diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/Brotli.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/Brotli.qll similarity index 51% rename from cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/Brotli.qll rename to cpp/ql/src/experimental/Security/CWE/CWE-409/Brotli.qll index f6d06ef13354..5b2c2d6cfc93 100644 --- a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/Brotli.qll +++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/Brotli.qll @@ -3,23 +3,24 @@ */ import cpp -import semmle.code.cpp.ir.dataflow.TaintTracking import DecompressionBomb /** - * The `BrotliDecoderDecompress` function is used in flow sink. * Ref: https://www.brotli.org/decode.html#af68 + * The `BrotliDecoderDecompress` function is used in flow sink. + * See https://www.brotli.org/decode.html. */ class BrotliDecoderDecompressFunction extends DecompressionFunction { - BrotliDecoderDecompressFunction() { this.hasGlobalName(["BrotliDecoderDecompress"]) } + BrotliDecoderDecompressFunction() { this.hasGlobalName("BrotliDecoderDecompress") } override int getArchiveParameterIndex() { result = 1 } } /** - * The `BrotliDecoderDecompressStream` function is used in flow sink. * Ref: https://www.brotli.org/decode.html#a234 + * The `BrotliDecoderDecompressStream` function is used in flow sink. + * See https://www.brotli.org/decode.html. */ class BrotliDecoderDecompressStreamFunction extends DecompressionFunction { - BrotliDecoderDecompressStreamFunction() { this.hasGlobalName(["BrotliDecoderDecompressStream"]) } + BrotliDecoderDecompressStreamFunction() { this.hasGlobalName("BrotliDecoderDecompressStream") } override int getArchiveParameterIndex() { result = 2 } } diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBomb.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBomb.qll similarity index 83% rename from cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBomb.qll rename to cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBomb.qll index e330e244c381..73698d793140 100644 --- a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBomb.qll +++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBomb.qll @@ -18,6 +18,9 @@ abstract class DecompressionFunction extends Function { /** * The Decompression Flow Steps, extend this class to define new decompression sinks. */ -abstract class DecompressionFlowStep extends Function { +abstract class DecompressionFlowStep extends string { + bindingset[this] + DecompressionFlowStep() { any() } + abstract predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2); } diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBomb.qhelp b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.qhelp similarity index 53% rename from cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBomb.qhelp rename to cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.qhelp index cdadabbf207c..c263f4db625f 100644 --- a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBomb.qhelp +++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.qhelp @@ -3,8 +3,8 @@ "qhelp.dtd"> -

Extracting Compressed files with any compression algorithm like gzip can cause to denial of service attacks.

-

Attackers can compress a huge file which created by repeated similiar byte and convert it to a small compressed file.

+

Extracting Compressed files with any compression algorithm like gzip can cause denial of service attacks.

+

Attackers can compress a huge file consisting of repeated similiar bytes into a small compressed file.

 @@ -14,12 +14,12 @@

-Reading uncompressed Gzip file within a loop and check for a threshold size in each cycle. +Reading an uncompressed Gzip file within a loop and check for a threshold size in each cycle.

-An Unsafe Approach can be this example which we don't check for uncompressed size. +The following example is unsafe, as we do not check the uncompressed size.

@@ -28,11 +28,11 @@ An Unsafe Approach can be this example which we don't check for uncompressed siz
  • -Zlib Documentation +Zlib documentation
  • -A great research to gain more impact by this kind of attacks +An explanation of the attack
    • diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.ql b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql similarity index 55% rename from cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.ql rename to cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql index cdc868360250..bfa11e65b067 100644 --- a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql @@ -3,31 +3,30 @@ * @description User-controlled data that flows into decompression library APIs without checking the compression rate is dangerous * @kind path-problem * @problem.severity error - * @security-severity 7.8 - * @precision high - * @id cpp/data-decompression + * @precision low + * @id cpp/data-decompression-bomb * @tags security * experimental * external/cwe/cwe-409 */ import cpp -import semmle.code.cpp.ir.dataflow.TaintTracking import semmle.code.cpp.security.FlowSources import DecompressionBomb +predicate isSink(FunctionCall fc, DataFlow::Node sink) { + exists(DecompressionFunction f | fc.getTarget() = f | + fc.getArgument(f.getArchiveParameterIndex()) = [sink.asExpr(), sink.asIndirectExpr()] + ) +} + module DecompressionTaintConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof FlowSource } - predicate isSink(DataFlow::Node sink) { - exists(FunctionCall fc, DecompressionFunction f | fc.getTarget() = f | - fc.getArgument(f.getArchiveParameterIndex()) = [sink.asExpr(), sink.asIndirectExpr()] - ) - } + predicate isSink(DataFlow::Node sink) { isSink(_, sink) } predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - any(DecompressionFlowStep f).isAdditionalFlowStep(node1, node2) or - nextInAdditionalFlowStep(node1, node2) + any(DecompressionFlowStep s).isAdditionalFlowStep(node1, node2) } } @@ -35,7 +34,7 @@ module DecompressionTaint = TaintTracking::Global; import DecompressionTaint::PathGraph -from DecompressionTaint::PathNode source, DecompressionTaint::PathNode sink -where DecompressionTaint::flowPath(source, sink) -select sink.getNode(), source, sink, "This Decompression output $@.", source.getNode(), - "is not limited" +from DecompressionTaint::PathNode source, DecompressionTaint::PathNode sink, FunctionCall fc +where DecompressionTaint::flowPath(source, sink) and isSink(fc, sink.getNode()) +select sink.getNode(), source, sink, "The decompression output of $@ is not limited", fc, + fc.getTarget().getName() diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/LibArchive.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll similarity index 69% rename from cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/LibArchive.qll rename to cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll index f5e39ca26755..b14e02e1e82e 100644 --- a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/LibArchive.qll +++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll @@ -3,12 +3,11 @@ */ import cpp -import semmle.code.cpp.ir.dataflow.TaintTracking import DecompressionBomb /** * The `archive_read_data*` functions are used in flow sink. - * [Examples](https://github.com/libarchive/libarchive/wiki/Examples) + * See https://github.com/libarchive/libarchive/wiki/Examples. */ class Archive_read_data_block extends DecompressionFunction { Archive_read_data_block() { @@ -21,11 +20,11 @@ class Archive_read_data_block extends DecompressionFunction { /** * The `archive_read_open_filename` function as a flow step. */ -class ReadOpenFunction extends DecompressionFlowStep { - ReadOpenFunction() { this.hasGlobalName("archive_read_open_filename") } +class ReadOpenFunctionStep extends DecompressionFlowStep { + ReadOpenFunctionStep() { this = "ReadOpenFunction" } override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - exists(FunctionCall fc | fc.getTarget() = this | + exists(FunctionCall fc | fc.getTarget().hasGlobalName("archive_read_open_filename") | node1.asIndirectExpr() = fc.getArgument(1) and node2.asIndirectExpr() = fc.getArgument(0) ) diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/MiniZip.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/MiniZip.qll similarity index 75% rename from cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/MiniZip.qll rename to cpp/ql/src/experimental/Security/CWE/CWE-409/MiniZip.qll index a0365778c210..b7cb9df013a4 100644 --- a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/MiniZip.qll +++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/MiniZip.qll @@ -3,12 +3,11 @@ */ import cpp -import semmle.code.cpp.ir.dataflow.TaintTracking import DecompressionBomb /** * The `mz_zip_entry` function is used in flow sink. - * [docuemnt](https://github.com/zlib-ng/minizip-ng/blob/master/doc/mz_zip.md) + * See https://github.com/zlib-ng/minizip-ng/blob/master/doc/mz_zip.md. */ class Mz_zip_entry extends DecompressionFunction { Mz_zip_entry() { this.hasGlobalName("mz_zip_entry_read") } @@ -18,7 +17,7 @@ class Mz_zip_entry extends DecompressionFunction { /** * The `mz_zip_reader_entry_*` and `mz_zip_reader_save_all` functions are used in flow sink. - * [docuemnt](https://github.com/zlib-ng/minizip-ng/blob/master/doc/mz_zip_rw.md) + * See https://github.com/zlib-ng/minizip-ng/blob/master/doc/mz_zip_rw.md. */ class Mz_zip_reader_entry extends DecompressionFunction { Mz_zip_reader_entry() { @@ -43,13 +42,13 @@ class UnzOpenFunction extends DecompressionFunction { /** * The `mz_zip_reader_open_file` and `mz_zip_reader_open_file_in_memory` functions as a flow step. */ -class ReaderOpenFunction extends DecompressionFlowStep { - ReaderOpenFunction() { - this.hasGlobalName(["mz_zip_reader_open_file_in_memory", "mz_zip_reader_open_file"]) - } +class ReaderOpenFunctionStep extends DecompressionFlowStep { + ReaderOpenFunctionStep() { this = "ReaderOpenFunctionStep" } override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - exists(FunctionCall fc | fc.getTarget() = this | + exists(FunctionCall fc | + fc.getTarget().hasGlobalName(["mz_zip_reader_open_file_in_memory", "mz_zip_reader_open_file"]) + | node1.asIndirectExpr() = fc.getArgument(1) and node2.asIndirectExpr() = fc.getArgument(0) ) diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZSTD.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZSTD.qll similarity index 66% rename from cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZSTD.qll rename to cpp/ql/src/experimental/Security/CWE/CWE-409/ZSTD.qll index 2683f03f7c2c..e39ad4ee8a0e 100644 --- a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZSTD.qll +++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZSTD.qll @@ -3,14 +3,13 @@ */ import cpp -import semmle.code.cpp.ir.dataflow.TaintTracking import DecompressionBomb /** * The `ZSTD_decompress` function is used in flow sink. */ class ZstdDecompressFunction extends DecompressionFunction { - ZstdDecompressFunction() { this.hasGlobalName(["ZSTD_decompress"]) } + ZstdDecompressFunction() { this.hasGlobalName("ZSTD_decompress") } override int getArchiveParameterIndex() { result = 2 } } @@ -19,7 +18,7 @@ class ZstdDecompressFunction extends DecompressionFunction { * The `ZSTD_decompressDCtx` function is used in flow sink. */ class ZstdDecompressDctxFunction extends DecompressionFunction { - ZstdDecompressDctxFunction() { this.hasGlobalName(["ZSTD_decompressDCtx"]) } + ZstdDecompressDctxFunction() { this.hasGlobalName("ZSTD_decompressDCtx") } override int getArchiveParameterIndex() { result = 3 } } @@ -28,7 +27,7 @@ class ZstdDecompressDctxFunction extends DecompressionFunction { * The `ZSTD_decompressStream` function is used in flow sink. */ class ZstdDecompressStreamFunction extends DecompressionFunction { - ZstdDecompressStreamFunction() { this.hasGlobalName(["ZSTD_decompressStream"]) } + ZstdDecompressStreamFunction() { this.hasGlobalName("ZSTD_decompressStream") } override int getArchiveParameterIndex() { result = 2 } } @@ -37,7 +36,7 @@ class ZstdDecompressStreamFunction extends DecompressionFunction { * The `ZSTD_decompress_usingDDict` function is used in flow sink. */ class ZstdDecompressUsingDdictFunction extends DecompressionFunction { - ZstdDecompressUsingDdictFunction() { this.hasGlobalName(["ZSTD_decompress_usingDDict"]) } + ZstdDecompressUsingDdictFunction() { this.hasGlobalName("ZSTD_decompress_usingDDict") } override int getArchiveParameterIndex() { result = 3 } } @@ -45,11 +44,11 @@ class ZstdDecompressUsingDdictFunction extends DecompressionFunction { /** * The `fopen_orDie` function as a flow step. */ -class FopenOrDieFunction extends DecompressionFlowStep { - FopenOrDieFunction() { this.hasGlobalName("fopen_orDie") } +class FopenOrDieFunctionStep extends DecompressionFlowStep { + FopenOrDieFunctionStep() { this = "FopenOrDieFunctionStep" } override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - exists(FunctionCall fc | fc.getTarget() = this | + exists(FunctionCall fc | fc.getTarget().hasGlobalName("fopen_orDie") | node1.asIndirectExpr() = fc.getArgument(0) and node2.asExpr() = fc ) @@ -59,11 +58,11 @@ class FopenOrDieFunction extends DecompressionFlowStep { /** * The `fread_orDie` function as a flow step. */ -class FreadOrDieFunction extends DecompressionFlowStep { - FreadOrDieFunction() { this.hasGlobalName("fread_orDie") } +class FreadOrDieFunctionStep extends DecompressionFlowStep { + FreadOrDieFunctionStep() { this = "FreadOrDieFunctionStep" } override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - exists(FunctionCall fc | fc.getTarget() = this | + exists(FunctionCall fc | fc.getTarget().hasGlobalName("fread_orDie") | node1.asIndirectExpr() = fc.getArgument(2) and node2.asIndirectExpr() = fc.getArgument(0) ) diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZlibGzopen.