From a60afef9233bb7e993be3915b2e2c7823036e689 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 6 Mar 2024 16:37:04 -0800 Subject: [PATCH 1/6] C++: Add a local flow test file for IR dataflow. --- .../dataflow-tests/localFlow-ir.expected | 160 ++++++++++++++++++ .../dataflow/dataflow-tests/localFlow-ir.ql | 8 + 2 files changed, 168 insertions(+) create mode 100644 cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.expected create mode 100644 cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.ql diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.expected new file mode 100644 index 000000000000..1fa924a11ce2 --- /dev/null +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.expected @@ -0,0 +1,160 @@ +| example.c:15:37:15:37 | **b | example.c:15:37:15:37 | **b | +| example.c:15:37:15:37 | **b | example.c:15:37:15:37 | **b | +| example.c:15:37:15:37 | **b | example.c:15:37:15:37 | *b | +| example.c:15:37:15:37 | **b | example.c:19:6:19:6 | *b | +| example.c:15:37:15:37 | *b | example.c:15:37:15:37 | **b | +| example.c:15:37:15:37 | *b | example.c:15:37:15:37 | *b | +| example.c:15:37:15:37 | *b | example.c:15:37:15:37 | *b | +| example.c:15:37:15:37 | *b | example.c:15:37:15:37 | b | +| example.c:15:37:15:37 | *b | example.c:19:6:19:6 | b | +| example.c:15:37:15:37 | b | example.c:15:37:15:37 | *b | +| example.c:15:37:15:37 | b | example.c:15:37:15:37 | b | +| example.c:15:37:15:37 | b | example.c:15:37:15:37 | b | +| example.c:15:44:15:46 | pos | example.c:24:24:24:26 | pos | +| example.c:17:11:17:16 | *definition of coords | example.c:17:11:17:16 | *definition of coords | +| example.c:17:11:17:16 | *definition of coords | example.c:17:11:17:16 | *definition of coords | +| example.c:17:11:17:16 | *definition of coords | example.c:17:11:17:16 | *definition of coords | +| example.c:17:11:17:16 | *definition of coords | example.c:17:11:17:16 | *definition of coords | +| example.c:17:11:17:16 | *definition of coords | example.c:24:13:24:18 | *coords | +| example.c:17:11:17:16 | *definition of coords [post update] | example.c:17:11:17:16 | *definition of coords | +| example.c:17:11:17:16 | *definition of coords [post update] | example.c:24:13:24:18 | *coords | +| example.c:17:11:17:16 | definition of coords | example.c:17:11:17:16 | *definition of coords | +| example.c:17:11:17:16 | definition of coords | example.c:17:11:17:16 | definition of coords | +| example.c:17:11:17:16 | definition of coords | example.c:17:11:17:16 | definition of coords | +| example.c:17:11:17:16 | definition of coords | example.c:17:11:17:16 | definition of coords | +| example.c:17:19:17:22 | {...} | example.c:17:19:17:22 | {...} | +| example.c:17:21:17:21 | 0 | example.c:17:21:17:21 | 0 | +| example.c:19:6:19:6 | *b | example.c:15:37:15:37 | *b | +| example.c:19:6:19:6 | *b [post update] | example.c:15:37:15:37 | *b | +| example.c:19:6:19:6 | *b [post update] | example.c:19:6:19:6 | *b | +| example.c:19:6:19:6 | b [post update] | example.c:19:6:19:6 | b | +| example.c:24:2:24:7 | *coords | example.c:26:18:26:24 | *& ... | +| example.c:24:2:24:7 | *coords [post update] | example.c:26:18:26:24 | *& ... | +| example.c:24:13:24:18 | *coords | example.c:24:2:24:7 | *coords | +| example.c:24:13:24:18 | *coords [post update] | example.c:24:2:24:7 | *coords | +| example.c:24:13:24:30 | ... = ... | example.c:24:2:24:30 | ... = ... | +| example.c:24:20:24:20 | *y | example.c:24:20:24:20 | *y | +| example.c:24:20:24:20 | y | example.c:24:20:24:20 | y | +| example.c:24:20:24:20 | y | example.c:24:20:24:20 | y | +| example.c:24:24:24:26 | pos | example.c:28:14:28:25 | *& ... | +| example.c:24:24:24:30 | ... + ... | example.c:24:13:24:30 | ... = ... | +| example.c:26:13:26:16 | call to getX | example.c:26:2:26:25 | ... = ... | +| example.c:26:18:26:24 | *& ... | example.c:26:2:26:7 | *coords | +| example.c:26:18:26:24 | getX output argument | example.c:26:2:26:7 | *coords | +| example.c:26:19:26:24 | *coords | example.c:26:18:26:24 | *& ... | +| example.c:26:19:26:24 | coords | example.c:26:18:26:24 | & ... | +| example.c:28:22:28:25 | & ... | example.c:28:14:28:25 | & ... | +| example.c:28:22:28:25 | *& ... | example.c:28:14:28:25 | *& ... | +| example.c:28:23:28:25 | *pos | example.c:28:22:28:25 | *& ... | +| example.c:28:23:28:25 | pos | example.c:28:22:28:25 | & ... | +| test.cpp:6:12:6:17 | call to source | test.cpp:6:12:6:17 | call to source | +| test.cpp:6:12:6:17 | call to source | test.cpp:7:8:7:9 | t1 | +| test.cpp:7:8:7:9 | t1 | test.cpp:8:8:8:9 | t1 | +| test.cpp:8:3:8:9 | ... = ... | test.cpp:10:8:10:9 | t2 | +| test.cpp:8:8:8:9 | t1 | test.cpp:8:3:8:9 | ... = ... | +| test.cpp:8:8:8:9 | t1 | test.cpp:9:8:9:9 | t1 | +| test.cpp:9:8:9:9 | t1 | test.cpp:11:7:11:8 | t1 | +| test.cpp:10:8:10:9 | t2 | test.cpp:15:3:15:6 | Phi | +| test.cpp:12:5:12:10 | ... = ... | test.cpp:13:10:13:11 | t2 | +| test.cpp:12:10:12:10 | 0 | test.cpp:12:5:12:10 | ... = ... | +| test.cpp:13:10:13:11 | t2 | test.cpp:15:3:15:6 | Phi | +| test.cpp:15:3:15:6 | Phi | test.cpp:15:8:15:9 | t2 | +| test.cpp:15:3:15:6 | Phi | test.cpp:15:8:15:9 | t2 | +| test.cpp:15:8:15:9 | t2 | test.cpp:23:19:23:19 | Phi | +| test.cpp:15:8:15:9 | t2 | test.cpp:23:19:23:19 | Phi | +| test.cpp:17:3:17:8 | ... = ... | test.cpp:21:8:21:9 | t1 | +| test.cpp:17:8:17:8 | 0 | test.cpp:17:3:17:8 | ... = ... | +| test.cpp:21:8:21:9 | t1 | test.cpp:23:19:23:19 | Phi | +| test.cpp:23:15:23:16 | 0 | test.cpp:23:15:23:16 | 0 | +| test.cpp:23:15:23:16 | 0 | test.cpp:23:19:23:19 | Phi | +| test.cpp:23:19:23:19 | Phi | test.cpp:23:19:23:19 | i | +| test.cpp:23:19:23:19 | Phi | test.cpp:23:19:23:19 | i | +| test.cpp:23:19:23:19 | Phi | test.cpp:23:23:23:24 | t1 | +| test.cpp:23:19:23:19 | Phi | test.cpp:23:23:23:24 | t1 | +| test.cpp:23:19:23:19 | Phi | test.cpp:24:10:24:11 | t2 | +| test.cpp:23:19:23:19 | Phi | test.cpp:24:10:24:11 | t2 | +| test.cpp:23:19:23:19 | i | test.cpp:23:27:23:27 | i | +| test.cpp:23:19:23:19 | i | test.cpp:23:27:23:27 | i | +| test.cpp:23:23:23:24 | t1 | test.cpp:23:19:23:19 | Phi | +| test.cpp:23:23:23:24 | t1 | test.cpp:26:8:26:9 | t1 | +| test.cpp:23:23:23:24 | t1 | test.cpp:26:8:26:9 | t1 | +| test.cpp:23:27:23:27 | *i | test.cpp:23:27:23:27 | *i | +| test.cpp:23:27:23:27 | *i | test.cpp:23:27:23:27 | i | +| test.cpp:23:27:23:27 | i | test.cpp:23:19:23:19 | Phi | +| test.cpp:23:27:23:27 | i | test.cpp:23:27:23:27 | i | +| test.cpp:23:27:23:27 | i | test.cpp:23:27:23:27 | i | +| test.cpp:23:27:23:29 | ... ++ | test.cpp:23:19:23:19 | Phi | +| test.cpp:23:27:23:29 | ... ++ | test.cpp:23:27:23:29 | ... ++ | +| test.cpp:24:5:24:11 | ... = ... | test.cpp:23:19:23:19 | Phi | +| test.cpp:24:10:24:11 | t2 | test.cpp:23:19:23:19 | Phi | +| test.cpp:24:10:24:11 | t2 | test.cpp:23:19:23:19 | Phi | +| test.cpp:24:10:24:11 | t2 | test.cpp:24:5:24:11 | ... = ... | +| test.cpp:382:48:382:54 | source1 | test.cpp:384:16:384:23 | *& ... | +| test.cpp:383:12:383:13 | 0 | test.cpp:383:12:383:13 | 0 | +| test.cpp:383:12:383:13 | 0 | test.cpp:384:10:384:13 | *& ... | +| test.cpp:384:10:384:13 | & ... | test.cpp:384:3:384:8 | call to memcpy | +| test.cpp:384:10:384:13 | & ... | test.cpp:384:10:384:13 | & ... | +| test.cpp:384:10:384:13 | *& ... | test.cpp:384:10:384:13 | *& ... | +| test.cpp:384:10:384:13 | memcpy output argument | test.cpp:385:8:385:10 | tmp | +| test.cpp:384:11:384:13 | *tmp | test.cpp:384:10:384:13 | *& ... | +| test.cpp:384:11:384:13 | tmp | test.cpp:384:10:384:13 | & ... | +| test.cpp:384:16:384:23 | & ... | test.cpp:384:16:384:23 | & ... | +| test.cpp:384:16:384:23 | *& ... | test.cpp:384:3:384:8 | **call to memcpy | +| test.cpp:384:16:384:23 | *& ... | test.cpp:384:3:384:8 | *call to memcpy | +| test.cpp:384:16:384:23 | *& ... | test.cpp:384:10:384:13 | memcpy output argument | +| test.cpp:384:16:384:23 | *& ... | test.cpp:384:16:384:23 | *& ... | +| test.cpp:384:16:384:23 | **(const void *)... | test.cpp:384:3:384:8 | **call to memcpy | +| test.cpp:384:16:384:23 | **(const void *)... | test.cpp:384:10:384:13 | memcpy output argument | +| test.cpp:384:17:384:23 | *source1 | test.cpp:384:16:384:23 | *& ... | +| test.cpp:384:17:384:23 | source1 | test.cpp:384:16:384:23 | & ... | +| test.cpp:388:53:388:59 | source1 | test.cpp:391:16:391:23 | *& ... | +| test.cpp:388:66:388:66 | b | test.cpp:393:7:393:7 | b | +| test.cpp:389:12:389:13 | 0 | test.cpp:389:12:389:13 | 0 | +| test.cpp:389:12:389:13 | 0 | test.cpp:390:18:390:21 | *& ... | +| test.cpp:390:18:390:21 | & ... | test.cpp:390:18:390:21 | & ... | +| test.cpp:390:18:390:21 | *& ... | test.cpp:390:18:390:21 | *& ... | +| test.cpp:390:18:390:21 | *& ... | test.cpp:391:10:391:13 | *& ... | +| test.cpp:390:19:390:21 | *tmp | test.cpp:390:18:390:21 | *& ... | +| test.cpp:390:19:390:21 | tmp | test.cpp:390:18:390:21 | & ... | +| test.cpp:391:10:391:13 | & ... | test.cpp:391:3:391:8 | call to memcpy | +| test.cpp:391:10:391:13 | & ... | test.cpp:391:10:391:13 | & ... | +| test.cpp:391:10:391:13 | *& ... | test.cpp:391:10:391:13 | *& ... | +| test.cpp:391:10:391:13 | memcpy output argument | test.cpp:392:8:392:10 | tmp | +| test.cpp:391:11:391:13 | *tmp | test.cpp:391:10:391:13 | *& ... | +| test.cpp:391:11:391:13 | tmp | test.cpp:391:10:391:13 | & ... | +| test.cpp:391:16:391:23 | & ... | test.cpp:391:16:391:23 | & ... | +| test.cpp:391:16:391:23 | *& ... | test.cpp:391:3:391:8 | **call to memcpy | +| test.cpp:391:16:391:23 | *& ... | test.cpp:391:3:391:8 | *call to memcpy | +| test.cpp:391:16:391:23 | *& ... | test.cpp:391:10:391:13 | memcpy output argument | +| test.cpp:391:16:391:23 | *& ... | test.cpp:391:16:391:23 | *& ... | +| test.cpp:391:16:391:23 | **(const void *)... | test.cpp:391:3:391:8 | **call to memcpy | +| test.cpp:391:16:391:23 | **(const void *)... | test.cpp:391:10:391:13 | memcpy output argument | +| test.cpp:391:17:391:23 | *source1 | test.cpp:391:16:391:23 | *& ... | +| test.cpp:391:17:391:23 | source1 | test.cpp:391:16:391:23 | & ... | +| test.cpp:392:8:392:10 | tmp | test.cpp:394:10:394:12 | tmp | +| test.cpp:487:67:487:67 | **s | test.cpp:487:67:487:67 | **s | +| test.cpp:487:67:487:67 | **s | test.cpp:487:67:487:67 | **s | +| test.cpp:487:67:487:67 | **s | test.cpp:487:67:487:67 | *s | +| test.cpp:487:67:487:67 | **s | test.cpp:488:21:488:21 | *s | +| test.cpp:487:67:487:67 | *s | test.cpp:487:67:487:67 | **s | +| test.cpp:487:67:487:67 | *s | test.cpp:487:67:487:67 | *s | +| test.cpp:487:67:487:67 | *s | test.cpp:487:67:487:67 | *s | +| test.cpp:487:67:487:67 | *s | test.cpp:487:67:487:67 | s | +| test.cpp:487:67:487:67 | *s | test.cpp:488:21:488:21 | s | +| test.cpp:487:67:487:67 | s | test.cpp:487:67:487:67 | *s | +| test.cpp:487:67:487:67 | s | test.cpp:487:67:487:67 | s | +| test.cpp:487:67:487:67 | s | test.cpp:487:67:487:67 | s | +| test.cpp:488:21:488:21 | *s | test.cpp:489:20:489:20 | *s | +| test.cpp:488:21:488:21 | *s [post update] | test.cpp:489:20:489:20 | *s | +| test.cpp:488:21:488:21 | s | test.cpp:489:20:489:20 | s | +| test.cpp:488:21:488:21 | s [post update] | test.cpp:489:20:489:20 | s | +| test.cpp:488:24:488:30 | *content | test.cpp:488:21:488:30 | *content | +| test.cpp:488:24:488:30 | content | test.cpp:488:21:488:30 | content | +| test.cpp:489:20:489:20 | *s | test.cpp:487:67:487:67 | *s | +| test.cpp:489:20:489:20 | *s [post update] | test.cpp:487:67:487:67 | *s | +| test.cpp:489:20:489:20 | *s [post update] | test.cpp:489:20:489:20 | *s | +| test.cpp:489:20:489:20 | s [post update] | test.cpp:489:20:489:20 | s | +| test.cpp:489:23:489:29 | *content | test.cpp:489:23:489:29 | *content | +| test.cpp:489:23:489:29 | *content | test.cpp:490:8:490:17 | * ... | +| test.cpp:489:23:489:29 | content | test.cpp:489:23:489:29 | content | +| test.cpp:489:23:489:29 | content | test.cpp:490:9:490:17 | p_content | diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.ql b/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.ql new file mode 100644 index 000000000000..7a908a6e3f23 --- /dev/null +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.ql @@ -0,0 +1,8 @@ +import cpp +import semmle.code.cpp.dataflow.new.DataFlow + +from DataFlow::Node nodeFrom, DataFlow::Node nodeTo +where + DataFlow::localFlowStep(nodeFrom, nodeTo) and + nodeFrom.getFunction().getName().matches("%\\_with\\_local\\_flow") +select nodeFrom, nodeTo From cc754858c6f8a4420cd31715d19563b6d4bdf5da Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 6 Mar 2024 18:12:58 -0800 Subject: [PATCH 2/6] C++: Add a testcase with missing flow out of the address of 'a' and to the argument of 'sink'. --- .../dataflow/dataflow-tests/dataflow-consistency.expected | 2 ++ .../dataflow/dataflow-tests/localFlow-ir.expected | 7 +++++++ .../dataflow/dataflow-tests/localFlow.expected | 7 +++++++ .../dataflow/dataflow-tests/test-source-sink.expected | 1 + cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp | 6 ++++++ .../dataflow/dataflow-tests/uninitialized.expected | 2 ++ 6 files changed, 25 insertions(+) diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected index 8b2b371a4e26..fa6958d92ea3 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected @@ -166,6 +166,8 @@ postWithInFlow | test.cpp:932:5:932:19 | * ... [post update] | PostUpdateNode should not be the target of local flow. | | test.cpp:932:6:932:19 | global_pointer [inner post update] | PostUpdateNode should not be the target of local flow. | | test.cpp:1045:9:1045:11 | ref arg buf | PostUpdateNode should not be the target of local flow. | +| test.cpp:1051:5:1051:11 | content [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:1052:9:1052:9 | a [inner post update] | PostUpdateNode should not be the target of local flow. | viableImplInCallContextTooLarge uniqueParameterNodeAtPosition uniqueParameterNodePosition diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.expected index 1fa924a11ce2..c8377f43d593 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.expected @@ -158,3 +158,10 @@ | test.cpp:489:23:489:29 | *content | test.cpp:490:8:490:17 | * ... | | test.cpp:489:23:489:29 | content | test.cpp:489:23:489:29 | content | | test.cpp:489:23:489:29 | content | test.cpp:490:9:490:17 | p_content | +| test.cpp:1050:12:1050:12 | definition of a | test.cpp:1051:3:1051:3 | *a | +| test.cpp:1051:3:1051:3 | *a | test.cpp:1052:8:1052:9 | *& ... | +| test.cpp:1051:3:1051:3 | *a [post update] | test.cpp:1052:8:1052:9 | *& ... | +| test.cpp:1051:15:1051:21 | 0 | test.cpp:1051:3:1051:21 | ... = ... | +| test.cpp:1051:15:1051:21 | *0 | test.cpp:1051:3:1051:21 | *... = ... | +| test.cpp:1052:9:1052:9 | *a | test.cpp:1052:8:1052:9 | *& ... | +| test.cpp:1052:9:1052:9 | a | test.cpp:1052:8:1052:9 | & ... | diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow.expected index 525e6b22da54..2f4c618a1308 