File tree Expand file tree Collapse file tree 1 file changed +49
-0
lines changed
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-416 Expand file tree Collapse file tree 1 file changed +49
-0
lines changed Original file line number Diff line number Diff line change @@ -717,3 +717,52 @@ void test() {
717717
718718 for (auto x : return_self_by_value (returnValue ())) {} // GOOD
719719}
720+
721+ template <typename T>
722+ void iterate(const std::vector<T>& v) {
723+ for (auto x : v) {}
724+ }
725+
726+ std::vector<int >& ref_to_first_in_returnValue_1 () {
727+ return returnValue ()[0 ]; // BAD [NOT DETECTED] (see *)
728+ }
729+
730+ std::vector<int >& ref_to_first_in_returnValue_2 () {
731+ return returnValue ()[0 ]; // BAD [NOT DETECTED]
732+ }
733+
734+ std::vector<int >& ref_to_first_in_returnValue_3 () {
735+ return returnValue ()[0 ]; // BAD [NOT DETECTED] (see *)
736+ }
737+
738+ std::vector<int > first_in_returnValue_1 () {
739+ return returnValue ()[0 ]; // GOOD
740+ }
741+
742+ std::vector<int > first_in_returnValue_2 () {
743+ return returnValue ()[0 ]; // GOOD
744+ }
745+
746+ void test2 () {
747+ iterate(returnValue ()); // GOOD [FALSE POSITIVE] (see *)
748+ iterate(returnValue ()[0 ]); // GOOD [FALSE POSITIVE] (see *)
749+
750+ for (auto x : ref_to_first_in_returnValue_1 ()) {}
751+
752+ {
753+ auto value = ref_to_first_in_returnValue_2 ();
754+ for (auto x : value) {}
755+ }
756+
757+ {
758+ auto & ref = ref_to_first_in_returnValue_3 ();
759+ for (auto x : ref) {}
760+ }
761+
762+ for (auto x : first_in_returnValue_1 ()) {}
763+
764+ {
765+ auto value = first_in_returnValue_2 ();
766+ for (auto x : value) {}
767+ }
768+ }
You can’t perform that action at this time.
0 commit comments