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibGzopen.qll similarity index 79% rename from cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZlibGzopen.qll rename to cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibGzopen.qll index 851500b2cee4..172f8e7a7b69 100644 --- a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZlibGzopen.qll +++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibGzopen.qll @@ -3,7 +3,6 @@ */ import cpp -import semmle.code.cpp.ir.dataflow.TaintTracking import DecompressionBomb /** @@ -44,11 +43,11 @@ class GzReadFunction extends DecompressionFunction { * * `gzdopen(int fd, const char *mode)` */ -class GzdopenFunction extends DecompressionFlowStep { - GzdopenFunction() { this.hasGlobalName("gzdopen") } +class GzdopenFunctionStep extends DecompressionFlowStep { + GzdopenFunctionStep() { this = "GzdopenFunctionStep" } override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - exists(FunctionCall fc | fc.getTarget() = this | + exists(FunctionCall fc | fc.getTarget().hasGlobalName("gzdopen") | node1.asExpr() = fc.getArgument(0) and node2.asExpr() = fc ) @@ -60,11 +59,11 @@ class GzdopenFunction extends DecompressionFlowStep { * * `gzopen(const char *path, const char *mode)` */ -class GzopenFunction extends DecompressionFlowStep { - GzopenFunction() { this.hasGlobalName("gzopen") } +class GzopenFunctionStep extends DecompressionFlowStep { + GzopenFunctionStep() { this = "GzopenFunctionStep" } override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - exists(FunctionCall fc | fc.getTarget() = this | + exists(FunctionCall fc | fc.getTarget().hasGlobalName("gzopen") | node1.asIndirectExpr() = fc.getArgument(0) and node2.asExpr() = fc ) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibInflator.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibInflator.qll new file mode 100644 index 000000000000..6c3cb6062c59 --- /dev/null +++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibInflator.qll @@ -0,0 +1,39 @@ +/** + * https://www.zlib.net/ + */ + +import cpp +import DecompressionBomb + +/** + * The `inflate` and `inflateSync` functions are used in flow sink. + * + * `inflate(z_stream strm, int flush)` + * + * `inflateSync(z_stream strm)` + */ +class InflateFunction extends DecompressionFunction { + InflateFunction() { this.hasGlobalName(["inflate", "inflateSync"]) } + + override int getArchiveParameterIndex() { result = 0 } +} + +/** + * The `next_in` member of a `z_stream` variable is used in a flow steps. + */ +class NextInMemberStep extends DecompressionFlowStep { + NextInMemberStep() { this = "NextInMemberStep" } + + override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + exists(Variable nextInVar, VariableAccess zStreamAccess | + nextInVar.getDeclaringType().hasName("z_stream") and + nextInVar.hasName("next_in") and + zStreamAccess.getType().hasName("z_stream") + | + nextInVar.getAnAccess().getQualifier().(VariableAccess).getTarget() = + zStreamAccess.getTarget() and + node1.asIndirectExpr() = nextInVar.getAnAssignedValue() and + node2.asExpr() = zStreamAccess + ) + } +} diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZlibUncompress.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibUncompress.qll similarity index 87% rename from cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZlibUncompress.qll rename to cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibUncompress.qll index 656bd98655d5..1617b8e30681 100644 --- a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZlibUncompress.qll +++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibUncompress.qll @@ -3,7 +3,6 @@ */ import cpp -import semmle.code.cpp.ir.dataflow.TaintTracking import DecompressionBomb /** diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/example_bad.cpp b/cpp/ql/src/experimental/Security/CWE/CWE-409/example_bad.cpp new file mode 100644 index 000000000000..eaf2fe22817a --- /dev/null +++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/example_bad.cpp @@ -0,0 +1,15 @@ +#include "zlib.h" + +void UnsafeGzread(gzFile inFileZ) { + const int BUFFER_SIZE = 8192; + unsigned char unzipBuffer[BUFFER_SIZE]; + unsigned int unzippedBytes; + while (true) { + unzippedBytes = gzread(inFileZ, unzipBuffer, BUFFER_SIZE); + if (unzippedBytes <= 0) { + break; + } + + // process buffer + } +} diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/example_good.cpp b/cpp/ql/src/experimental/Security/CWE/CWE-409/example_good.cpp new file mode 100644 index 000000000000..f28ed41026d5 --- /dev/null +++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/example_good.cpp @@ -0,0 +1,23 @@ +#include "zlib.h" + +void SafeGzread(gzFile inFileZ) { + const int MAX_READ = 1024 * 1024 * 4; + const int BUFFER_SIZE = 8192; + unsigned char unzipBuffer[BUFFER_SIZE]; + unsigned int unzippedBytes; + unsigned int totalRead = 0; + while (true) { + unzippedBytes = gzread(inFileZ, unzipBuffer, BUFFER_SIZE); + totalRead += unzippedBytes; + if (unzippedBytes <= 0) { + break; + } + + if (totalRead > MAX_READ) { + // Possible decompression bomb, stop processing. + break; + } else { + // process buffer + } + } +} diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZlibInflator.qll b/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZlibInflator.qll deleted file mode 100644 index 6a5d4b8f1eca..000000000000 --- a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZlibInflator.qll +++ /dev/null @@ -1,35 +0,0 @@ -/** - * https://www.zlib.net/ - */ - -import cpp -import semmle.code.cpp.ir.dataflow.TaintTracking -import DecompressionBomb - -/** - * The `inflate` and `inflateSync` functions are used in flow sink. - * - * `inflate(z_stream strm, int flush)` - * - * `inflateSync(z_stream strm)` - */ -class InflateFunction extends DecompressionFunction { - InflateFunction() { this.hasGlobalName(["inflate", "inflateSync"]) } - - override int getArchiveParameterIndex() { result = 0 } -} - -/** - * The `next_in` member of a `z_stream` variable is used in flow steps. - */ -predicate nextInAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - exists(Variable nextInVar, VariableAccess zStreamAccess | - nextInVar.getDeclaringType().hasName("z_stream") and - nextInVar.hasName("next_in") and - zStreamAccess.getType().hasName("z_stream") - | - nextInVar.getAnAccess().getQualifier().(VariableAccess).getTarget() = zStreamAccess.getTarget() and - node1.asIndirectExpr() = nextInVar.getAnAssignedValue() and - node2.asExpr() = zStreamAccess - ) -} diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/example_bad.cpp b/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/example_bad.cpp deleted file mode 100644 index af5138173869..000000000000 --- a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/example_bad.cpp +++ /dev/null @@ -1,129 +0,0 @@ -#include -#include -#include "zlib.h" -#include -#include - -int UnsafeInflate(int argc, char *argv[]) { - // original string len = 36 - char a[50] = "Hello Hello Hello Hello Hello Hello!"; - // placeholder for the compressed (deflated) version of "a" - char b[50]; - // placeholder for the Uncompressed (inflated) version of "b" - char c[50]; - printf("Uncompressed size is: %lu\n", strlen(a)); - printf("Uncompressed string is: %s\n", a); - printf("\n----------\n\n"); - - // STEP 1. - // zlib struct - z_stream defstream; - defstream.zalloc = Z_NULL; - defstream.zfree = Z_NULL; - defstream.opaque = Z_NULL; - // setup "a" as the input and "b" as the compressed output - defstream.avail_in = (uInt) strlen(a) + 1; // size of input, string + terminator - defstream.next_in = (Bytef *) a; // input char array - defstream.avail_out = (uInt) sizeof(b); // size of output - defstream.next_out = (Bytef *) b; // output char array - - // the actual compression work. - deflateInit(&defstream, Z_BEST_COMPRESSION); - deflate(&defstream, Z_FINISH); - deflateEnd(&defstream); - - // This is one way of getting the size of the output - printf("Compressed size is: %lu\n", strlen(b)); - printf("Compressed string is: %s\n", b); - printf("\n----------\n\n"); - // STEP 2. - // inflate b into c - // zlib struct - z_stream infstream; - infstream.zalloc = Z_NULL; - infstream.zfree = Z_NULL; - infstream.opaque = Z_NULL; - // setup "b" as the input and "c" as the compressed output - // TOTHINK: Here we can add additional step from Right operand to z_stream variable access - infstream.avail_in = (uInt) ((char *) defstream.next_out - b); // size of input - infstream.next_in = (Bytef *) b; // input char array - infstream.avail_out = (uInt) sizeof(c); // size of output - infstream.next_out = (Bytef *) c; // output char array - - // uLong total_out; /* total number of bytes output so far */ - // the actual DE-compression work. - inflateInit(&infstream); - std::cout << infstream.total_out << std::endl; - inflate(&infstream, Z_NO_FLUSH); - std::cout << infstream.total_out << std::endl; - inflateEnd(&infstream); - - printf("Uncompressed size is: %lu\n", strlen(c)); - printf("Uncompressed string is: %s\n", c); - return 0; -} - -int UnsafeGzread() { - std::cout << "enter compressed file name!\n" << std::endl; - char fileName[100]; - std::cin >> fileName; - gzFile inFileZ = gzopen(fileName, "rb"); - if (inFileZ == nullptr) { - printf("Error: Failed to gzopen %s\n", fileName); - exit(0); - } - unsigned char unzipBuffer[8192]; - unsigned int unzippedBytes; - std::vector unzippedData; - while (true) { - unzippedBytes = gzread(inFileZ, unzipBuffer, 8192); - if (unzippedBytes > 0) { - unzippedData.insert(unzippedData.end(), unzipBuffer, unzipBuffer + unzippedBytes); - } else { - break; - } - } - for (auto &&i: unzippedData) - std::cout << i; - gzclose(inFileZ); - return 0; -} - -int UnsafeGzfread() { - std::cout << "enter compressed file name!\n" << std::endl; - char fileName[100]; - std::cin >> fileName; - gzFile inFileZ = gzopen(fileName, "rb"); - if (inFileZ == nullptr) { - printf("Error: Failed to gzopen %s\n", fileName); - exit(0); - } - while (true) { - char buffer[1000]; - if (!gzfread(buffer, 999, 1, inFileZ)) { - break; - } - } - gzclose(inFileZ); - return 0; -} - -int UnsafeGzgets() { - std::cout << "enter compressed file name!\n" << std::endl; - char fileName[100]; - std::cin >> fileName; - gzFile inFileZ = gzopen(fileName, "rb"); - if (inFileZ == nullptr) { - printf("Error: Failed to gzopen %s\n", fileName); - exit(0); - } - char *buffer = new char[4000000000]; - char *result = gzgets(inFileZ, buffer, 1000000000); - while (true) { - result = gzgets(inFileZ, buffer, 1000000000); - if (result == nullptr) { - break; - } - } - return 0; -} diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/example_good.cpp b/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/example_good.cpp deleted file mode 100644 index 7ad34658367c..000000000000 --- a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/example_good.cpp +++ /dev/null @@ -1,78 +0,0 @@ -#include -#include -#include "zlib.h" -#include -#include - -int SafeGzread() { - std::cout << "enter compressed file name!