From 33494fe9e1ffdce3c5c22c9d5e32717d33c651c6 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 27 Oct 2023 16:22:03 +0100 Subject: [PATCH] C++: Extend the taint model and accept test changes. --- cpp/ql/lib/semmle/code/cpp/models/implementations/Strtol.qll | 3 +++ .../library-tests/dataflow/taint-tests/localTaint.expected | 1 + cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp | 4 ++-- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Strtol.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Strtol.qll index 6f91f0fcfdb..30e95622924 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Strtol.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Strtol.qll @@ -25,6 +25,9 @@ private class Strtol extends AliasFunction, ArrayFunction, TaintFunction, SideEf input.isParameterDeref(0) ) and output.isReturnValue() + or + input.isParameter(0) and + output.isParameterDeref(1) } override predicate parameterNeverEscapes(int i) { diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index b2d56dd3665..ceb3cde9a8e 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -6636,6 +6636,7 @@ WARNING: Module TaintTracking has been deprecated and may be removed in future ( | taint.cpp:728:17:728:23 | 0 | taint.cpp:732:8:732:13 | endptr | | | taint.cpp:729:11:729:16 | call to strtol | taint.cpp:730:7:730:7 | l | | | taint.cpp:729:18:729:23 | source | taint.cpp:729:11:729:16 | call to strtol | TAINT | +| taint.cpp:729:18:729:23 | source | taint.cpp:729:26:729:32 | ref arg & ... | TAINT | | taint.cpp:729:26:729:32 | ref arg & ... | taint.cpp:729:27:729:32 | endptr [inner post update] | | | taint.cpp:729:26:729:32 | ref arg & ... | taint.cpp:731:7:731:12 | endptr | | | taint.cpp:729:26:729:32 | ref arg & ... | taint.cpp:732:8:732:13 | endptr | | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp index d1f4d3837ba..e479d7a11e0 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp @@ -728,6 +728,6 @@ void test_strtol(char *source) { char* endptr = nullptr; long l = strtol(source, &endptr, 10); sink(l); // $ ast,ir - sink(endptr); // $ MISSING: ast,ir - sink(*endptr); // $ MISSING: ast,ir + sink(endptr); // $ ast,ir + sink(*endptr); // $ ast,ir } \ No newline at end of file