wip

github · Dec 11, 2024 · b2f05c7 · b2f05c7
1 parent 4f7e97b
commit b2f05c7
Show file tree

Hide file tree

Showing 11 changed files with 6 additions and 107 deletions.
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
@@ -5,15 +5,13 @@ edges
 | overflowdestination.cpp:27:2:27:15 | *... = ... | overflowdestination.cpp:30:17:30:20 | *arg1 | provenance |  |
 | overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | *src | provenance |  |
 | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | *src | provenance |  |
-| overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | *src [Reverse] | provenance | DataFlowFunction |
 | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:53:15:53:17 | *src | provenance |  |
 | overflowdestination.cpp:57:52:57:54 | *src | overflowdestination.cpp:60:15:60:17 | *src | provenance |  |
 | overflowdestination.cpp:60:15:60:17 | *src | overflowdestination.cpp:64:16:64:19 | *src2 | provenance |  |
 | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:75:30:75:32 | *src | provenance |  |
 | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:76:30:76:32 | *src | provenance |  |
 | overflowdestination.cpp:75:30:75:32 | *src | overflowdestination.cpp:50:52:50:54 | *src | provenance |  |
 | overflowdestination.cpp:75:30:75:32 | *src | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | provenance |  |
-| overflowdestination.cpp:75:30:75:32 | *src | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | provenance | DataFlowFunction |
 | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | overflowdestination.cpp:76:30:76:32 | *src | provenance |  |
 | overflowdestination.cpp:76:30:76:32 | *src | overflowdestination.cpp:57:52:57:54 | *src | provenance |  |
 nodes
@@ -26,7 +24,6 @@ nodes
 | overflowdestination.cpp:46:15:46:17 | *src | semmle.label | *src |
 | overflowdestination.cpp:50:52:50:54 | *src | semmle.label | *src |
 | overflowdestination.cpp:50:52:50:54 | *src | semmle.label | *src |
-| overflowdestination.cpp:50:52:50:54 | *src [Reverse] | semmle.label | *src [Reverse] |
 | overflowdestination.cpp:53:15:53:17 | *src | semmle.label | *src |
 | overflowdestination.cpp:57:52:57:54 | *src | semmle.label | *src |
 | overflowdestination.cpp:60:15:60:17 | *src | semmle.label | *src |
@@ -37,7 +34,6 @@ nodes
 | overflowdestination.cpp:76:30:76:32 | *src | semmle.label | *src |
 subpaths
 | overflowdestination.cpp:75:30:75:32 | *src | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument |
-| overflowdestination.cpp:75:30:75:32 | *src | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | *src [Reverse] | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument |
 #select
 | overflowdestination.cpp:30:2:30:8 | call to strncpy | main.cpp:6:27:6:30 | **argv | overflowdestination.cpp:30:17:30:20 | *arg1 | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
 | overflowdestination.cpp:46:2:46:7 | call to memcpy | overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | *src | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |

diff --git a/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected b/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected
@@ -45,8 +45,6 @@ edges
 | Capture.cs:92:30:92:40 | [post] access to local variable captureOut3 : (...) => ... [captured sink32] : String | Capture.cs:93:15:93:20 | access to local variable sink32 | provenance |  |
 | Capture.cs:114:23:117:13 | [post] (...) => ... : (...) => ... [captured sink40] : String | Capture.cs:123:9:123:33 | [post] access to local function CaptureOutMultipleLambdas : CaptureOutMultipleLambdas [captured sink40] : String | provenance |  |
 | Capture.cs:116:26:116:39 | "taint source" : String | Capture.cs:352:9:352:9 | [post] access to parameter a : (...) => ... [captured sink40] : String | provenance |  |
-| Capture.cs:116:26:116:39 | "taint source" : String | Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | provenance |  |
-| Capture.cs:116:26:116:39 | "taint source" : String | Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | provenance |  |
 | Capture.cs:123:9:123:33 | [post] access to local function CaptureOutMultipleLambdas : CaptureOutMultipleLambdas [captured sink40] : String | Capture.cs:124:15:124:20 | access to local variable sink40 | provenance |  |
 | Capture.cs:127:25:127:31 | tainted : String | Capture.cs:134:9:134:23 | access to local function CaptureThrough1 : CaptureThrough1 [captured tainted] : String | provenance |  |
 | Capture.cs:127:25:127:31 | tainted : String | Capture.cs:146:9:146:23 | access to local function CaptureThrough2 : CaptureThrough2 [captured tainted] : String | provenance |  |
@@ -149,8 +147,6 @@ edges
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured s] : String | Capture.cs:217:19:217:19 | access to parameter s | provenance |  |
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured sink39] : String | Capture.cs:55:27:58:17 | (...) => ... : (...) => ... [captured sink39] : String | provenance |  |
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured sink39] : String | Capture.cs:57:27:57:32 | access to parameter sink39 | provenance |  |
-| Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | Capture.cs:350:34:350:34 | a [Reverse] : (...) => ... [captured sink40] : String | provenance |  |
-| Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | Capture.cs:350:34:350:34 | a [Reverse] : (...) => ... [captured sink40] : String | provenance |  |
 | Capture.cs:355:45:355:45 | x : String | Capture.cs:357:11:357:11 | access to parameter x : String | provenance |  |
 | Capture.cs:357:11:357:11 | access to parameter x : String | Capture.cs:273:19:273:19 | x : String | provenance |  |
 | GlobalDataFlow.cs:18:9:18:23 | access to field SinkField0 : String | GlobalDataFlow.cs:19:15:19:29 | access to field SinkField0 | provenance |  |
@@ -654,8 +650,6 @@ nodes
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured s] : String | semmle.label | access to parameter a : (...) => ... [captured s] : String |
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured sink39] : String | semmle.label | access to parameter a : (...) => ... [captured sink39] : String |
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured sink39] : String | semmle.label | access to parameter a : (...) => ... [captured sink39] : String |
-| Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | semmle.label | access to parameter a [Reverse] : (...) => ... [captured sink40] : String |
-| Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | semmle.label | access to parameter a [Reverse] : (...) => ... [captured sink40] : String |
 | Capture.cs:355:45:355:45 | x : String | semmle.label | x : String |
 | Capture.cs:357:11:357:11 | access to parameter x : String | semmle.label | access to parameter x : String |
 | GlobalDataFlow.cs:18:9:18:23 | access to field SinkField0 : String | semmle.label | access to field SinkField0 : String |