\n" << std::endl; - char fileName[100]; - std::cin >> fileName; - gzFile inFileZ = gzopen(fileName, "rb"); - if (inFileZ == nullptr) { - printf("Error: Failed to gzopen %s\n", fileName); - exit(0); - } - unsigned char unzipBuffer[8192]; - unsigned int unzippedBytes; - uint totalRead = 0; - std::vector unzippedData; - while (true) { - unzippedBytes = gzread(inFileZ, unzipBuffer, 8192); - totalRead += unzippedBytes; - if (unzippedBytes > 0) { - unzippedData.insert(unzippedData.end(), unzipBuffer, unzipBuffer + unzippedBytes); - if (totalRead > 1024 * 1024 * 4) { - std::cout << "Bombs!" << totalRead; - exit(1); - } else { - std::cout << "not Bomb yet!!" << totalRead << std::endl; - } - } else { - break; - } - } - - for (auto &&i: unzippedData) - std::cout << i; - gzclose(inFileZ); - - return 0; -} - -int SafeGzread2() { - std::cout << "enter compressed file name!\n" << std::endl; - char fileName[100]; - std::cin >> fileName; - gzFile inFileZ = gzopen(fileName, "rb"); - if (inFileZ == nullptr) { - printf("Error: Failed to gzopen %s\n", fileName); - exit(0); - } - const int BUFFER_SIZE = 8192; - unsigned char unzipBuffer[BUFFER_SIZE]; - unsigned int unzippedBytes; - uint totalRead = 0; - std::vector unzippedData; - while (true) { - unzippedBytes = gzread(inFileZ, unzipBuffer, BUFFER_SIZE); - totalRead += BUFFER_SIZE; - if (unzippedBytes > 0) { - unzippedData.insert(unzippedData.end(), unzipBuffer, unzipBuffer + unzippedBytes); - if (totalRead > 1024 * 1024 * 4) { - std::cout << "Bombs!" << totalRead; - exit(1); - } else { - std::cout << "not Bomb yet!!" << totalRead << std::endl; - } - } else { - break; - } - } - - for (auto &&i: unzippedData) - std::cout << i; - gzclose(inFileZ); - - return 0; -} diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.expected deleted file mode 100644 index 5bd0f6bcde24..000000000000 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.expected +++ /dev/null @@ -1,399 +0,0 @@ -edges -| brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | provenance | | -| brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | provenance | | -| brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | provenance | TaintFunction | -| brotliTest.cpp:29:32:29:35 | **argv | libarchiveTests.cpp:145:13:145:19 | *access to array | provenance | | -| brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | provenance | | -| brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | provenance | | -| brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | provenance | | -| brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:54:41:54:47 | *access to array | provenance | | -| brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | provenance | | -| brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | provenance | | -| libarchiveTests.cpp:10:46:10:46 | *a | libarchiveTests.cpp:10:46:10:46 | *a | provenance | | -| libarchiveTests.cpp:38:48:38:55 | *pArchive | libarchiveTests.cpp:38:48:38:55 | *pArchive | provenance | | -| libarchiveTests.cpp:57:45:57:52 | *pArchive | libarchiveTests.cpp:57:45:57:52 | *pArchive | provenance | | -| libarchiveTests.cpp:86:38:86:39 | *ar | libarchiveTests.cpp:86:38:86:39 | *ar | provenance | | -| libarchiveTests.cpp:86:38:86:39 | *ar | libarchiveTests.cpp:93:33:93:34 | *ar | provenance | | -| libarchiveTests.cpp:86:38:86:39 | *ar | libarchiveTests.cpp:93:33:93:34 | *ar | provenance | | -| libarchiveTests.cpp:93:33:93:34 | *ar | libarchiveTests.cpp:57:45:57:52 | *pArchive | provenance | | -| libarchiveTests.cpp:93:33:93:34 | *ar | libarchiveTests.cpp:93:33:93:34 | archive_read_data_block output argument | provenance | | -| libarchiveTests.cpp:93:33:93:34 | archive_read_data_block output argument | libarchiveTests.cpp:86:38:86:39 | *ar | provenance | | -| libarchiveTests.cpp:93:33:93:34 | archive_read_data_block output argument | libarchiveTests.cpp:86:38:86:39 | *ar [Return] | provenance | | -| libarchiveTests.cpp:93:33:93:34 | archive_read_data_block output argument | libarchiveTests.cpp:93:33:93:34 | *ar | provenance | | -| libarchiveTests.cpp:93:33:93:34 | archive_read_data_block output argument | libarchiveTests.cpp:93:33:93:34 | *ar | provenance | | -| libarchiveTests.cpp:105:33:105:40 | *filename | libarchiveTests.cpp:123:40:123:47 | *filename | provenance | | -| libarchiveTests.cpp:123:37:123:37 | *a | libarchiveTests.cpp:38:48:38:55 | *pArchive | provenance | | -| libarchiveTests.cpp:123:37:123:37 | *a | libarchiveTests.cpp:123:37:123:37 | archive_read_open_filename output argument | provenance | | -| libarchiveTests.cpp:123:37:123:37 | *a | libarchiveTests.cpp:126:34:126:34 | *a | provenance | | -| libarchiveTests.cpp:123:37:123:37 | *a | libarchiveTests.cpp:129:23:129:23 | *a | provenance | | -| libarchiveTests.cpp:123:37:123:37 | archive_read_open_filename output argument | libarchiveTests.cpp:126:34:126:34 | *a | provenance | | -| libarchiveTests.cpp:123:37:123:37 | archive_read_open_filename output argument | libarchiveTests.cpp:129:23:129:23 | *a | provenance | | -| libarchiveTests.cpp:123:40:123:47 | *filename | libarchiveTests.cpp:123:37:123:37 | *a | provenance | Config | -| libarchiveTests.cpp:126:34:126:34 | *a | libarchiveTests.cpp:10:46:10:46 | *a | provenance | | -| libarchiveTests.cpp:126:34:126:34 | *a | libarchiveTests.cpp:126:34:126:34 | archive_read_next_header output argument | provenance | | -| libarchiveTests.cpp:126:34:126:34 | archive_read_next_header output argument | libarchiveTests.cpp:126:34:126:34 | *a | provenance | | -| libarchiveTests.cpp:126:34:126:34 | archive_read_next_header output argument | libarchiveTests.cpp:129:23:129:23 | *a | provenance | | -| libarchiveTests.cpp:129:23:129:23 | *a | libarchiveTests.cpp:86:38:86:39 | *ar | provenance | | -| libarchiveTests.cpp:129:23:129:23 | *a | libarchiveTests.cpp:129:23:129:23 | copy_data output argument | provenance | | -| libarchiveTests.cpp:129:23:129:23 | copy_data output argument | libarchiveTests.cpp:126:34:126:34 | *a | provenance | | -| libarchiveTests.cpp:129:23:129:23 | copy_data output argument | libarchiveTests.cpp:129:23:129:23 | *a | provenance | | -| libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | provenance | | -| libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | provenance | | -| libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | provenance | TaintFunction | -| libarchiveTests.cpp:144:32:144:35 | **argv | libarchiveTests.cpp:145:13:145:19 | *access to array | provenance | | -| libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | provenance | | -| libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | provenance | | -| libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | provenance | | -| libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:54:41:54:47 | *access to array | provenance | | -| libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | provenance | | -| libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | provenance | | -| libarchiveTests.cpp:145:13:145:19 | *access to array | libarchiveTests.cpp:105:33:105:40 | *filename | provenance | | -| minizipTest.cpp:28:46:28:48 | *buf | minizipTest.cpp:28:46:28:48 | *buf | provenance | | -| minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | provenance | | -| minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | provenance | | -| minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | provenance | TaintFunction | -| minizipTest.cpp:36:32:36:35 | **argv | libarchiveTests.cpp:145:13:145:19 | *access to array | provenance | | -| minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | provenance | | -| minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | provenance | | -| minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | provenance | | -| minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:54:41:54:47 | *access to array | provenance | | -| minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | provenance | | -| minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | provenance | | -| minizipTest.cpp:42:52:42:67 | *access to array | minizipTest.cpp:28:46:28:48 | *buf | provenance | | -| minizipTest.cpp:42:52:42:67 | *access to array | minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | provenance | | -| minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | minizipTest.cpp:42:52:42:67 | *access to array | provenance | | -| minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | minizipTest.cpp:42:52:42:67 | *access to array | provenance | | -| minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | minizipTest.cpp:54:41:54:47 | *access to array | provenance | | -| minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | minizipTest.cpp:69:13:69:19 | *access to array | provenance | | -| minizipTest.cpp:54:29:54:38 | **zip_reader | minizipTest.cpp:60:30:60:39 | **zip_reader | provenance | | -| minizipTest.cpp:54:29:54:38 | *zip_reader | minizipTest.cpp:54:29:54:38 | mz_zip_reader_open_file output argument | provenance | | -| minizipTest.cpp:54:29:54:38 | *zip_reader | minizipTest.cpp:55:36:55:45 | *zip_reader | provenance | | -| minizipTest.cpp:54:29:54:38 | *zip_reader | minizipTest.cpp:60:30:60:39 | *zip_reader | provenance | | -| minizipTest.cpp:54:29:54:38 | *zip_reader | minizipTest.cpp:109:39:109:44 | *handle | provenance | | -| minizipTest.cpp:54:29:54:38 | mz_zip_reader_open_file output argument | minizipTest.cpp:55:36:55:45 | *zip_reader | provenance | | -| minizipTest.cpp:54:29:54:38 | mz_zip_reader_open_file output argument | minizipTest.cpp:60:30:60:39 | *zip_reader | provenance | | -| minizipTest.cpp:54:41:54:47 | *access to array | minizipTest.cpp:54:29:54:38 | **zip_reader | provenance | Config | -| minizipTest.cpp:54:41:54:47 | *access to array | minizipTest.cpp:54:29:54:38 | *zip_reader | provenance | Config | -| minizipTest.cpp:55:36:55:45 | *zip_reader | minizipTest.cpp:55:36:55:45 | mz_zip_reader_goto_first_entry output argument | provenance | | -| minizipTest.cpp:55:36:55:45 | *zip_reader | minizipTest.cpp:101:46:101:50 | *pVoid | provenance | | -| minizipTest.cpp:55:36:55:45 | mz_zip_reader_goto_first_entry output argument | minizipTest.cpp:60:30:60:39 | *zip_reader | provenance | | -| minizipTest.cpp:101:46:101:50 | *pVoid | minizipTest.cpp:101:46:101:50 | *pVoid | provenance | | -| minizipTest.cpp:109:39:109:44 | *handle | minizipTest.cpp:109:39:109:44 | *handle | provenance | | -| zlibTest.cpp:52:25:52:25 | *a | zlibTest.cpp:63:25:63:35 | *a | provenance | | -| zlibTest.cpp:63:25:63:35 | *a | zlibTest.cpp:52:25:52:25 | *a | provenance | | -| zlibTest.cpp:63:25:63:35 | *a | zlibTest.cpp:69:17:69:26 | & ... | provenance | Config | -| zlibTest.cpp:63:25:63:35 | *a | zlibTest.cpp:70:13:70:22 | & ... | provenance | Config | -| zlibTest.cpp:69:17:69:26 | & ... | zlibTest.cpp:70:13:70:22 | & ... | provenance | | -| zlibTest.cpp:93:24:93:31 | *fileName | zlibTest.cpp:94:29:94:36 | *fileName | provenance | | -| zlibTest.cpp:94:22:94:27 | call to gzopen | zlibTest.cpp:94:22:94:27 | call to gzopen | provenance | | -| zlibTest.cpp:94:22:94:27 | call to gzopen | zlibTest.cpp:101:32:101:38 | inFileZ | provenance | | -| zlibTest.cpp:94:29:94:36 | *fileName | zlibTest.cpp:93:24:93:31 | *fileName | provenance | | -| zlibTest.cpp:94:29:94:36 | *fileName | zlibTest.cpp:94:22:94:27 | call to gzopen | provenance | Config | -| zlibTest.cpp:114:25:114:32 | *fileName | zlibTest.cpp:115:29:115:36 | *fileName | provenance | | -| zlibTest.cpp:115:22:115:27 | call to gzopen | zlibTest.cpp:115:22:115:27 | call to gzopen | provenance | | -| zlibTest.cpp:115:22:115:27 | call to gzopen | zlibTest.cpp:121:38:121:44 | inFileZ | provenance | | -| zlibTest.cpp:115:29:115:36 | *fileName | zlibTest.cpp:114:25:114:32 | *fileName | provenance | | -| zlibTest.cpp:115:29:115:36 | *fileName | zlibTest.cpp:115:22:115:27 | call to gzopen | provenance | Config | -| zlibTest.cpp:131:24:131:31 | *fileName | zlibTest.cpp:132:29:132:36 | *fileName | provenance | | -| zlibTest.cpp:132:22:132:27 | call to gzopen | zlibTest.cpp:132:22:132:27 | call to gzopen | provenance | | -| zlibTest.cpp:132:22:132:27 | call to gzopen | zlibTest.cpp:139:25:139:31 | inFileZ | provenance | | -| zlibTest.cpp:132:29:132:36 | *fileName | zlibTest.cpp:131:24:131:31 | *fileName | provenance | | -| zlibTest.cpp:132:29:132:36 | *fileName | zlibTest.cpp:132:22:132:27 | call to gzopen | provenance | Config | -| zlibTest.cpp:156:41:156:45 | *input | zlibTest.cpp:163:29:163:43 | *input | provenance | | -| zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:169:19:169:25 | *access to array | provenance | | -| zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:170:18:170:24 | *access to array | provenance | | -| zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:171:19:171:25 | *access to array | provenance | | -| zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:172:18:172:24 | *access to array | provenance | | -| zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:174:19:174:66 | *access to array | provenance | | -| zlibTest.cpp:169:19:169:25 | *access to array | zlibTest.cpp:114:25:114:32 | *fileName | provenance | | -| zlibTest.cpp:169:19:169:25 | *access to array | zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | provenance | | -| zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | zlibTest.cpp:170:18:170:24 | *access to array | provenance | | -| zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | zlibTest.cpp:171:19:171:25 | *access to array | provenance | | -| zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | zlibTest.cpp:172:18:172:24 | *access to array | provenance | | -| zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | zlibTest.cpp:174:19:174:66 | *access to array | provenance | | -| zlibTest.cpp:170:18:170:24 | *access to array | zlibTest.cpp:131:24:131:31 | *fileName | provenance | | -| zlibTest.cpp:170:18:170:24 | *access to array | zlibTest.cpp:170:18:170:24 | UnsafeGzgets output argument | provenance | | -| zlibTest.cpp:170:18:170:24 | UnsafeGzgets output argument | zlibTest.cpp:171:19:171:25 | *access to array | provenance | | -| zlibTest.cpp:170:18:170:24 | UnsafeGzgets output argument | zlibTest.cpp:172:18:172:24 | *access to array | provenance | | -| zlibTest.cpp:170:18:170:24 | UnsafeGzgets output argument | zlibTest.cpp:174:19:174:66 | *access to array | provenance | | -| zlibTest.cpp:171:19:171:25 | *access to array | zlibTest.cpp:52:25:52:25 | *a | provenance | | -| zlibTest.cpp:171:19:171:25 | *access to array | zlibTest.cpp:171:19:171:25 | UnsafeInflate output argument | provenance | | -| zlibTest.cpp:171:19:171:25 | UnsafeInflate output argument | zlibTest.cpp:172:18:172:24 | *access to array | provenance | | -| zlibTest.cpp:171:19:171:25 | UnsafeInflate output argument | zlibTest.cpp:174:19:174:66 | *access to array | provenance | | -| zlibTest.cpp:172:18:172:24 | *access to array | zlibTest.cpp:93:24:93:31 | *fileName | provenance | | -| zlibTest.cpp:172:18:172:24 | *access to array | zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument | provenance | | -| zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument | zlibTest.cpp:174:19:174:66 | *access to array | provenance | | -| zlibTest.cpp:174:19:174:66 | *access to array | zlibTest.cpp:156:41:156:45 | *input | provenance | | -| zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | provenance | | -| zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:31:42:31:60 | access to array | provenance | | -| zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | provenance | TaintFunction | -| zstdTest.cpp:114:33:114:36 | **argv | libarchiveTests.cpp:145:13:145:19 | *access to array | provenance | | -| zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | provenance | | -| zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | provenance | | -| zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | access to array | provenance | | -| zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:54:41:54:47 | *access to array | provenance | | -| zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | provenance | | -| zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:69:13:69:19 | access to array | provenance | | -nodes -| brotliTest.cpp:29:32:29:35 | **argv | semmle.label | **argv | -| brotliTest.cpp:31:42:31:60 | *access to array | semmle.label | *access to array | -| brotliTest.cpp:31:42:31:60 | access to array | semmle.label | access to array | -| brotliTest.cpp:37:35:37:40 | *input2 | semmle.label | *input2 | -| libarchiveTests.cpp:10:46:10:46 | *a | semmle.label | *a | -| libarchiveTests.cpp:10:46:10:46 | *a | semmle.label | *a | -| libarchiveTests.cpp:38:48:38:55 | *pArchive | semmle.label | *pArchive | -| libarchiveTests.cpp:38:48:38:55 | *pArchive | semmle.label | *pArchive | -| libarchiveTests.cpp:57:45:57:52 | *pArchive | semmle.label | *pArchive | -| libarchiveTests.cpp:57:45:57:52 | *pArchive | semmle.label | *pArchive | -| libarchiveTests.cpp:86:38:86:39 | *ar | semmle.label | *ar | -| libarchiveTests.cpp:86:38:86:39 | *ar | semmle.label | *ar | -| libarchiveTests.cpp:86:38:86:39 | *ar [Return] | semmle.label | *ar [Return] | -| libarchiveTests.cpp:93:33:93:34 | *ar | semmle.label | *ar | -| libarchiveTests.cpp:93:33:93:34 | *ar | semmle.label | *ar | -| libarchiveTests.cpp:93:33:93:34 | archive_read_data_block output argument | semmle.label | archive_read_data_block output argument | -| libarchiveTests.cpp:105:33:105:40 | *filename | semmle.label | *filename | -| libarchiveTests.cpp:123:37:123:37 | *a | semmle.label | *a | -| libarchiveTests.cpp:123:37:123:37 | archive_read_open_filename output argument | semmle.label | archive_read_open_filename output argument | -| libarchiveTests.cpp:123:40:123:47 | *filename | semmle.label | *filename | -| libarchiveTests.cpp:126:34:126:34 | *a | semmle.label | *a | -| libarchiveTests.cpp:126:34:126:34 | archive_read_next_header output argument | semmle.label | archive_read_next_header output argument | -| libarchiveTests.cpp:129:23:129:23 | *a | semmle.label | *a | -| libarchiveTests.cpp:129:23:129:23 | copy_data output argument | semmle.label | copy_data output argument | -| libarchiveTests.cpp:144:32:144:35 | **argv | semmle.label | **argv | -| libarchiveTests.cpp:145:13:145:19 | *access to array | semmle.label | *access to array | -| minizipTest.cpp:28:46:28:48 | *buf | semmle.label | *buf | -| minizipTest.cpp:28:46:28:48 | *buf | semmle.label | *buf | -| minizipTest.cpp:36:32:36:35 | **argv | semmle.label | **argv | -| minizipTest.cpp:42:52:42:67 | *access to array | semmle.label | *access to array | -| minizipTest.cpp:42:52:42:67 | *access to array | semmle.label | *access to array | -| minizipTest.cpp:42:52:42:67 | access to array | semmle.label | access to array | -| minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | semmle.label | mz_zip_entry_read output argument | -| minizipTest.cpp:54:29:54:38 | **zip_reader | semmle.label | **zip_reader | -| minizipTest.cpp:54:29:54:38 | *zip_reader | semmle.label | *zip_reader | -| minizipTest.cpp:54:29:54:38 | mz_zip_reader_open_file output argument | semmle.label | mz_zip_reader_open_file output argument | -| minizipTest.cpp:54:41:54:47 | *access to array | semmle.label | *access to array | -| minizipTest.cpp:55:36:55:45 | *zip_reader | semmle.label | *zip_reader | -| minizipTest.cpp:55:36:55:45 | mz_zip_reader_goto_first_entry output argument | semmle.label | mz_zip_reader_goto_first_entry output argument | -| minizipTest.cpp:60:30:60:39 | **zip_reader | semmle.label | **zip_reader | -| minizipTest.cpp:60:30:60:39 | *zip_reader | semmle.label | *zip_reader | -| minizipTest.cpp:69:13:69:19 | *access to array | semmle.label | *access to array | -| minizipTest.cpp:69:13:69:19 | access to array | semmle.label | access to array | -| minizipTest.cpp:101:46:101:50 | *pVoid | semmle.label | *pVoid | -| minizipTest.cpp:101:46:101:50 | *pVoid | semmle.label | *pVoid | -| minizipTest.cpp:109:39:109:44 | *handle | semmle.label | *handle | -| minizipTest.cpp:109:39:109:44 | *handle | semmle.label | *handle | -| zlibTest.cpp:52:25:52:25 | *a | semmle.label | *a | -| zlibTest.cpp:52:25:52:25 | *a | semmle.label | *a | -| zlibTest.cpp:63:25:63:35 | *a | semmle.label | *a | -| zlibTest.cpp:69:17:69:26 | & ... | semmle.label | & ... | -| zlibTest.cpp:70:13:70:22 | & ... | semmle.label | & ... | -| zlibTest.cpp:93:24:93:31 | *fileName | semmle.label | *fileName | -| zlibTest.cpp:93:24:93:31 | *fileName | semmle.label | *fileName | -| zlibTest.cpp:94:22:94:27 | call to gzopen | semmle.label | call to gzopen | -| zlibTest.cpp:94:22:94:27 | call to gzopen | semmle.label | call to gzopen | -| zlibTest.cpp:94:29:94:36 | *fileName | semmle.label | *fileName | -| zlibTest.cpp:101:32:101:38 | inFileZ | semmle.label | inFileZ | -| zlibTest.cpp:114:25:114:32 | *fileName | semmle.label | *fileName | -| zlibTest.cpp:114:25:114:32 | *fileName | semmle.label | *fileName | -| zlibTest.cpp:115:22:115:27 | call to gzopen | semmle.label | call to gzopen | -| zlibTest.cpp:115:22:115:27 | call to gzopen | semmle.label | call to gzopen | -| zlibTest.cpp:115:29:115:36 | *fileName | semmle.label | *fileName | -| zlibTest.cpp:121:38:121:44 | inFileZ | semmle.label | inFileZ | -| zlibTest.cpp:131:24:131:31 | *fileName | semmle.label | *fileName | -| zlibTest.cpp:131:24:131:31 | *fileName | semmle.label | *fileName | -| zlibTest.cpp:132:22:132:27 | call to gzopen | semmle.label | call to gzopen | -| zlibTest.cpp:132:22:132:27 | call to gzopen | semmle.label | call to gzopen | -| zlibTest.cpp:132:29:132:36 | *fileName | semmle.label | *fileName | -| zlibTest.cpp:139:25:139:31 | inFileZ | semmle.label | inFileZ | -| zlibTest.cpp:156:41:156:45 | *input | semmle.label | *input | -| zlibTest.cpp:163:29:163:43 | *input | semmle.label | *input | -| zlibTest.cpp:168:27:168:30 | **argv | semmle.label | **argv | -| zlibTest.cpp:169:19:169:25 | *access to array | semmle.label | *access to array | -| zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | semmle.label | UnsafeGzfread output argument | -| zlibTest.cpp:170:18:170:24 | *access to array | semmle.label | *access to array | -| zlibTest.cpp:170:18:170:24 | UnsafeGzgets output argument | semmle.label | UnsafeGzgets output argument | -| zlibTest.cpp:171:19:171:25 | *access to array | semmle.label | *access to array | -| zlibTest.cpp:171:19:171:25 | UnsafeInflate output argument | semmle.label | UnsafeInflate output argument | -| zlibTest.cpp:172:18:172:24 | *access to array | semmle.label | *access to array | -| zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument | semmle.label | UnsafeGzread output argument | -| zlibTest.cpp:174:19:174:66 | *access to array | semmle.label | *access to array | -| zstdTest.cpp:114:33:114:36 | **argv | semmle.label | **argv | -subpaths -| libarchiveTests.cpp:93:33:93:34 | *ar | libarchiveTests.cpp:57:45:57:52 | *pArchive | libarchiveTests.cpp:57:45:57:52 | *pArchive | libarchiveTests.cpp:93:33:93:34 | archive_read_data_block output argument | -| libarchiveTests.cpp:123:37:123:37 | *a | libarchiveTests.cpp:38:48:38:55 | *pArchive | libarchiveTests.cpp:38:48:38:55 | *pArchive | libarchiveTests.cpp:123:37:123:37 | archive_read_open_filename output argument | -| libarchiveTests.cpp:126:34:126:34 | *a | libarchiveTests.cpp:10:46:10:46 | *a | libarchiveTests.cpp:10:46:10:46 | *a | libarchiveTests.cpp:126:34:126:34 | archive_read_next_header output argument | -| libarchiveTests.cpp:129:23:129:23 | *a | libarchiveTests.cpp:86:38:86:39 | *ar | libarchiveTests.cpp:86:38:86:39 | *ar | libarchiveTests.cpp:129:23:129:23 | copy_data output argument | -| libarchiveTests.cpp:129:23:129:23 | *a | libarchiveTests.cpp:86:38:86:39 | *ar | libarchiveTests.cpp:86:38:86:39 | *ar [Return] | libarchiveTests.cpp:129:23:129:23 | copy_data output argument | -| minizipTest.cpp:42:52:42:67 | *access to array | minizipTest.cpp:28:46:28:48 | *buf | minizipTest.cpp:28:46:28:48 | *buf | minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | -| minizipTest.cpp:54:29:54:38 | *zip_reader | minizipTest.cpp:109:39:109:44 | *handle | minizipTest.cpp:109:39:109:44 | *handle | minizipTest.cpp:54:29:54:38 | mz_zip_reader_open_file output argument | -| minizipTest.cpp:55:36:55:45 | *zip_reader | minizipTest.cpp:101:46:101:50 | *pVoid | minizipTest.cpp:101:46:101:50 | *pVoid | minizipTest.cpp:55:36:55:45 | mz_zip_reader_goto_first_entry output argument | -| zlibTest.cpp:169:19:169:25 | *access to array | zlibTest.cpp:114:25:114:32 | *fileName | zlibTest.cpp:114:25:114:32 | *fileName | zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | -| zlibTest.cpp:170:18:170:24 | *access to array | zlibTest.cpp:131:24:131:31 | *fileName | zlibTest.cpp:131:24:131:31 | *fileName | zlibTest.cpp:170:18:170:24 | UnsafeGzgets output argument | -| zlibTest.cpp:171:19:171:25 | *access to array | zlibTest.cpp:52:25:52:25 | *a | zlibTest.cpp:52:25:52:25 | *a | zlibTest.cpp:171:19:171:25 | UnsafeInflate output argument | -| zlibTest.cpp:172:18:172:24 | *access to array | zlibTest.cpp:93:24:93:31 | *fileName | zlibTest.cpp:93:24:93:31 | *fileName | zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument | -#select -| brotliTest.cpp:31:42:31:60 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | access to array | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | access to array | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | access to array | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | access to array | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | access to array | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | access to array | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | access to array | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | access to array | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | access to array | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | access to array | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | access to array | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| brotliTest.cpp:31:42:31:60 | access to array | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| brotliTest.cpp:37:35:37:40 | *input2 | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| brotliTest.cpp:37:35:37:40 | *input2 | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| brotliTest.cpp:37:35:37:40 | *input2 | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| brotliTest.cpp:37:35:37:40 | *input2 | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| brotliTest.cpp:37:35:37:40 | *input2 | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| brotliTest.cpp:37:35:37:40 | *input2 | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| brotliTest.cpp:37:35:37:40 | *input2 | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| brotliTest.cpp:37:35:37:40 | *input2 | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| brotliTest.cpp:37:35:37:40 | *input2 | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| brotliTest.cpp:37:35:37:40 | *input2 | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| brotliTest.cpp:37:35:37:40 | *input2 | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| brotliTest.cpp:37:35:37:40 | *input2 | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| brotliTest.cpp:37:35:37:40 | *input2 | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| brotliTest.cpp:37:35:37:40 | *input2 | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| brotliTest.cpp:37:35:37:40 | *input2 | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| brotliTest.cpp:37:35:37:40 | *input2 | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| libarchiveTests.cpp:93:33:93:34 | *ar | brotliTest.cpp:29:32:29:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| libarchiveTests.cpp:93:33:93:34 | *ar | brotliTest.cpp:29:32:29:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| libarchiveTests.cpp:93:33:93:34 | *ar | brotliTest.cpp:29:32:29:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| libarchiveTests.cpp:93:33:93:34 | *ar | brotliTest.cpp:29:32:29:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| libarchiveTests.cpp:93:33:93:34 | *ar | libarchiveTests.cpp:144:32:144:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| libarchiveTests.cpp:93:33:93:34 | *ar | libarchiveTests.cpp:144:32:144:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| libarchiveTests.cpp:93:33:93:34 | *ar | libarchiveTests.cpp:144:32:144:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| libarchiveTests.cpp:93:33:93:34 | *ar | libarchiveTests.cpp:144:32:144:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| libarchiveTests.cpp:93:33:93:34 | *ar | minizipTest.cpp:36:32:36:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| libarchiveTests.cpp:93:33:93:34 | *ar | minizipTest.cpp:36:32:36:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| libarchiveTests.cpp:93:33:93:34 | *ar | minizipTest.cpp:36:32:36:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| libarchiveTests.cpp:93:33:93:34 | *ar | minizipTest.cpp:36:32:36:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| libarchiveTests.cpp:93:33:93:34 | *ar | zstdTest.cpp:114:33:114:36 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| libarchiveTests.cpp:93:33:93:34 | *ar | zstdTest.cpp:114:33:114:36 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| libarchiveTests.cpp:93:33:93:34 | *ar | zstdTest.cpp:114:33:114:36 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| libarchiveTests.cpp:93:33:93:34 | *ar | zstdTest.cpp:114:33:114:36 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:42:52:42:67 | access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | **zip_reader | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | **zip_reader | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | **zip_reader | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | **zip_reader | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | **zip_reader | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | **zip_reader | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | **zip_reader | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | **zip_reader | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | **zip_reader | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | **zip_reader | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | **zip_reader | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | **zip_reader | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | **zip_reader | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | **zip_reader | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | **zip_reader | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | **zip_reader | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | *zip_reader | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | *zip_reader | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | *zip_reader | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | *zip_reader | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | *zip_reader | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | *zip_reader | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | *zip_reader | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | *zip_reader | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | *zip_reader | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | *zip_reader | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | *zip_reader | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | *zip_reader | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | *zip_reader | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | *zip_reader | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | *zip_reader | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:60:30:60:39 | *zip_reader | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited | -| minizipTest.cpp:69:13:69:19 | access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited | -| zlibTest.cpp:70:13:70:22 | & ... | zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:70:13:70:22 | & ... | This Decompression output $@. | zlibTest.cpp:168:27:168:30 | **argv | is not limited | -| zlibTest.cpp:101:32:101:38 | inFileZ | zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:101:32:101:38 | inFileZ | This Decompression output $@. | zlibTest.cpp:168:27:168:30 | **argv | is not limited | -| zlibTest.cpp:121:38:121:44 | inFileZ | zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:121:38:121:44 | inFileZ | This Decompression output $@. | zlibTest.cpp:168:27:168:30 | **argv | is not limited | -| zlibTest.cpp:139:25:139:31 | inFileZ | zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:139:25:139:31 | inFileZ | This Decompression output $@. | zlibTest.cpp:168:27:168:30 | **argv | is not limited | -| zlibTest.cpp:163:29:163:43 | *input | zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:163:29:163:43 | *input | This Decompression output $@. | zlibTest.cpp:168:27:168:30 | **argv | is not limited | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.qlref b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.qlref deleted file mode 100644 index b3f71c4891a4..000000000000 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.qlref +++ /dev/null @@ -1 +0,0 @@ -experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.ql \ No newline at end of file diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected new file mode 100644 index 000000000000..d7be5cf40688 --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected @@ -0,0 +1,173 @@ +edges +| brotliTest.cpp:15:41:15:44 | **argv | brotliTest.cpp:15:41:15:44 | **argv | provenance | | +| brotliTest.cpp:15:41:15:44 | **argv | brotliTest.cpp:18:35:18:53 | *access to array | provenance | | +| brotliTest.cpp:15:41:15:44 | **argv | brotliTest.cpp:21:30:21:52 | *access to array | provenance | | +| brotliTest.cpp:21:30:21:52 | *access to array | brotliTest.cpp:24:51:24:58 | **& ... | provenance | | +| libarchiveTests.cpp:16:31:16:32 | *ar | libarchiveTests.cpp:16:31:16:32 | *ar | provenance | | +| libarchiveTests.cpp:16:31:16:32 | *ar | libarchiveTests.cpp:22:41:22:42 | *ar | provenance | | +| libarchiveTests.cpp:30:45:30:48 | **argv | libarchiveTests.cpp:30:45:30:48 | **argv | provenance | | +| libarchiveTests.cpp:30:45:30:48 | **argv | libarchiveTests.cpp:34:35:34:41 | *access to array | provenance | | +| libarchiveTests.cpp:34:32:34:32 | *a | libarchiveTests.cpp:38:27:38:27 | *a | provenance | | +| libarchiveTests.cpp:34:35:34:41 | *access to array | libarchiveTests.cpp:34:32:34:32 | *a | provenance | Config | +| libarchiveTests.cpp:38:27:38:27 | *a | libarchiveTests.cpp:16:31:16:32 | *ar | provenance | | +| libarchiveTests.cpp:38:27:38:27 | *a | libarchiveTests.cpp:38:27:38:27 | read_data output argument | provenance | | +| libarchiveTests.cpp:38:27:38:27 | read_data output argument | libarchiveTests.cpp:38:27:38:27 | *a | provenance | | +| main.cpp:7:33:7:36 | **argv | main.cpp:8:23:8:26 | **argv | provenance | | +| main.cpp:7:33:7:36 | **argv | main.cpp:9:27:9:30 | **argv | provenance | | +| main.cpp:7:33:7:36 | **argv | main.cpp:10:24:10:27 | **argv | provenance | | +| main.cpp:7:33:7:36 | **argv | main.cpp:11:21:11:24 | **argv | provenance | | +| main.cpp:8:23:8:26 | **argv | brotliTest.cpp:15:41:15:44 | **argv | provenance | | +| main.cpp:8:23:8:26 | **argv | main.cpp:8:23:8:26 | brotli_test output argument | provenance | | +| main.cpp:8:23:8:26 | brotli_test output argument | main.cpp:9:27:9:30 | **argv | provenance | | +| main.cpp:8:23:8:26 | brotli_test output argument | main.cpp:10:24:10:27 | **argv | provenance | | +| main.cpp:8:23:8:26 | brotli_test output argument | main.cpp:11:21:11:24 | **argv | provenance | | +| main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:30:45:30:48 | **argv | provenance | | +| main.cpp:9:27:9:30 | **argv | main.cpp:9:27:9:30 | libarchive_test output argument | provenance | | +| main.cpp:9:27:9:30 | libarchive_test output argument | main.cpp:10:24:10:27 | **argv | provenance | | +| main.cpp:9:27:9:30 | libarchive_test output argument | main.cpp:11:21:11:24 | **argv | provenance | | +| main.cpp:10:24:10:27 | **argv | main.cpp:10:24:10:27 | minizip_test output argument | provenance | | +| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:12:42:12:45 | **argv | provenance | | +| main.cpp:10:24:10:27 | minizip_test output argument | main.cpp:11:21:11:24 | **argv | provenance | | +| main.cpp:11:21:11:24 | **argv | zlibTest.cpp:80:33:80:36 | **argv | provenance | | +| minizipTest.cpp:12:42:12:45 | **argv | minizipTest.cpp:12:42:12:45 | **argv | provenance | | +| minizipTest.cpp:12:42:12:45 | **argv | minizipTest.cpp:17:52:17:67 | *access to array | provenance | | +| minizipTest.cpp:12:42:12:45 | **argv | minizipTest.cpp:24:41:24:47 | *access to array | provenance | | +| minizipTest.cpp:12:42:12:45 | **argv | minizipTest.cpp:28:13:28:19 | *access to array | provenance | | +| minizipTest.cpp:24:29:24:38 | **zip_reader | minizipTest.cpp:26:30:26:39 | **zip_reader | provenance | | +| minizipTest.cpp:24:29:24:38 | *zip_reader | minizipTest.cpp:26:30:26:39 | *zip_reader | provenance | | +| minizipTest.cpp:24:41:24:47 | *access to array | minizipTest.cpp:24:29:24:38 | **zip_reader | provenance | Config | +| minizipTest.cpp:24:41:24:47 | *access to array | minizipTest.cpp:24:29:24:38 | *zip_reader | provenance | Config | +| zlibTest.cpp:16:26:16:30 | *input | zlibTest.cpp:20:25:20:39 | *input | provenance | | +| zlibTest.cpp:20:25:20:39 | *input | zlibTest.cpp:16:26:16:30 | *input | provenance | | +| zlibTest.cpp:20:25:20:39 | *input | zlibTest.cpp:24:17:24:26 | & ... | provenance | Config | +| zlibTest.cpp:20:25:20:39 | *input | zlibTest.cpp:25:13:25:22 | & ... | provenance | Config | +| zlibTest.cpp:24:17:24:26 | & ... | zlibTest.cpp:25:13:25:22 | & ... | provenance | | +| zlibTest.cpp:37:25:37:32 | *fileName | zlibTest.cpp:38:29:38:36 | *fileName | provenance | | +| zlibTest.cpp:38:22:38:27 | call to gzopen | zlibTest.cpp:38:22:38:27 | call to gzopen | provenance | | +| zlibTest.cpp:38:22:38:27 | call to gzopen | zlibTest.cpp:41:20:41:26 | inFileZ | provenance | | +| zlibTest.cpp:38:29:38:36 | *fileName | zlibTest.cpp:37:25:37:32 | *fileName | provenance | | +| zlibTest.cpp:38:29:38:36 | *fileName | zlibTest.cpp:38:22:38:27 | call to gzopen | provenance | Config | +| zlibTest.cpp:47:26:47:33 | *fileName | zlibTest.cpp:48:29:48:36 | *fileName | provenance | | +| zlibTest.cpp:48:22:48:27 | call to gzopen | zlibTest.cpp:48:22:48:27 | call to gzopen | provenance | | +| zlibTest.cpp:48:22:48:27 | call to gzopen | zlibTest.cpp:51:38:51:44 | inFileZ | provenance | | +| zlibTest.cpp:48:29:48:36 | *fileName | zlibTest.cpp:47:26:47:33 | *fileName | provenance | | +| zlibTest.cpp:48:29:48:36 | *fileName | zlibTest.cpp:48:22:48:27 | call to gzopen | provenance | Config | +| zlibTest.cpp:57:25:57:32 | *fileName | zlibTest.cpp:58:29:58:36 | *fileName | provenance | | +| zlibTest.cpp:58:22:58:27 | call to gzopen | zlibTest.cpp:58:22:58:27 | call to gzopen | provenance | | +| zlibTest.cpp:58:22:58:27 | call to gzopen | zlibTest.cpp:62:25:62:31 | inFileZ | provenance | | +| zlibTest.cpp:58:29:58:36 | *fileName | zlibTest.cpp:57:25:57:32 | *fileName | provenance | | +| zlibTest.cpp:58:29:58:36 | *fileName | zlibTest.cpp:58:22:58:27 | call to gzopen | provenance | Config | +| zlibTest.cpp:71:26:71:30 | *input | zlibTest.cpp:77:45:77:59 | *input | provenance | | +| zlibTest.cpp:80:33:80:36 | **argv | zlibTest.cpp:81:19:81:25 | *access to array | provenance | | +| zlibTest.cpp:80:33:80:36 | **argv | zlibTest.cpp:82:18:82:24 | *access to array | provenance | | +| zlibTest.cpp:80:33:80:36 | **argv | zlibTest.cpp:83:19:83:25 | *access to array | provenance | | +| zlibTest.cpp:80:33:80:36 | **argv | zlibTest.cpp:84:18:84:24 | *access to array | provenance | | +| zlibTest.cpp:80:33:80:36 | **argv | zlibTest.cpp:85:19:85:25 | *access to array | provenance | | +| zlibTest.cpp:81:19:81:25 | *access to array | zlibTest.cpp:47:26:47:33 | *fileName | provenance | | +| zlibTest.cpp:81:19:81:25 | *access to array | zlibTest.cpp:81:19:81:25 | UnsafeGzfread output argument | provenance | | +| zlibTest.cpp:81:19:81:25 | UnsafeGzfread output argument | zlibTest.cpp:82:18:82:24 | *access to array | provenance | | +| zlibTest.cpp:81:19:81:25 | UnsafeGzfread output argument | zlibTest.cpp:83:19:83:25 | *access to array | provenance | | +| zlibTest.cpp:81:19:81:25 | UnsafeGzfread output argument | zlibTest.cpp:84:18:84:24 | *access to array | provenance | | +| zlibTest.cpp:81:19:81:25 | UnsafeGzfread output argument | zlibTest.cpp:85:19:85:25 | *access to array | provenance | | +| zlibTest.cpp:82:18:82:24 | *access to array | zlibTest.cpp:57:25:57:32 | *fileName | provenance | | +| zlibTest.cpp:82:18:82:24 | *access to array | zlibTest.cpp:82:18:82:24 | UnsafeGzgets output argument | provenance | | +| zlibTest.cpp:82:18:82:24 | UnsafeGzgets output argument | zlibTest.cpp:83:19:83:25 | *access to array | provenance | | +| zlibTest.cpp:82:18:82:24 | UnsafeGzgets output argument | zlibTest.cpp:84:18:84:24 | *access to array | provenance | | +| zlibTest.cpp:82:18:82:24 | UnsafeGzgets output argument | zlibTest.cpp:85:19:85:25 | *access to array | provenance | | +| zlibTest.cpp:83:19:83:25 | *access to array | zlibTest.cpp:16:26:16:30 | *input | provenance | | +| zlibTest.cpp:83:19:83:25 | *access to array | zlibTest.cpp:83:19:83:25 | UnsafeInflate output argument | provenance | | +| zlibTest.cpp:83:19:83:25 | UnsafeInflate output argument | zlibTest.cpp:84:18:84:24 | *access to array | provenance | | +| zlibTest.cpp:83:19:83:25 | UnsafeInflate output argument | zlibTest.cpp:85:19:85:25 | *access to array | provenance | | +| zlibTest.cpp:84:18:84:24 | *access to array | zlibTest.cpp:37:25:37:32 | *fileName | provenance | | +| zlibTest.cpp:84:18:84:24 | *access to array | zlibTest.cpp:84:18:84:24 | UnsafeGzread output argument | provenance | | +| zlibTest.cpp:84:18:84:24 | UnsafeGzread output argument | zlibTest.cpp:85:19:85:25 | *access to array | provenance | | +| zlibTest.cpp:85:19:85:25 | *access to array | zlibTest.cpp:71:26:71:30 | *input | provenance | | +nodes +| brotliTest.cpp:15:41:15:44 | **argv | semmle.label | **argv | +| brotliTest.cpp:15:41:15:44 | **argv | semmle.label | **argv | +| brotliTest.cpp:18:35:18:53 | *access to array | semmle.label | *access to array | +| brotliTest.cpp:21:30:21:52 | *access to array | semmle.label | *access to array | +| brotliTest.cpp:24:51:24:58 | **& ... | semmle.label | **& ... | +| libarchiveTests.cpp:16:31:16:32 | *ar | semmle.label | *ar | +| libarchiveTests.cpp:16:31:16:32 | *ar | semmle.label | *ar | +| libarchiveTests.cpp:22:41:22:42 | *ar | semmle.label | *ar | +| libarchiveTests.cpp:30:45:30:48 | **argv | semmle.label | **argv | +| libarchiveTests.cpp:30:45:30:48 | **argv | semmle.label | **argv | +| libarchiveTests.cpp:34:32:34:32 | *a | semmle.label | *a | +| libarchiveTests.cpp:34:35:34:41 | *access to array | semmle.label | *access to array | +| libarchiveTests.cpp:38:27:38:27 | *a | semmle.label | *a | +| libarchiveTests.cpp:38:27:38:27 | read_data output argument | semmle.label | read_data output argument | +| main.cpp:7:33:7:36 | **argv | semmle.label | **argv | +| main.cpp:8:23:8:26 | **argv | semmle.label | **argv | +| main.cpp:8:23:8:26 | brotli_test output argument | semmle.label | brotli_test output argument | +| main.cpp:9:27:9:30 | **argv | semmle.label | **argv | +| main.cpp:9:27:9:30 | libarchive_test output argument | semmle.label | libarchive_test output argument | +| main.cpp:10:24:10:27 | **argv | semmle.label | **argv | +| main.cpp:10:24:10:27 | minizip_test output argument | semmle.label | minizip_test output argument | +| main.cpp:11:21:11:24 | **argv | semmle.label | **argv | +| minizipTest.cpp:12:42:12:45 | **argv | semmle.label | **argv | +| minizipTest.cpp:12:42:12:45 | **argv | semmle.label | **argv | +| minizipTest.cpp:17:52:17:67 | *access to array | semmle.label | *access to array | +| minizipTest.cpp:24:29:24:38 | **zip_reader | semmle.label | **zip_reader | +| minizipTest.cpp:24:29:24:38 | *zip_reader | semmle.label | *zip_reader | +| minizipTest.cpp:24:41:24:47 | *access to array | semmle.label | *access to array | +| minizipTest.cpp:26:30:26:39 | **zip_reader | semmle.label | **zip_reader | +| minizipTest.cpp:26:30:26:39 | *zip_reader | semmle.label | *zip_reader | +| minizipTest.cpp:28:13:28:19 | *access to array | semmle.label | *access to array | +| zlibTest.cpp:16:26:16:30 | *input | semmle.label | *input | +| zlibTest.cpp:16:26:16:30 | *input | semmle.label | *input | +| zlibTest.cpp:20:25:20:39 | *input | semmle.label | *input | +| zlibTest.cpp:24:17:24:26 | & ... | semmle.label | & ... | +| zlibTest.cpp:25:13:25:22 | & ... | semmle.label | & ... | +| zlibTest.cpp:37:25:37:32 | *fileName | semmle.label | *fileName | +| zlibTest.cpp:37:25:37:32 | *fileName | semmle.label | *fileName | +| zlibTest.cpp:38:22:38:27 | call to gzopen | semmle.label | call to gzopen | +| zlibTest.cpp:38:22:38:27 | call to gzopen | semmle.label | call to gzopen | +| zlibTest.cpp:38:29:38:36 | *fileName | semmle.label | *fileName | +| zlibTest.cpp:41:20:41:26 | inFileZ | semmle.label | inFileZ | +| zlibTest.cpp:47:26:47:33 | *fileName | semmle.label | *fileName | +| zlibTest.cpp:47:26:47:33 | *fileName | semmle.label | *fileName | +| zlibTest.cpp:48:22:48:27 | call to gzopen | semmle.label | call to gzopen | +| zlibTest.cpp:48:22:48:27 | call to gzopen | semmle.label | call to gzopen | +| zlibTest.cpp:48:29:48:36 | *fileName | semmle.label | *fileName | +| zlibTest.cpp:51:38:51:44 | inFileZ | semmle.label | inFileZ | +| zlibTest.cpp:57:25:57:32 | *fileName | semmle.label | *fileName | +| zlibTest.cpp:57:25:57:32 | *fileName | semmle.label | *fileName | +| zlibTest.cpp:58:22:58:27 | call to gzopen | semmle.label | call to gzopen | +| zlibTest.cpp:58:22:58:27 | call to gzopen | semmle.label | call to gzopen | +| zlibTest.cpp:58:29:58:36 | *fileName | semmle.label | *fileName | +| zlibTest.cpp:62:25:62:31 | inFileZ | semmle.label | inFileZ | +| zlibTest.cpp:71:26:71:30 | *input | semmle.label | *input | +| zlibTest.cpp:77:45:77:59 | *input | semmle.label | *input | +| zlibTest.cpp:80:33:80:36 | **argv | semmle.label | **argv | +| zlibTest.cpp:81:19:81:25 | *access to array | semmle.label | *access to array | +| zlibTest.cpp:81:19:81:25 | UnsafeGzfread output argument | semmle.label | UnsafeGzfread output argument | +| zlibTest.cpp:82:18:82:24 | *access to array | semmle.label | *access to array | +| zlibTest.cpp:82:18:82:24 | UnsafeGzgets output argument | semmle.label | UnsafeGzgets output argument | +| zlibTest.cpp:83:19:83:25 | *access to array | semmle.label | *access to array | +| zlibTest.cpp:83:19:83:25 | UnsafeInflate output argument | semmle.label | UnsafeInflate output argument | +| zlibTest.cpp:84:18:84:24 | *access to array | semmle.label | *access to array | +| zlibTest.cpp:84:18:84:24 | UnsafeGzread output argument | semmle.label | UnsafeGzread output argument | +| zlibTest.cpp:85:19:85:25 | *access to array | semmle.label | *access to array | +subpaths +| libarchiveTests.cpp:38:27:38:27 | *a | libarchiveTests.cpp:16:31:16:32 | *ar | libarchiveTests.cpp:16:31:16:32 | *ar | libarchiveTests.cpp:38:27:38:27 | read_data output argument | +| main.cpp:8:23:8:26 | **argv | brotliTest.cpp:15:41:15:44 | **argv | brotliTest.cpp:15:41:15:44 | **argv | main.cpp:8:23:8:26 | brotli_test output argument | +| main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:30:45:30:48 | **argv | libarchiveTests.cpp:30:45:30:48 | **argv | main.cpp:9:27:9:30 | libarchive_test output argument | +| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:12:42:12:45 | **argv | minizipTest.cpp:12:42:12:45 | **argv | main.cpp:10:24:10:27 | minizip_test output argument | +| zlibTest.cpp:81:19:81:25 | *access to array | zlibTest.cpp:47:26:47:33 | *fileName | zlibTest.cpp:47:26:47:33 | *fileName | zlibTest.cpp:81:19:81:25 | UnsafeGzfread output argument | +| zlibTest.cpp:82:18:82:24 | *access to array | zlibTest.cpp:57:25:57:32 | *fileName | zlibTest.cpp:57:25:57:32 | *fileName | zlibTest.cpp:82:18:82:24 | UnsafeGzgets output argument | +| zlibTest.cpp:83:19:83:25 | *access to array | zlibTest.cpp:16:26:16:30 | *input | zlibTest.cpp:16:26:16:30 | *input | zlibTest.cpp:83:19:83:25 | UnsafeInflate output argument | +| zlibTest.cpp:84:18:84:24 | *access to array | zlibTest.cpp:37:25:37:32 | *fileName | zlibTest.cpp:37:25:37:32 | *fileName | zlibTest.cpp:84:18:84:24 | UnsafeGzread output argument | +#select +| brotliTest.cpp:18:35:18:53 | *access to array | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:18:35:18:53 | *access to array | The decompression output of $@ is not limited | brotliTest.cpp:18:5:18:27 | call to BrotliDecoderDecompress | BrotliDecoderDecompress | +| brotliTest.cpp:24:51:24:58 | **& ... | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:24:51:24:58 | **& ... | The decompression output of $@ is not limited | brotliTest.cpp:24:5:24:33 | call to BrotliDecoderDecompressStream | BrotliDecoderDecompressStream | +| libarchiveTests.cpp:22:41:22:42 | *ar | main.cpp:7:33:7:36 | **argv | libarchiveTests.cpp:22:41:22:42 | *ar | The decompression output of $@ is not limited | libarchiveTests.cpp:22:17:22:39 | call to archive_read_data_block | archive_read_data_block | +| minizipTest.cpp:17:52:17:67 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:17:52:17:67 | *access to array | The decompression output of $@ is not limited | minizipTest.cpp:17:22:17:38 | call to mz_zip_entry_read | mz_zip_entry_read | +| minizipTest.cpp:26:30:26:39 | **zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:26:30:26:39 | **zip_reader | The decompression output of $@ is not limited | minizipTest.cpp:26:5:26:28 | call to mz_zip_reader_entry_save | mz_zip_reader_entry_save | +| minizipTest.cpp:26:30:26:39 | *zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:26:30:26:39 | *zip_reader | The decompression output of $@ is not limited | minizipTest.cpp:26:5:26:28 | call to mz_zip_reader_entry_save | mz_zip_reader_entry_save | +| minizipTest.cpp:28:13:28:19 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:28:13:28:19 | *access to array | The decompression output of $@ is not limited | minizipTest.cpp:28:5:28:11 | call to UnzOpen | UnzOpen | +| zlibTest.cpp:25:13:25:22 | & ... | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:25:13:25:22 | & ... | The decompression output of $@ is not limited | zlibTest.cpp:25:5:25:11 | call to inflate | inflate | +| zlibTest.cpp:41:20:41:26 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:41:20:41:26 | inFileZ | The decompression output of $@ is not limited | zlibTest.cpp:41:13:41:18 | call to gzread | gzread | +| zlibTest.cpp:51:38:51:44 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:51:38:51:44 | inFileZ | The decompression output of $@ is not limited | zlibTest.cpp:51:14:51:20 | call to gzfread | gzfread | +| zlibTest.cpp:62:25:62:31 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:62:25:62:31 | inFileZ | The decompression output of $@ is not limited | zlibTest.cpp:62:18:62:23 | call to gzgets | gzgets | +| zlibTest.cpp:77:45:77:59 | *input | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:77:45:77:59 | *input | The decompression output of $@ is not limited | zlibTest.cpp:77:5:77:14 | call to uncompress | uncompress | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.qlref b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.qlref new file mode 100644 index 000000000000..3dcbc9db9ff4 --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.qlref @@ -0,0 +1 @@ +experimental/Security/CWE/CWE-409/DecompressionBombs.ql diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp new file mode 100644 index 000000000000..902749434736 --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp @@ -0,0 +1,26 @@ +typedef long unsigned int size_t; +typedef unsigned char uint8_t; + +enum BrotliDecoderResult {}; +struct BrotliDecoderState; + +BrotliDecoderResult BrotliDecoderDecompress( + size_t encoded_size, const uint8_t encoded_buffer[], + size_t *decoded_size, uint8_t decoded_buffer[]); + +BrotliDecoderResult BrotliDecoderDecompressStream( + BrotliDecoderState *state, size_t *available_in, const uint8_t **next_in, + size_t *available_out, uint8_t **next_out, size_t *total_out); + +void brotli_test(int argc, const char **argv) { + uint8_t output[1024]; + size_t output_size = sizeof(output); + BrotliDecoderDecompress(1024, (uint8_t *) argv[2], &output_size, output); // BAD + + size_t input_size = 1024; + const uint8_t *input_p = (const uint8_t*)argv[2]; + uint8_t *output_p = output; + size_t out_size; + BrotliDecoderDecompressStream(0, &input_size, &input_p, &output_size, // BAD + &output_p, &out_size); +} diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp new file mode 100644 index 000000000000..5988c9d0fc5e --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp @@ -0,0 +1,42 @@ +#define ARCHIVE_EOF 1 +#define ARCHIVE_OK 0 +#define ARCHIVE_WARN (-20) + +struct archive; +struct archive_entry; +typedef int size_t; +typedef int la_int64_t; + +archive *archive_read_new(); +int archive_read_open_filename(archive *pArchive, const char *filename, int i); +int archive_read_next_header(archive *a, archive_entry **entry); +int archive_entry_size(archive_entry *pEntry); +int archive_read_data_block(archive *pArchive, const void **pVoid, size_t *pInt, la_int64_t *pInt1); + +static int read_data(archive *ar) { + for (;;) { + const void *buff; + size_t size; + la_int64_t offset; + + int r = archive_read_data_block(ar, &buff, &size, &offset); // BAD + if (r == ARCHIVE_EOF) + return ARCHIVE_OK; + if (r < ARCHIVE_OK) + return r; + } +} + +void libarchive_test(int argc, const char **argv) { + archive *a = archive_read_new(); + archive_entry *entry; + + archive_read_open_filename(a, argv[1], 10240); + for (;;) { + archive_read_next_header(a, &entry); + if (archive_entry_size(entry) > 0) { + if (read_data(a) < ARCHIVE_WARN) + break; + } + } +} diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/main.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/main.cpp new file mode 100644 index 000000000000..47f76ff079ba --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/main.cpp @@ -0,0 +1,14 @@ +void brotli_test(int argc, const char **argv); +void libarchive_test(int argc, const char **argv); +void minizip_test(int argc, const char **argv); +void zlib_test(int argc, const char **argv); +void zstd_test(int argc, const char **argv); + +int main(int argc, const char **argv) { + brotli_test(argc, argv); + libarchive_test(argc, argv); + minizip_test(argc, argv); + zlib_test(argc, argv); + zstd_test(argc, argv); + return 0; +} diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp new file mode 100644 index 000000000000..636f579feea7 --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp @@ -0,0 +1,29 @@ +typedef signed int int32_t; + +void *mz_zip_reader_create(); +int32_t mz_zip_reader_open_file(void *handle, const char *path); +int32_t mz_zip_reader_goto_first_entry(void *pVoid); +int32_t mz_zip_reader_entry_save(void *pVoid, int stream, int write); +int32_t mz_zip_entry_read(void *pVoid, void *buf, int32_t i); +void UnzOpen(const char *string); + +void *mz_zip_create(); + +void minizip_test(int argc, const char **argv) { + void *zip_handle = mz_zip_create(); + int32_t bytes_read; + char buf[4096]; + while(true) { + bytes_read = mz_zip_entry_read(zip_handle, (char *) argv[1], sizeof(buf)); // BAD + if (bytes_read <= 0) { + break; + } + } + + void *zip_reader = mz_zip_reader_create(); + mz_zip_reader_open_file(zip_reader, argv[1]); + mz_zip_reader_goto_first_entry(zip_reader); + mz_zip_reader_entry_save(zip_reader, 0, 0); // BAD + + UnzOpen(argv[3]); // BAD +} diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zlibTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zlibTest.cpp new file mode 100644 index 000000000000..7643a607407b --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zlibTest.cpp @@ -0,0 +1,86 @@ +typedef unsigned char Bytef; +typedef unsigned long uLong; +typedef uLong uLongf; +typedef unsigned int uInt; + +struct z_stream { + Bytef *next_in; + Bytef *next_out; + uInt avail_out; +}; + +void inflateInit(z_stream *infstream); +void inflate(z_stream *infstream, int i); +void inflateEnd(z_stream *infstream); + +void UnsafeInflate(char *input) { + unsigned char output[1024]; + + z_stream infstream; + infstream.next_in = (Bytef *) input; // input char array + infstream.avail_out = sizeof(output); // size of output + infstream.next_out = output; // output char array + + inflateInit(&infstream); + inflate(&infstream, 0); // BAD +} + + +struct gzFile { +}; + +gzFile gzopen(char *str, const char *rb); +unsigned int gzread(gzFile gz_file, unsigned char *str, int i); +bool gzfread(char *str, int i, int i1, gzFile gz_file); +char *gzgets(gzFile gz_file, char *buffer, int i); + +void UnsafeGzread(char *fileName) { + gzFile inFileZ = gzopen(fileName, "rb"); + unsigned char unzipBuffer[8192]; + while (true) { + if (gzread(inFileZ, unzipBuffer, 8192) <= 0) { // BAD + break; + } + } +} + +void UnsafeGzfread(char *fileName) { + gzFile inFileZ = gzopen(fileName, "rb"); + while (true) { + char buffer[1000]; + if (!gzfread(buffer, 999, 1, inFileZ)) { // BAD + break; + } + } +} + +void UnsafeGzgets(char *fileName) { + gzFile inFileZ = gzopen(fileName, "rb"); + char *buffer = new char[4000000000]; + char *result; + while (true) { + result = gzgets(inFileZ, buffer, 1000000000); // BAD + if (result == nullptr) { + break; + } + } +} + +int uncompress(Bytef *dest, uLongf *destLen, const Bytef *source, uLong sourceLen); + +void InflateString(char *input) { + unsigned char output[1024]; + + uLong source_length = 500; + uLong destination_length = sizeof(output); + + uncompress(output, &destination_length, (Bytef *) input, source_length); // BAD +} + +void zlib_test(int argc, char **argv) { + UnsafeGzfread(argv[2]); + UnsafeGzgets(argv[2]); + UnsafeInflate(argv[2]); + UnsafeGzread(argv[2]); + InflateString(argv[2]); +} diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/zstdTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zstdTest.cpp similarity index 63% rename from cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/zstdTest.cpp rename to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zstdTest.cpp index e04b85adfb7c..e19f2d4c6757 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/zstdTest.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zstdTest.cpp @@ -1,25 +1,16 @@ typedef struct _IO_FILE FILE; -static FILE *fopen_orDie(const char *filename, const char *instruction) { - return nullptr; -} +FILE *fopen_orDie(const char *filename, const char *instruction); typedef long unsigned int size_t; -static const size_t ZSTD_DStreamInSize() { - return 0; -} +const size_t ZSTD_DStreamInSize(); -static void *const malloc_orDie(const size_t size) { - return nullptr; -} +void *const malloc_orDie(const size_t size); -static const size_t ZSTD_DStreamOutSize() { - return 0; -} +const size_t ZSTD_DStreamOutSize(); -struct ZSTD_DCtx { -}; +struct ZSTD_DCtx; typedef struct ZSTD_inBuffer_s { const void *src; @@ -32,44 +23,25 @@ typedef struct ZSTD_outBuffer_s { size_t pos; } ZSTD_outBuffer; -static ZSTD_DCtx *const ZSTD_createDCtx() { - return nullptr; -} - -static void CHECK(bool b, const char *string) { +ZSTD_DCtx *const ZSTD_createDCtx(); -} +void CHECK(bool b, const char *string); -static size_t fread_orDie(void *const pVoid, const size_t read, FILE *const pFile) { -} +size_t fread_orDie(void *const pVoid, const size_t read, FILE *const pFile); -static void CHECK_ZSTD(const size_t ret) { +void CHECK_ZSTD(const size_t ret); -} +void fwrite_orDie(void *const pVoid, size_t pos, FILE *const pFile); -static void fwrite_orDie(void *const pVoid, size_t pos, FILE *const pFile) { +void exit(int i); -} +void fclose_orDie(FILE *const pFile); -static void exit(int i) { +void free(void *const pVoid); -} +const size_t ZSTD_decompressStream(ZSTD_DCtx *const pCtx, ZSTD_outBuffer *pS, ZSTD_inBuffer *pS1); -static void fclose_orDie(FILE *const pFile) { - -} - -static void free(void *const pVoid) { - -} - -static const size_t ZSTD_decompressStream(ZSTD_DCtx *const pCtx, ZSTD_outBuffer *pS, ZSTD_inBuffer *pS1) { - -} - -static void ZSTD_freeDCtx(ZSTD_DCtx *const pCtx) { - -} +void ZSTD_freeDCtx(ZSTD_DCtx *const pCtx); static void decompressFile_orDie(const char *fname) { FILE *const fin = fopen_orDie(fname, "rb"); @@ -111,8 +83,7 @@ static void decompressFile_orDie(const char *fname) { } -int main(int argc, const char **argv) { +void zstd_test(int argc, const char **argv) { const char *const inFilename = argv[1]; decompressFile_orDie(inFilename); - return 0; -} \ No newline at end of file +} diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/brotliTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/brotliTest.cpp deleted file mode 100644 index 34285afc4649..000000000000 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/brotliTest.cpp +++ /dev/null @@ -1,41 +0,0 @@ -typedef long unsigned int size_t; -typedef unsigned char uint8_t; -typedef enum { -} BrotliDecoderResult; - -BrotliDecoderResult BrotliDecoderDecompress( - size_t encoded_size, - const uint8_t encoded_buffer[], - size_t *decoded_size, - uint8_t decoded_buffer[]) { return static_cast(0); }; - -struct { -} BrotliDecoderStateStruct; - -void strncpy(char *string, const char *string1, int i); - -typedef struct BrotliDecoderStateStruct BrotliDecoderState; - -BrotliDecoderResult BrotliDecoderDecompressStream( - BrotliDecoderState *state, size_t *available_in, const uint8_t **next_in, - size_t *available_out, uint8_t **next_out, size_t *total_out) { return static_cast(0); }; - -namespace std { - void strncpy(char *string, const char *string1, int i) { - - } -} - -int main(int argc, const char *argv[]) { - uint8_t *output = nullptr; - BrotliDecoderDecompress(1024 * 1024, (uint8_t *) argv[2], - reinterpret_cast(1024 * 1024 * 1024), output); - uint8_t **output2 = nullptr; - const uint8_t **input2 = nullptr; - std::strncpy(reinterpret_cast(input2), argv[2], 32); - BrotliDecoderDecompressStream(0, reinterpret_cast(1024 * 1024), - input2, reinterpret_cast(1024 * 1024 * 1024), - output2, - reinterpret_cast(1024 * 1024 * 1024)); - return 0; -} diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/libarchiveTests.