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow.expected @@ -81,3 +81,10 @@ WARNING: Module DataFlow has been deprecated and may be removed in future (local | test.cpp:488:21:488:21 | s [post update] | test.cpp:489:20:489:20 | s | | test.cpp:488:24:488:30 | ref arg content | test.cpp:489:23:489:29 | content | | test.cpp:489:23:489:29 | content | test.cpp:490:9:490:17 | p_content | +| test.cpp:1050:12:1050:12 | a | test.cpp:1051:3:1051:3 | a | +| test.cpp:1050:12:1050:12 | a | test.cpp:1052:9:1052:9 | a | +| test.cpp:1051:3:1051:3 | a [post update] | test.cpp:1052:9:1052:9 | a | +| test.cpp:1051:3:1051:21 | ... = ... | test.cpp:1051:5:1051:11 | content [post update] | +| test.cpp:1051:15:1051:21 | 0 | test.cpp:1051:3:1051:21 | ... = ... | +| test.cpp:1052:8:1052:9 | ref arg & ... | test.cpp:1052:9:1052:9 | a [inner post update] | +| test.cpp:1052:9:1052:9 | a | test.cpp:1052:8:1052:9 | & ... | diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected index c9f90a60b6e4..e03ee68b8a35 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected @@ -123,6 +123,7 @@ astFlow | test.cpp:842:11:842:16 | call to source | test.cpp:844:8:844:8 | y | | test.cpp:846:13:846:27 | call to indirect_source | test.cpp:848:23:848:25 | rpx | | test.cpp:860:54:860:59 | call to source | test.cpp:861:10:861:37 | static_local_pointer_dynamic | +| test.cpp:1050:12:1050:12 | a | test.cpp:1052:8:1052:9 | & ... | | true_upon_entry.cpp:17:11:17:16 | call to source | true_upon_entry.cpp:21:8:21:8 | x | | true_upon_entry.cpp:27:9:27:14 | call to source | true_upon_entry.cpp:29:8:29:8 | x | | true_upon_entry.cpp:33:11:33:16 | call to source | true_upon_entry.cpp:39:8:39:8 | x | diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp index b36c289aaf1d..b2bff6327c56 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp @@ -1044,4 +1044,10 @@ void* memset(void*, int, size_t); void memset_test(char* buf) { // $ ast-def=buf ir-def=*buf memset(buf, source(), 10); sink(*buf); // $ ir MISSING: ast +} + +void flow_out_of_address_with_local_flow() { + MyStruct a; + a.content = nullptr; + sink(&a); // $ SPURIOUS: ast } \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected index 39fb882940d6..fc230b0ed20d 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected @@ -54,3 +54,5 @@ | test.cpp:796:12:796:12 | a | test.cpp:797:20:797:20 | a | | test.cpp:796:12:796:12 | a | test.cpp:797:31:797:31 | a | | test.cpp:796:12:796:12 | a | test.cpp:798:17:798:17 | a | +| test.cpp:1050:12:1050:12 | a | test.cpp:1051:3:1051:3 | a | +| test.cpp:1050:12:1050:12 | a | test.cpp:1052:9:1052:9 | a | From 84797b90918d82f21c8011ea88aa35781fa63918 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 6 Mar 2024 16:25:36 -0800 Subject: [PATCH 3/6] C++: Refactor the address out of 'DefImpl' and into a new abstract class 'OperandBasedDef'. --- .../cpp/ir/dataflow/internal/SsaInternals.qll | 24 ++++++++++++------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index 5f254ee12b76..7304a70dcf2d 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -256,23 +256,29 @@ private predicate sourceVariableHasBaseAndIndex(SourceVariable v, BaseSourceVari } abstract class DefImpl extends DefOrUseImpl { - Operand address; int ind; bindingset[ind] DefImpl() { any() } - abstract int getIndirection(); + override int getIndirectionIndex() { result = ind } - abstract Node0Impl getValue(); + override string toString() { result = "Def of " + this.getSourceVariable() } + + abstract int getIndirection(); abstract predicate isCertain(); - Operand getAddressOperand() { result = address } + abstract Node0Impl getValue(); +} - override int getIndirectionIndex() { result = ind } +abstract class OperandBasedDef extends DefImpl { + Operand address; - override string toString() { result = "Def of " + this.getSourceVariable() } + bindingset[ind] + OperandBasedDef() { any() } + + Operand getAddressOperand() { result = address } override Cpp::Location getLocation() { result = this.getAddressOperand().getUse().getLocation() } @@ -281,7 +287,7 @@ abstract class DefImpl extends DefOrUseImpl { } } -private class DirectDef extends DefImpl, TDefImpl { +private class DirectDef extends OperandBasedDef, TDefImpl { BaseSourceVariableInstruction base; DirectDef() { this = TDefImpl(base, address, ind) } @@ -295,7 +301,7 @@ private class DirectDef extends DefImpl, TDefImpl { override predicate isCertain() { isDef(true, _, address, base, _, ind) } } -private class IteratorDef extends DefImpl, TIteratorDef { +private class IteratorDef extends OperandBasedDef, TIteratorDef { BaseSourceVariableInstruction container; IteratorDef() { this = TIteratorDef(address, container, ind) } @@ -1178,7 +1184,7 @@ class UseOrPhi extends SsaDefOrUse { class Def extends DefOrUse { override DefImpl defOrUse; - Operand getAddressOperand() { result = defOrUse.getAddressOperand() } + Operand getAddressOperand() { result = defOrUse.