diff --git a/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected b/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected
@@ -55,8 +55,6 @@ edges
 | Capture.cs:92:30:92:40 | [post] access to local variable captureOut3 : (...) => ... [captured sink32] : String | Capture.cs:93:15:93:20 | access to local variable sink32 | provenance |  |
 | Capture.cs:114:23:117:13 | [post] (...) => ... : (...) => ... [captured sink40] : String | Capture.cs:123:9:123:33 | [post] access to local function CaptureOutMultipleLambdas : CaptureOutMultipleLambdas [captured sink40] : String | provenance |  |
 | Capture.cs:116:26:116:39 | "taint source" : String | Capture.cs:352:9:352:9 | [post] access to parameter a : (...) => ... [captured sink40] : String | provenance |  |
-| Capture.cs:116:26:116:39 | "taint source" : String | Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | provenance |  |
-| Capture.cs:116:26:116:39 | "taint source" : String | Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | provenance |  |
 | Capture.cs:123:9:123:33 | [post] access to local function CaptureOutMultipleLambdas : CaptureOutMultipleLambdas [captured sink40] : String | Capture.cs:124:15:124:20 | access to local variable sink40 | provenance |  |
 | Capture.cs:127:25:127:31 | tainted : String | Capture.cs:134:9:134:23 | access to local function CaptureThrough1 : CaptureThrough1 [captured tainted] : String | provenance |  |
 | Capture.cs:127:25:127:31 | tainted : String | Capture.cs:146:9:146:23 | access to local function CaptureThrough2 : CaptureThrough2 [captured tainted] : String | provenance |  |
@@ -159,8 +157,6 @@ edges
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured s] : String | Capture.cs:217:19:217:19 | access to parameter s | provenance |  |
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured sink39] : String | Capture.cs:55:27:58:17 | (...) => ... : (...) => ... [captured sink39] : String | provenance |  |
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured sink39] : String | Capture.cs:57:27:57:32 | access to parameter sink39 | provenance |  |
-| Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | Capture.cs:350:34:350:34 | a [Reverse] : (...) => ... [captured sink40] : String | provenance |  |
-| Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | Capture.cs:350:34:350:34 | a [Reverse] : (...) => ... [captured sink40] : String | provenance |  |
 | Capture.cs:355:45:355:45 | x : String | Capture.cs:357:11:357:11 | access to parameter x : String | provenance |  |
 | Capture.cs:357:11:357:11 | access to parameter x : String | Capture.cs:273:19:273:19 | x : String | provenance |  |
 | GlobalDataFlow.cs:18:9:18:23 | access to field SinkField0 : String | GlobalDataFlow.cs:19:15:19:29 | access to field SinkField0 | provenance |  |
@@ -724,8 +720,6 @@ nodes
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured s] : String | semmle.label | access to parameter a : (...) => ... [captured s] : String |
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured sink39] : String | semmle.label | access to parameter a : (...) => ... [captured sink39] : String |
 | Capture.cs:352:9:352:9 | access to parameter a : (...) => ... [captured sink39] : String | semmle.label | access to parameter a : (...) => ... [captured sink39] : String |
-| Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | semmle.label | access to parameter a [Reverse] : (...) => ... [captured sink40] : String |
-| Capture.cs:352:9:352:9 | access to parameter a [Reverse] : (...) => ... [captured sink40] : String | semmle.label | access to parameter a [Reverse] : (...) => ... [captured sink40] : String |
 | Capture.cs:355:45:355:45 | x : String | semmle.label | x : String |
 | Capture.cs:357:11:357:11 | access to parameter x : String | semmle.label | access to parameter x : String |
 | GlobalDataFlow.cs:18:9:18:23 | access to field SinkField0 : String | semmle.label | access to field SinkField0 : String |