codeql/cpp/ql/test/library-tests/dataflow/source-sink-tests/sources-and-sinks.cpp at c59d6cb2a7b0020fc3fb91605a7381911365f05c · github/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
char *getenv(const char *name);
char *secure_getenv(const char *name);
wchar_t *_wgetenv(const wchar_t *name);

void test_getenv() {
    void *var1 = getenv("VAR"); // $ local_source=6:18 local_source=6:18
    void *var2 = secure_getenv("VAR"); // $ local_source=7:18 local_source=7:18
    void *var3 = _wgetenv(L"VAR"); // $ local_source=8:18 local_source=8:18
}

int send(int, const void*, int, int);

void test_send(char* buffer, int length) {
  send(0, buffer, length, 0); // $ remote_sink
}

struct iovec {
  void  *iov_base;
  unsigned iov_len;
};

int readv(int, const struct iovec*, int);
int writev(int, const struct iovec*, int);

void test_readv_and_writev(iovec* iovs) {
  readv(0, iovs, 16); // $ remote_source
  writev(0, iovs, 16); // $ remote_sink
}

struct FILE;

int fscanf(FILE *stream, const char *format, ...);
int scanf(const char *format, ...);

void test_scanf(FILE *stream, int *d, char *buf) {
  scanf(""); // Not a local source, as there are no output arguments
  fscanf(stream, ""); // Not a remote source, as there are no output arguments
  scanf("%d", d); // $ local_source
  fscanf(stream, "%d", d);  // $ remote_source
  scanf("%d %s", d, buf); // $ local_source=40:18 local_source=40:21
  fscanf(stream, "%d %s", d, buf);  // $ remote_source=41:27 remote_source=41:30
}

struct addrinfo;

int getaddrinfo(const char *hostname, const char *servname,
                const struct addrinfo *hints, struct addrinfo **res);

void test_inet(char *hostname, char *servname, struct addrinfo *hints) {
  addrinfo *res;
  int ret = getaddrinfo(hostname, servname, hints, &res); // $ remote_source
}

typedef unsigned int wint_t;

// getc variants
int getc(FILE *stream);
wint_t getwc(FILE *stream);
int _getc_nolock(FILE *stream);
wint_t _getwc_nolock(FILE *stream);

int getch(void);
int _getch(void);
wint_t _getwch(void);
int _getch_nolock(void);
wint_t _getwch_nolock(void);
int getchar(void);
wint_t getwchar();
int _getchar_nolock(void);
wint_t _getwchar_nolock(void);

void test_getchar(FILE *stream) {
  int a = getc(stream); // $ remote_source
  wint_t b = getwc(stream); // $ remote_source
  int c = _getc_nolock(stream); // $ remote_source
  wint_t d = _getwc_nolock(stream); // $ remote_source

  int e = getch(); // $ local_source
  int f = _getch(); // $ local_source
  wint_t g = _getwch(); // $ local_source
  int h = _getch_nolock(); // $ local_source
  wint_t i = _getwch_nolock(); // $ local_source
  int j = getchar(); // $ local_source
  wint_t k = getwchar(); // $ local_source
  int l = _getchar_nolock(); // $ local_source
  wint_t m = _getwchar_nolock(); // $ local_source
}

// ZMC networking library

typedef unsigned long size_t;

struct zmq_msg_t {
};
int zmq_msg_init(zmq_msg_t *msg);
int zmq_msg_recv(zmq_msg_t *msg, void *socket, int flags);
int zmq_recvmsg(void *socket, zmq_msg_t *msg, int flags); // deprecated
int zmq_recv(void *socket, void *buf, size_t len, int flags);

void test_zmc(void *socket) {
  zmq_msg_t msg1, msg2;
  char buffer[1024];

  if (zmq_recv(socket, buffer, sizeof(buffer), 0) >= 0) { // $ remote_source
    // ...
  }

  zmq_msg_init(&msg1);
  if (zmq_msg_recv(&msg1, socket, 0) >= 0) { // $ remote_source
    // ...
  }

  zmq_msg_init(&msg2);
  if (zmq_recvmsg(socket, &msg2, 0) >= 0) { // $ remote_source
    // ...
  }
}

long StringCchGetsA(char *, size_t);
long StringCchGetsExA(char *, size_t, char **, size_t *, unsigned long);

void test_strsafe_gets() {
	{
		char dest[256] = {0};
		StringCchGetsA(dest, sizeof(dest)); // $ local_source
	}
	{
		char dest[256] = {0};
		char *end;
		size_t remaining;
		StringCchGetsExA(dest, sizeof(dest), &end, &remaining, 0); // $ local_source
	}
}