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/libarchiveTests.cpp deleted file mode 100644 index d20486a007b3..000000000000 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/libarchiveTests.cpp +++ /dev/null @@ -1,147 +0,0 @@ -#define ARCHIVE_EXTRACT_TIME (0x0004) -#define ARCHIVE_EXTRACT_PERM (0x0002) -#define ARCHIVE_EXTRACT_ACL (0x0020) -#define ARCHIVE_EXTRACT_FFLAGS (0x0040) -#define ARCHIVE_EOF 1 /* Found end of archive. */ -#define ARCHIVE_OK 0 /* Operation was successful. */ -#define ARCHIVE_WARN (-20) /* Partial success. */ - - -int archive_read_next_header(struct archive *a, struct archive_entry **entry) { - return 1; -} - -static struct archive *archive_read_new() { - return nullptr; -} - -static archive *archive_write_disk_new() { - return nullptr; -} - -static void archive_read_support_format_all(archive *pArchive) { - -} - -static void archive_read_support_filter_all(archive *pArchive) { - -} - -static void archive_write_disk_set_options(archive *pArchive, int flags) { - -} - -static void archive_write_disk_set_standard_lookup(archive *pArchive) { - -} - -static int archive_read_open_filename(archive *pArchive, const char *filename, int i) {} - -static void archive_error_string(archive *pArchive) { - -} - -struct archive_entry { -}; - -static int archive_write_header(archive *pArchive, archive_entry *entry) { - return 0; -} - -static int archive_entry_size(archive_entry *pEntry) { -} - -typedef int size_t; -typedef int la_int64_t; - -static int archive_read_data_block(archive *pArchive, const void **pVoid, size_t *pInt, la_int64_t *pInt1) { - return 0; -} - -static int archive_write_data_block(archive *pArchive, const void *pVoid, size_t size, la_int64_t offset) { - return 0; -} - -static int archive_write_finish_entry(archive *pArchive) { - return 0; -} - -static void archive_read_close(archive *pArchive) { - -} - -static void archive_read_free(archive *pArchive) { - -} - -static void archive_write_close(archive *pArchive) { - -} - -static void archive_write_free(archive *pArchive) { - -} - - -static int copy_data(struct archive *ar, struct archive *aw) { - int r; - const void *buff; - size_t size; - la_int64_t offset; - - for (;;) { - archive_read_data_block(ar, &buff, &size, &offset); - if (r == ARCHIVE_EOF) - return (ARCHIVE_OK); - if (r < ARCHIVE_OK) - return (r); - archive_write_data_block(aw, buff, size, offset); - if (r < ARCHIVE_OK) { - return (r); - } - } -} - -static void extract(const char *filename) { - struct archive *a; - struct archive *ext; - struct archive_entry *entry; - int flags; - int r; - /* Select which attributes we want to restore. */ - flags = ARCHIVE_EXTRACT_TIME; - flags |= ARCHIVE_EXTRACT_PERM; - flags |= ARCHIVE_EXTRACT_ACL; - flags |= ARCHIVE_EXTRACT_FFLAGS; - - a = archive_read_new(); - archive_read_support_format_all(a); - archive_read_support_filter_all(a); - ext = archive_write_disk_new(); - archive_write_disk_set_options(ext, flags); - archive_write_disk_set_standard_lookup(ext); - if ((archive_read_open_filename(a, filename, 10240))) - return; - for (;;) { - archive_read_next_header(a, &entry); - archive_write_header(ext, entry); - if (archive_entry_size(entry) > 0) { - copy_data(a, ext); - if (r < ARCHIVE_WARN) - break; - } - archive_write_finish_entry(ext); - if (r < ARCHIVE_WARN) - break; - } - archive_read_close(a); - archive_read_free(a); - archive_write_close(ext); - archive_write_free(ext); -} - - -int main(int argc, const char *argv[]) { - extract(argv[1]); - return 0; -} diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/minizipTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/minizipTest.cpp deleted file mode 100644 index f48b13d0488a..000000000000 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/minizipTest.cpp +++ /dev/null @@ -1,120 +0,0 @@ -typedef signed int int32_t; - -void *mz_stream_os_create(); - -int32_t mz_zip_reader_open_file(void *handle, const char *path); - -int32_t mz_zip_reader_open_file_in_memory(void *handle, const char *path); - -void *mz_zip_reader_create(); - -int32_t mz_zip_reader_goto_first_entry(void *pVoid); - -int32_t mz_stream_os_open(void *pVoid, const char *path, int write); - -void mz_stream_os_close(void *pVoid); - -void mz_stream_os_delete(void **pVoid); - -void mz_zip_reader_close(void *pVoid); - -void mz_zip_reader_delete(void **pVoid); - -int32_t mz_zip_reader_entry_save(void *pVoid, int stream, int write); - - -void UnzOpen(const char *string); - -int32_t mz_zip_entry_read(void *pVoid, void *buf, int32_t i) { - return 0; -} - -void *mz_zip_create() { - return nullptr; -} - -int main(int argc, const char *argv[]) { - void *zip_handle = mz_zip_create(); - int32_t bytes_read; - int32_t err; - char buf[4096]; - do { - bytes_read = mz_zip_entry_read(zip_handle, (char *) argv[1], sizeof(buf)); - if (bytes_read < 0) { - err = bytes_read; - } - // Do something with buf bytes - } while (err == 1 && bytes_read > 0); - - - const char *entry_path = "c:\\entry.dat"; - - void *zip_reader = mz_zip_reader_create(); - - mz_zip_reader_open_file(zip_reader, argv[1]); - mz_zip_reader_goto_first_entry(zip_reader); - void *entry_stream = mz_stream_os_create(); - mz_stream_os_open(entry_stream, entry_path, 1); - int file_stream; - int mz_stream_os_write; - mz_zip_reader_entry_save(zip_reader, file_stream, mz_stream_os_write); - // the above sink is same as "mz_zip_reader_entry_save", "mz_zip_reader_entry_read", "mz_zip_reader_entry_save_process", - // "mz_zip_reader_entry_save_file", "mz_zip_reader_entry_save_buffer", "mz_zip_reader_save_all" and "mz_zip_entry_read" functions - mz_stream_os_close(entry_stream); - mz_stream_os_delete(&entry_stream); - mz_zip_reader_close(zip_reader); - mz_zip_reader_delete(&zip_reader); - - - UnzOpen(argv[3]); - return 0; -} - -void UnzOpen(const char *path) { - -} - -int32_t mz_zip_reader_entry_save(void *pVoid, int stream, int write) { - return 0; -} - -void mz_zip_reader_delete(void **pVoid) { - -} - -void mz_zip_reader_close(void *pVoid) { - -} - -void mz_stream_os_delete(void **pVoid) { - -} - -void mz_stream_os_close(void *pVoid) { - -} - -int32_t mz_stream_os_open(void *pVoid, const char *path, int write) { - return 0; -} - -int32_t mz_zip_reader_goto_first_entry(void *pVoid) { - return 0; -} - -void *mz_zip_reader_create() { - return nullptr; -} - -int32_t mz_zip_reader_open_file(void *handle, const char *path) { - return 0; -} - -int32_t mz_zip_reader_open_file_in_memory(void *handle, const char *path) { - return 0; -} - -void *mz_stream_os_create() { - return nullptr; -} - diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/zlibTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/zlibTest.cpp deleted file mode 100644 index 9e23944e7ce1..000000000000 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/zlibTest.cpp +++ /dev/null @@ -1,175 +0,0 @@ -#define Z_NULL 0 -# define FAR -typedef unsigned char Byte; -typedef Byte FAR Bytef; -typedef unsigned int uInt; -#define Z_BEST_COMPRESSION 9 -#define Z_FINISH 4 -#define Z_NO_FLUSH 0 - - -typedef struct { - int *zalloc; - int *zfree; - Bytef *next_in; - Bytef *next_out; - int *opaque; - uInt avail_out; - uInt avail_in; -} z_stream; - - -void deflateInit(z_stream *defstream, int i); - -void deflate(z_stream *defstream, int i); - -void deflateEnd(z_stream *defstream); - -void inflateInit(z_stream *infstream); - -void inflate(z_stream *infstream, int i); - -void inflateEnd(z_stream *infstream); - -namespace std { - template - struct char_traits; - - template > - class basic_ostream { - public: - typedef charT char_type; - }; - - template - basic_ostream &operator<<(basic_ostream &, const charT *); - - typedef basic_ostream ostream; - - extern ostream cout; -} - -int UnsafeInflate(char *a) { - // placeholder for the Uncompressed (inflated) version of "a" - char c[1024000]; - - z_stream infstream; - infstream.zalloc = Z_NULL; - infstream.zfree = Z_NULL; - infstream.opaque = Z_NULL; - // setup "b" as the input and "c" as the compressed output - // TOTHINK: Here we can add additional step from Right operand to z_stream variable access - infstream.avail_in = (uInt) (1000); // size of input - infstream.next_in = (Bytef *) a; // input char array - infstream.avail_out = (uInt) sizeof(c); // size of output - infstream.next_out = (Bytef *) c; // output char array - - // uLong total_out; /* total number of bytes output so far */ - // the actual DE-compression work. - inflateInit(&infstream); - inflate(&infstream, Z_NO_FLUSH); - inflateEnd(&infstream); - - - return 0; -} - - -typedef struct { -} gzFile; - -gzFile gzopen(char *str, const char *rb); - - -void exit(int i); - -unsigned int gzread(gzFile gz_file, unsigned char *str, int i); - -void gzclose(gzFile gz_file); - -std::ostream operator<<(const std::ostream &lhs, unsigned char rhs); - - -int UnsafeGzread(char *fileName) { - gzFile inFileZ = gzopen(fileName, "rb"); - if (&inFileZ == nullptr) { - exit(0); - } - unsigned char unzipBuffer[8192]; - unsigned int unzippedBytes; - while (true) { - unzippedBytes = gzread(inFileZ, unzipBuffer, 8192); - if (unzippedBytes > 0) { - std::cout << unzippedBytes; - } else { - break; - } - } - gzclose(inFileZ); - return 0; -} - -bool gzfread(char *str, int i, int i1, gzFile gz_file); - -int UnsafeGzfread(char *fileName) { - gzFile inFileZ = gzopen(fileName, "rb"); - if (&inFileZ == nullptr) { - exit(0); - } - while (true) { - char buffer[1000]; - if (!gzfread(buffer, 999, 1, inFileZ)) { - break; - } - } - gzclose(inFileZ); - return 0; -} - -char *gzgets(gzFile gz_file, char *buffer, int i); - -int UnsafeGzgets(char *fileName) { - gzFile inFileZ = gzopen(fileName, "rb"); - if (&inFileZ == nullptr) { - exit(0); - } - char *buffer = new char[4000000000]; - char *result; - while (true) { - result = gzgets(inFileZ, buffer, 1000000000); - if (result == nullptr) { - break; - } - } - return 0; -} - -typedef unsigned long uLong; -typedef long unsigned int size_t; -typedef uLong uLongf; -typedef unsigned char Bytef; -#define Z_OK 0 - -int uncompress(Bytef *dest, uLongf *destLen, - const Bytef *source, uLong sourceLen) { return 0; } - -bool InflateString(const unsigned char *input, const unsigned char *output, size_t output_length) { - uLong source_length; - source_length = (uLong) 500; - uLong destination_length; - destination_length = (uLong) output_length; - - int result = uncompress((Bytef *) output, &destination_length, - (Bytef *) input, source_length); - - return result == Z_OK; -} - -int main(int argc, char **argv) { - UnsafeGzfread(argv[2]); - UnsafeGzgets(argv[2]); - UnsafeInflate(argv[2]); - UnsafeGzread(argv[2]); - const unsigned char *output; - InflateString(reinterpret_cast(argv[1]), output, 1024 * 1024 * 1024); -}