinterpret_cast<size_t *>(1024 * 1024 * 1024), output);
33+
uint8_t **output2 = nullptr;
34+
const uint8_t **input2 = nullptr;
35+
std::strncpy(reinterpret_cast<char *>(input2), argv[2], 32);
36+
BrotliDecoderDecompressStream(0, reinterpret_cast<size_t *>(1024 * 1024),
37+
input2, reinterpret_cast<size_t *>(1024 * 1024 * 1024),
38+
output2,
39+
reinterpret_cast<size_t *>(1024 * 1024 * 1024));
40+
return 0;
41+
}

0 commit comments

Comments
 (0)