(OperandBasedDef).getAddressOperand() } Instruction getAddress() { result = this.getAddressOperand().getDef() } From cf162aa41240ccb9bd7ae39c2c6c068a4b3644eb Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 6 Mar 2024 16:26:11 -0800 Subject: [PATCH 4/6] C++: Add an explicit definition of the address of an IRVariable. --- .../cpp/ir/dataflow/internal/SsaInternals.qll | 37 ++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index 7304a70dcf2d..c036343544c4 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -103,6 +103,7 @@ predicate hasRawIndirectInstruction(Instruction instr, int indirectionIndex) { cached private newtype TDefOrUseImpl = + TDefAddressImpl(BaseIRVariable v) or TDefImpl(BaseSourceVariableInstruction base, Operand address, int indirectionIndex) { isDef(_, _, address, base, _, indirectionIndex) } or @@ -272,7 +273,41 @@ abstract class DefImpl extends DefOrUseImpl { abstract Node0Impl getValue(); } -abstract class OperandBasedDef extends DefImpl { +/** An initial definition of an `IRVariable`'s address. */ +private class DefAddressImpl extends DefImpl, TDefAddressImpl { + BaseIRVariable v; + + DefAddressImpl() { + this = TDefAddressImpl(v) and + ind = 0 + } + + final override int getIndirection() { result = 0 } + + final override predicate isCertain() { any() } + + final override Node0Impl getValue() { none() } + + final override predicate hasIndexInBlock(IRBlock block, int index) { + block = v.getIRVariable().getEnclosingIRFunction().getEntryBlock() and + index = 0 + } + + override Cpp::Location getLocation() { result = v.getIRVariable().getLocation() } + + final override SourceVariable getSourceVariable() { + result.getBaseVariable() = v and + result.getIndirection() = 0 + } + + final override BaseSourceVariableInstruction getBase() { none() } +} + +/** + * An SSA definition that has an associated `Operand` representing the address + * that is being written to. + */ +abstract private class OperandBasedDef extends DefImpl { Operand address; bindingset[ind] From 4c9876b008015f682ad3a94b93c244b46950fc3f Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 6 Mar 2024 18:15:04 -0800 Subject: [PATCH 5/6] C++: Accept test changes. --- .../dataflow-tests/localFlow-ir.expected | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.expected index c8377f43d593..0e33430cde79 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.expected @@ -10,6 +10,7 @@ | example.c:15:37:15:37 | b | example.c:15:37:15:37 | *b | | example.c:15:37:15:37 | b | example.c:15:37:15:37 | b | | example.c:15:37:15:37 | b | example.c:15:37:15:37 | b | +| example.c:15:37:15:37 | b | example.c:19:6:19:6 | b | | example.c:15:44:15:46 | pos | example.c:24:24:24:26 | pos | | example.c:17:11:17:16 | *definition of coords | example.c:17:11:17:16 | *definition of coords | | example.c:17:11:17:16 | *definition of coords | example.c:17:11:17:16 | *definition of coords | @@ -22,6 +23,10 @@ | example.c:17:11:17:16 | definition of coords | example.c:17:11:17:16 | definition of coords | | example.c:17:11:17:16 | definition of coords | example.c:17:11:17:16 | definition of coords | | example.c:17:11:17:16 | definition of coords | example.c:17:11:17:16 | definition of coords | +| example.c:17:11:17:16 | definition of coords | example.c:17:11:17:16 | definition of coords | +| example.c:17:11:17:16 | definition of coords | example.c:24:13:24:18 | coords | +| example.c:17:11:17:16 | definition of coords [post update] | example.c:17:11:17:16 | definition of coords | +| example.c:17:11:17:16 | definition of coords [post update] | example.c:24:13:24:18 | coords | | example.c:17:19:17:22 | {...} | example.c:17:19:17:22 | {...} | | example.c:17:21:17:21 | 0 | example.c:17:21:17:21 | 0 | | example.c:19:6:19:6 | *b | example.c:15:37:15:37 | *b | @@ -30,17 +35,24 @@ | example.c:19:6:19:6 | b [post update] | example.c:19:6:19:6 | b | | example.c:24:2:24:7 | *coords | example.c:26:18:26:24 | *& ... | | example.c:24:2:24:7 | *coords [post update] | example.c:26:18:26:24 | *& ... | +| example.c:24:2:24:7 | coords | example.c:26:18:26:24 | & ... | +| example.c:24:2:24:7 | coords [post update] | example.c:26:18:26:24 | & ... | | example.c:24:13:24:18 | *coords | example.c:24:2:24:7 | *coords | | example.c:24:13:24:18 | *coords [post update] | example.c:24:2:24:7 | *coords | +| example.c:24:13:24:18 | coords | example.c:24:2:24:7 | coords | +| example.c:24:13:24:18 | coords [post update] | example.c:24:2:24:7 | coords | | example.c:24:13:24:30 | ... = ... | example.c:24:2:24:30 | ... = ... | | example.c:24:20:24:20 | *y | example.c:24:20:24:20 | *y | | example.c:24:20:24:20 | y | example.c:24:20:24:20 | y | | example.c:24:20:24:20 | y | example.c:24:20:24:20 | y | +| example.c:24:24:24:26 | pos | example.c:28:14:28:25 | & ... | | example.c:24:24:24:26 | pos | example.c:28:14:28:25 | *& ... | | example.c:24:24:24:30 | ... + ... | example.c:24:13:24:30 | ... = ... | | example.c:26:13:26:16 | call to getX | example.c:26:2:26:25 | ... = ... | +| example.c:26:18:26:24 | & ... | example.c:26:2:26:7 | coords | | example.c:26:18:26:24 | *& ... | example.c:26:2:26:7 | *coords | | example.c:26:18:26:24 | getX output argument | example.c:26:2:26:7 | *coords | +| example.c:26:18:26:24 | pointer to getX output argument | example.c:26:2:26:7 | coords | | example.c:26:19:26:24 | *coords | example.c:26:18:26:24 | *& ... | | example.c:26:19:26:24 | coords | example.c:26:18:26:24 | & ... | | example.c:28:22:28:25 | & ... | example.c:28:14:28:25 | & ... | @@ -50,14 +62,21 @@ | test.cpp:6:12:6:17 | call to source | test.cpp:6:12:6:17 | call to source | | test.cpp:6:12:6:17 | call to source | test.cpp:7:8:7:9 | t1 | | test.cpp:7:8:7:9 | t1 | test.cpp:8:8:8:9 | t1 | +| test.cpp:7:8:7:9 | t1 | test.cpp:8:8:8:9 | t1 | | test.cpp:8:3:8:9 | ... = ... | test.cpp:10:8:10:9 | t2 | | test.cpp:8:8:8:9 | t1 | test.cpp:8:3:8:9 | ... = ... | | test.cpp:8:8:8:9 | t1 | test.cpp:9:8:9:9 | t1 | +| test.cpp:8:8:8:9 | t1 | test.cpp:9:8:9:9 | t1 | | test.cpp:9:8:9:9 | t1 | test.cpp:11:7:11:8 | t1 | +| test.cpp:9:8:9:9 | t1 | test.cpp:11:7:11:8 | t1 | +| test.cpp:10:8:10:9 | t2 | test.cpp:13:10:13:11 | t2 | +| test.cpp:10:8:10:9 | t2 | test.cpp:15:3:15:6 | Phi | | test.cpp:10:8:10:9 | t2 | test.cpp:15:3:15:6 | Phi | +| test.cpp:11:7:11:8 | t1 | test.cpp:21:8:21:9 | t1 | | test.cpp:12:5:12:10 | ... = ... | test.cpp:13:10:13:11 | t2 | | test.cpp:12:10:12:10 | 0 | test.cpp:12:5:12:10 | ... = ... | | test.cpp:13:10:13:11 | t2 | test.cpp:15:3:15:6 | Phi | +| test.cpp:13:10:13:11 | t2 | test.cpp:15:3:15:6 | Phi | | test.cpp:15:3:15:6 | Phi | test.cpp:15:8:15:9 | t2 | | test.cpp:15:3:15:6 | Phi | test.cpp:15:8:15:9 | t2 | | test.cpp:15:8:15:9 | t2 | test.cpp:23:19:23:19 | Phi | @@ -65,6 +84,7 @@ | test.cpp:17:3:17:8 | ... = ... | test.cpp:21:8:21:9 | t1 | | test.cpp:17:8:17:8 | 0 | test.cpp:17:3:17:8 | ... = ... | | test.cpp:21:8:21:9 | t1 | test.cpp:23:19:23:19 | Phi | +| test.cpp:21:8:21:9 | t1 | test.cpp:23:19:23:19 | Phi | | test.cpp:23:15:23:16 | 0 | test.cpp:23:15:23:16 | 0 | | test.cpp:23:15:23:16 | 0 | test.cpp:23:19:23:19 | Phi | | test.cpp:23:19:23:19 | Phi | test.cpp:23:19:23:19 | i | @@ -94,8 +114,10 @@ | test.cpp:383:12:383:13 | 0 | test.cpp:384:10:384:13 | *& ... | | test.cpp:384:10:384:13 | & ... | test.cpp:384:3:384:8 | call to memcpy | | test.cpp:384:10:384:13 | & ... | test.cpp:384:10:384:13 | & ... | +| test.cpp:384:10:384:13 | & ... | test.cpp:385:8:385:10 | tmp | | test.cpp:384:10:384:13 | *& ... | test.cpp:384:10:384:13 | *& ... | | test.cpp:384:10:384:13 | memcpy output argument | test.cpp:385:8:385:10 | tmp | +| test.cpp:384:10:384:13 | pointer to memcpy output argument | test.cpp:385:8:385:10 | tmp | | test.cpp:384:11:384:13 | *tmp | test.cpp:384:10:384:13 | *& ... | | test.cpp:384:11:384:13 | tmp | test.cpp:384:10:384:13 | & ... | | test.cpp:384:16:384:23 | & ... | test.cpp:384:16:384:23 | & ... | @@ -112,14 +134,17 @@ | test.cpp:389:12:389:13 | 0 | test.cpp:389:12:389:13 | 0 | | test.cpp:389:12:389:13 | 0 | test.cpp:390:18:390:21 | *& ... | | test.cpp:390:18:390:21 | & ... | test.cpp:390:18:390:21 | & ... | +| test.cpp:390:18:390:21 | & ... | test.cpp:391:10:391:13 | & ... | | test.cpp:390:18:390:21 | *& ... | test.cpp:390:18:390:21 | *& ... | | test.cpp:390:18:390:21 | *& ... | test.cpp:391:10:391:13 | *& ... | | test.cpp:390:19:390:21 | *tmp | test.cpp:390:18:390:21 | *& ... | | test.cpp:390:19:390:21 | tmp | test.cpp:390:18:390:21 | & ... | | test.cpp:391:10:391:13 | & ... | test.cpp:391:3:391:8 | call to memcpy | | test.cpp:391:10:391:13 | & ... | test.cpp:391:10:391:13 | & ... | +| test.cpp:391:10:391:13 | & ... | test.cpp:392:8:392:10 | tmp | | test.cpp:391:10:391:13 | *& ... | test.cpp:391:10:391:13 | *& ... | | test.cpp:391:10:391:13 | memcpy output argument | test.cpp:392:8:392:10 | tmp | +| test.cpp:391:10:391:13 | pointer to memcpy output argument | test.cpp:392:8:392:10 | tmp | | test.cpp:391:11:391:13 | *tmp | test.cpp:391:10:391:13 | *& ... | | test.cpp:391:11:391:13 | tmp | test.cpp:391:10:391:13 | & ... | | test.cpp:391:16:391:23 | & ... | test.cpp:391:16:391:23 | & ... | @@ -132,6 +157,7 @@ | test.cpp:391:17:391:23 | *source1 | test.cpp:391:16:391:23 | *& ... | | test.cpp:391:17:391:23 | source1 | test.cpp:391:16:391:23 | & ... | | test.cpp:392:8:392:10 | tmp | test.cpp:394:10:394:12 | tmp | +| test.cpp:392:8:392:10 | tmp | test.cpp:394:10:394:12 | tmp | | test.cpp:487:67:487:67 | **s | test.cpp:487:67:487:67 | **s | | test.cpp:487:67:487:67 | **s | test.cpp:487:67:487:67 | **s | | test.cpp:487:67:487:67 | **s | test.cpp:487:67:487:67 | *s | @@ -144,9 +170,11 @@ | test.cpp:487:67:487:67 | s | test.cpp:487:67:487:67 | *s | | test.cpp:487:67:487:67 | s | test.cpp:487:67:487:67 | s | | test.cpp:487:67:487:67 | s | test.cpp:487:67:487:67 | s | +| test.cpp:487:67:487:67 | s | test.cpp:488:21:488:21 | s | | test.cpp:488:21:488:21 | *s | test.cpp:489:20:489:20 | *s | | test.cpp:488:21:488:21 | *s [post update] | test.cpp:489:20:489:20 | *s | | test.cpp:488:21:488:21 | s | test.cpp:489:20:489:20 | s | +| test.cpp:488:21:488:21 | s | test.cpp:489:20:489:20 | s | | test.cpp:488:21:488:21 | s [post update] | test.cpp:489:20:489:20 | s | | test.cpp:488:24:488:30 | *content | test.cpp:488:21:488:30 | *content | | test.cpp:488:24:488:30 | content | test.cpp:488:21:488:30 | content | @@ -161,6 +189,8 @@ | test.cpp:1050:12:1050:12 | definition of a | test.cpp:1051:3:1051:3 | *a | | test.cpp:1051:3:1051:3 | *a | test.cpp:1052:8:1052:9 | *& ... | | test.cpp:1051:3:1051:3 | *a [post update] | test.cpp:1052:8:1052:9 | *& ... | +| test.cpp:1051:3:1051:3 | a | test.cpp:1052:8:1052:9 | & ... | +| test.cpp:1051:3:1051:3 | a [post update] | test.cpp:1052:8:1052:9 | & ... | | test.cpp:1051:15:1051:21 | 0 | test.cpp:1051:3:1051:21 | ... = ... | | test.cpp:1051:15:1051:21 | *0 | test.cpp:1051:3:1051:21 | *... = ... | | test.cpp:1052:9:1052:9 | *a | test.cpp:1052:8:1052:9 | *& ... | From a548316747c7c04a952585bae74497567a24322d Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 7 Mar 2024 13:55:31 -0800 Subject: [PATCH 6/6] C++: Accept test changes. --- .../TlsSettingsMisconfiguration.expected | 18 +----------------- .../query-tests/Likely Bugs/Protocols/test.cpp | 4 ++-- .../Likely Bugs/Protocols/test2.cpp | 2 +- .../Likely Bugs/Protocols/test3.cpp | 2 +- 4 files changed, 5 insertions(+), 21 deletions(-) diff --git a/cpp/ql/test/query-tests/Likely Bugs/Protocols/TlsSettingsMisconfiguration.expected b/cpp/ql/test/query-tests/Likely Bugs/Protocols/TlsSettingsMisconfiguration.expected index 021bf2094b83..f889cb12a684 100644 --- a/cpp/ql/test/query-tests/Likely Bugs/Protocols/TlsSettingsMisconfiguration.expected +++ b/cpp/ql/test/query-tests/Likely Bugs/Protocols/TlsSettingsMisconfiguration.expected @@ -1,9 +1,4 @@ -| test2.cpp:7:32:7:33 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:6:40:6:72 | sslv23 | sslv23 | test2.cpp:7:32:7:33 | call to context | no_sslv3 has not been set | -| test2.cpp:7:32:7:33 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:6:40:6:72 | sslv23 | sslv23 | test2.cpp:7:32:7:33 | call to context | no_tlsv1 has not been set | -| test2.cpp:7:32:7:33 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:6:40:6:72 | sslv23 | sslv23 | test2.cpp:7:32:7:33 | call to context | no_tlsv1_1 has not been set | | test2.cpp:15:32:15:33 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:14:40:14:72 | sslv23 | sslv23 | test2.cpp:15:32:15:33 | call to context | no_sslv3 has not been set | -| test2.cpp:15:32:15:33 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:14:40:14:72 | sslv23 | sslv23 | test2.cpp:15:32:15:33 | call to context | no_tlsv1 has not been set | -| test2.cpp:15:32:15:33 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:14:40:14:72 | sslv23 | sslv23 | test2.cpp:15:32:15:33 | call to context | no_tlsv1_1 has not been set | | test2.cpp:23:32:23:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:23:32:23:64 | sslv23 | sslv23 | test2.cpp:23:32:23:65 | call to context | no_sslv3 has not been set | | test2.cpp:23:32:23:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:23:32:23:64 | sslv23 | sslv23 | test2.cpp:23:32:23:65 | call to context | no_tlsv1 has not been set | | test2.cpp:23:32:23:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:23:32:23:64 | sslv23 | sslv23 | test2.cpp:23:32:23:65 | call to context | no_tlsv1_1 has not been set | @@ -19,22 +14,11 @@ | test2.cpp:52:32:52:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:52:32:52:64 | sslv23 | sslv23 | test2.cpp:52:32:52:65 | call to context | no_sslv3 has not been set | | test2.cpp:52:32:52:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:52:32:52:64 | sslv23 | sslv23 | test2.cpp:52:32:52:65 | call to context | no_tlsv1 has not been set | | test2.cpp:52:32:52:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:52:32:52:64 | sslv23 | sslv23 | test2.cpp:52:32:52:65 | call to context | no_tlsv1_1 has not been set | -| test3.cpp:7:32:7:62 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test3.cpp:7:32:7:61 | tls | tls | test3.cpp:7:32:7:62 | call to context | no_tlsv1 has not been set | | test3.cpp:7:32:7:62 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test3.cpp:7:32:7:61 | tls | tls | test3.cpp:7:32:7:62 | call to context | no_tlsv1_1 has not been set | -| test3.cpp:15:32:15:62 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test3.cpp:15:32:15:61 | tls | tls | test3.cpp:15:32:15:62 | call to context | no_tlsv1 has not been set | -| test3.cpp:15:32:15:62 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test3.cpp:15:32:15:61 | tls | tls | test3.cpp:15:32:15:62 | call to context | no_tlsv1_1 has not been set | -| test.cpp:11:32:11:69 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:11:32:11:68 | tls_client | tls_client | test.cpp:11:32:11:69 | call to context | no_tlsv1 has not been set | -| test.cpp:11:32:11:69 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:11:32:11:68 | tls_client | tls_client | test.cpp:11:32:11:69 | call to context | no_tlsv1_1 has not been set | -| test.cpp:17:32:17:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:17:32:17:64 | sslv23 | sslv23 | test.cpp:17:32:17:65 | call to context | no_sslv3 has not been set | -| test.cpp:17:32:17:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:17:32:17:64 | sslv23 | sslv23 | test.cpp:17:32:17:65 | call to context | no_tlsv1 has not been set | -| test.cpp:17:32:17:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:17:32:17:64 | sslv23 | sslv23 | test.cpp:17:32:17:65 | call to context | no_tlsv1_1 has not been set | | test.cpp:25:32:25:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:25:32:25:64 | sslv23 | sslv23 | test.cpp:25:32:25:65 | call to context | no_sslv3 has not been set | -| test.cpp:25:32:25:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:25:32:25:64 | sslv23 | sslv23 | test.cpp:25:32:25:65 | call to context | no_tlsv1 has not been set | -| test.cpp:25:32:25:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:25:32:25:64 | sslv23 | sslv23 | test.cpp:25:32:25:65 | call to context | no_tlsv1_1 has not been set | | test.cpp:31:32:31:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:31:32:31:64 | sslv23 | sslv23 | test.cpp:31:32:31:65 | call to context | no_sslv3 has not been set | | test.cpp:31:32:31:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:31:32:31:64 | sslv23 | sslv23 | test.cpp:31:32:31:65 | call to context | no_tlsv1 has not been set | | test.cpp:31:32:31:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:31:32:31:64 | sslv23 | sslv23 | test.cpp:31:32:31:65 | call to context | no_tlsv1_1 has not been set | | test.cpp:36:32:36:62 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:36:32:36:61 | tls | tls | test.cpp:36:32:36:62 | call to context | no_tlsv1 has not been set | | test.cpp:36:32:36:62 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:36:32:36:61 | tls | tls | test.cpp:36:32:36:62 | call to context | no_tlsv1_1 has not been set | -| test.cpp:41:32:41:62 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:41:32:41:61 | tls | tls | test.cpp:41:32:41:62 | call to context | no_tlsv1 has not been set | -| test.cpp:41:32:41:62 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:41:32:41:61 | tls | tls | test.cpp:41:32:41:62 | call to context | no_tlsv1_1 has not been set | +| test.cpp:41:32:41:62 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:41:32:41:61 | tls | tls | test.cpp:43:6:43:16 | call to set_options | no_tlsv1_2 was set | diff --git a/cpp/ql/test/query-tests/Likely Bugs/Protocols/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/Protocols/test.cpp index 3e04e15fc89e..5c2c2d6e3574 100644 --- a/cpp/ql/test/query-tests/Likely Bugs/Protocols/test.cpp +++ b/cpp/ql/test/query-tests/Likely Bugs/Protocols/test.cpp @@ -8,13 +8,13 @@ void SetOptionsNoOldTls(boost::asio::ssl::context& ctx) void TestProperConfiguration_inter_CorrectUsage01() { - boost::asio::ssl::context ctx(boost::asio::ssl::context::tls_client); // GOOD [FALSE POSITIVE] + boost::asio::ssl::context ctx(boost::asio::ssl::context::tls_client); // GOOD SetOptionsNoOldTls(ctx); } void TestProperConfiguration_inter_CorrectUsage02() { - boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23); // GOOD [FALSE POSITIVE] + boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23); // GOOD ctx.set_options(boost::asio::ssl::context::no_tlsv1 | boost::asio::ssl::context::no_tlsv1_1 | boost::asio::ssl::context::no_sslv3); diff --git a/cpp/ql/test/query-tests/Likely Bugs/Protocols/test2.cpp b/cpp/ql/test/query-tests/Likely Bugs/Protocols/test2.cpp index 40f8acf17ea4..e8c802d69020 100644 --- a/cpp/ql/test/query-tests/Likely Bugs/Protocols/test2.cpp +++ b/cpp/ql/test/query-tests/Likely Bugs/Protocols/test2.cpp @@ -2,7 +2,7 @@ void good1() { - // GOOD [FALSE POSITIVE] + // GOOD boost::asio::ssl::context::method m = boost::asio::ssl::context::sslv23; boost::asio::ssl::context ctx(m); ctx.set_options(boost::asio::ssl::context::no_tlsv1 | boost::asio::ssl::context::no_tlsv1_1 | boost::asio::ssl::context::no_sslv3); diff --git a/cpp/ql/test/query-tests/Likely Bugs/Protocols/test3.cpp b/cpp/ql/test/query-tests/Likely Bugs/Protocols/test3.cpp index ebbd0417f3ee..c9932b31618d 100644 --- a/cpp/ql/test/query-tests/Likely Bugs/Protocols/test3.cpp +++ b/cpp/ql/test/query-tests/Likely Bugs/Protocols/test3.cpp @@ -13,7 +13,7 @@ void useTLS_bad() void useTLS_good() { boost::asio::ssl::context ctx(boost::asio::ssl::context::tls); - ctx.set_options(boost::asio::ssl::context::no_tlsv1 | boost::asio::ssl::context::no_tlsv1_1); // GOOD [FALSE POSITIVE] + ctx.set_options(boost::asio::ssl::context::no_tlsv1 | boost::asio::ssl::context::no_tlsv1_1); // GOOD // ... }