From 50d9e773399d3272069af76ad12cc581787f6e3b Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Wed, 4 Sep 2024 09:33:27 +0200
Subject: [PATCH 01/17] C++: Move experimental files into the correct locations

---
 .../{query-tests => }/Security/CWE/CWE-409/Brotli.qll            | 0
 .../Security/CWE/CWE-409/DecompressionBomb.qhelp                 | 0
 .../{query-tests => }/Security/CWE/CWE-409/DecompressionBomb.qll | 0
 .../{query-tests => }/Security/CWE/CWE-409/DecompressionBombs.ql | 0
 .../{query-tests => }/Security/CWE/CWE-409/LibArchive.qll        | 0
 .../{query-tests => }/Security/CWE/CWE-409/MiniZip.qll           | 0
 .../experimental/{query-tests => }/Security/CWE/CWE-409/ZSTD.qll | 0
 .../{query-tests => }/Security/CWE/CWE-409/ZlibGzopen.qll        | 0
 .../{query-tests => }/Security/CWE/CWE-409/ZlibInflator.qll      | 0
 .../{query-tests => }/Security/CWE/CWE-409/ZlibUncompress.qll    | 0
 .../{query-tests => }/Security/CWE/CWE-409/example_bad.cpp       | 0
 .../{query-tests => }/Security/CWE/CWE-409/example_good.cpp      | 0
 .../query-tests/Security/CWE/CWE-409/DecompressionBombs.qlref    | 1 -
 .../CWE-409/{ => DecompressionBombs}/DecompressionBombs.expected | 0
 .../CWE/CWE-409/DecompressionBombs/DecompressionBombs.qlref      | 1 +
 .../Security/CWE/CWE-409/{ => DecompressionBombs}/brotliTest.cpp | 0
 .../CWE/CWE-409/{ => DecompressionBombs}/libarchiveTests.cpp     | 0
 .../CWE/CWE-409/{ => DecompressionBombs}/minizipTest.cpp         | 0
 .../Security/CWE/CWE-409/{ => DecompressionBombs}/zlibTest.cpp   | 0
 .../Security/CWE/CWE-409/{ => DecompressionBombs}/zstdTest.cpp   | 0
 20 files changed, 1 insertion(+), 1 deletion(-)
 rename cpp/ql/src/experimental/{query-tests => }/Security/CWE/CWE-409/Brotli.qll (100%)
 rename cpp/ql/src/experimental/{query-tests => }/Security/CWE/CWE-409/DecompressionBomb.qhelp (100%)
 rename cpp/ql/src/experimental/{query-tests => }/Security/CWE/CWE-409/DecompressionBomb.qll (100%)
 rename cpp/ql/src/experimental/{query-tests => }/Security/CWE/CWE-409/DecompressionBombs.ql (100%)
 rename cpp/ql/src/experimental/{query-tests => }/Security/CWE/CWE-409/LibArchive.qll (100%)
 rename cpp/ql/src/experimental/{query-tests => }/Security/CWE/CWE-409/MiniZip.qll (100%)
 rename cpp/ql/src/experimental/{query-tests => }/Security/CWE/CWE-409/ZSTD.qll (100%)
 rename cpp/ql/src/experimental/{query-tests => }/Security/CWE/CWE-409/ZlibGzopen.qll (100%)
 rename cpp/ql/src/experimental/{query-tests => }/Security/CWE/CWE-409/ZlibInflator.qll (100%)
 rename cpp/ql/src/experimental/{query-tests => }/Security/CWE/CWE-409/ZlibUncompress.qll (100%)
 rename cpp/ql/src/experimental/{query-tests => }/Security/CWE/CWE-409/example_bad.cpp (100%)
 rename cpp/ql/src/experimental/{query-tests => }/Security/CWE/CWE-409/example_good.cpp (100%)
 delete mode 100644 cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.qlref
 rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/{ => DecompressionBombs}/DecompressionBombs.expected (100%)
 create mode 100644 cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.qlref
 rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/{ => DecompressionBombs}/brotliTest.cpp (100%)
 rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/{ => DecompressionBombs}/libarchiveTests.cpp (100%)
 rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/{ => DecompressionBombs}/minizipTest.cpp (100%)
 rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/{ => DecompressionBombs}/zlibTest.cpp (100%)
 rename cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/{ => DecompressionBombs}/zstdTest.cpp (100%)

diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/Brotli.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/Brotli.qll
similarity index 100%
rename from cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/Brotli.qll
rename to cpp/ql/src/experimental/Security/CWE/CWE-409/Brotli.qll
diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBomb.qhelp b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBomb.qhelp
similarity index 100%
rename from cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBomb.qhelp
rename to cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBomb.qhelp
diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBomb.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBomb.qll
similarity index 100%
rename from cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBomb.qll
rename to cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBomb.qll
diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.ql b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql
similarity index 100%
rename from cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.ql
rename to cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql
diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/LibArchive.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll
similarity index 100%
rename from cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/LibArchive.qll
rename to cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll
diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/MiniZip.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/MiniZip.qll
similarity index 100%
rename from cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/MiniZip.qll
rename to cpp/ql/src/experimental/Security/CWE/CWE-409/MiniZip.qll
diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZSTD.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZSTD.qll
similarity index 100%
rename from cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZSTD.qll
rename to cpp/ql/src/experimental/Security/CWE/CWE-409/ZSTD.qll
diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZlibGzopen.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibGzopen.qll
similarity index 100%
rename from cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZlibGzopen.qll
rename to cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibGzopen.qll
diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZlibInflator.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibInflator.qll
similarity index 100%
rename from cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZlibInflator.qll
rename to cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibInflator.qll
diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZlibUncompress.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibUncompress.qll
similarity index 100%
rename from cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/ZlibUncompress.qll
rename to cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibUncompress.qll
diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/example_bad.cpp b/cpp/ql/src/experimental/Security/CWE/CWE-409/example_bad.cpp
similarity index 100%
rename from cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/example_bad.cpp
rename to cpp/ql/src/experimental/Security/CWE/CWE-409/example_bad.cpp
diff --git a/cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/example_good.cpp b/cpp/ql/src/experimental/Security/CWE/CWE-409/example_good.cpp
similarity index 100%
rename from cpp/ql/src/experimental/query-tests/Security/CWE/CWE-409/example_good.cpp
rename to cpp/ql/src/experimental/Security/CWE/CWE-409/example_good.cpp
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.qlref b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.qlref
deleted file mode 100644
index b3f71c4891a4..000000000000
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.qlref
+++ /dev/null
@@ -1 +0,0 @@
-experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.ql
\ No newline at end of file
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
similarity index 100%
rename from cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs.expected
rename to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.qlref b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.qlref
new file mode 100644
index 000000000000..3dcbc9db9ff4
--- /dev/null
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-409/DecompressionBombs.ql
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/brotliTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp
similarity index 100%
rename from cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/brotliTest.cpp
rename to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/libarchiveTests.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp
similarity index 100%
rename from cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/libarchiveTests.cpp
rename to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/minizipTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp
similarity index 100%
rename from cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/minizipTest.cpp
rename to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/zlibTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zlibTest.cpp
similarity index 100%
rename from cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/zlibTest.cpp
rename to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zlibTest.cpp
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/zstdTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zstdTest.cpp
similarity index 100%
rename from cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/zstdTest.cpp
rename to cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zstdTest.cpp

From d526f1d0811d7568c7d1ae2bb5217b3f98394f0b Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Wed, 4 Sep 2024 09:51:03 +0200
Subject: [PATCH 02/17] C++: Disentangle confusing test results by declaring
 only a single `main`

---
 .../DecompressionBombs.expected               | 304 +++++-------------
 .../CWE-409/DecompressionBombs/brotliTest.cpp |   2 +-
 .../DecompressionBombs/libarchiveTests.cpp    |   2 +-
 .../CWE/CWE-409/DecompressionBombs/main.cpp   |  14 +
 .../DecompressionBombs/minizipTest.cpp        |   2 +-
 .../CWE-409/DecompressionBombs/zlibTest.cpp   |   2 +-
 .../CWE-409/DecompressionBombs/zstdTest.cpp   |   4 +-
 7 files changed, 106 insertions(+), 224 deletions(-)
 create mode 100644 cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/main.cpp

diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
index 5bd0f6bcde24..f971c0e90bb8 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
@@ -1,14 +1,7 @@
 edges
-| brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | provenance |  |
-| brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | provenance |  |
-| brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | provenance | TaintFunction |
-| brotliTest.cpp:29:32:29:35 | **argv | libarchiveTests.cpp:145:13:145:19 | *access to array | provenance |  |
-| brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | provenance |  |
-| brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | provenance |  |
-| brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | provenance |  |
-| brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:54:41:54:47 | *access to array | provenance |  |
-| brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | provenance |  |
-| brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | provenance |  |
+| brotliTest.cpp:29:40:29:43 | **argv | brotliTest.cpp:29:40:29:43 | **argv | provenance |  |
+| brotliTest.cpp:29:40:29:43 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | provenance |  |
+| brotliTest.cpp:29:40:29:43 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | provenance | TaintFunction |
 | libarchiveTests.cpp:10:46:10:46 | *a | libarchiveTests.cpp:10:46:10:46 | *a | provenance |  |
 | libarchiveTests.cpp:38:48:38:55 | *pArchive | libarchiveTests.cpp:38:48:38:55 | *pArchive | provenance |  |
 | libarchiveTests.cpp:57:45:57:52 | *pArchive | libarchiveTests.cpp:57:45:57:52 | *pArchive | provenance |  |
@@ -37,30 +30,40 @@ edges
 | libarchiveTests.cpp:129:23:129:23 | *a | libarchiveTests.cpp:129:23:129:23 | copy_data output argument | provenance |  |
 | libarchiveTests.cpp:129:23:129:23 | copy_data output argument | libarchiveTests.cpp:126:34:126:34 | *a | provenance |  |
 | libarchiveTests.cpp:129:23:129:23 | copy_data output argument | libarchiveTests.cpp:129:23:129:23 | *a | provenance |  |
-| libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | provenance |  |
-| libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | provenance |  |
-| libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | provenance | TaintFunction |
-| libarchiveTests.cpp:144:32:144:35 | **argv | libarchiveTests.cpp:145:13:145:19 | *access to array | provenance |  |
-| libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | provenance |  |
-| libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | provenance |  |
-| libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | provenance |  |
-| libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:54:41:54:47 | *access to array | provenance |  |
-| libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | provenance |  |
-| libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | provenance |  |
+| libarchiveTests.cpp:144:44:144:47 | **argv | libarchiveTests.cpp:144:44:144:47 | **argv | provenance |  |
+| libarchiveTests.cpp:144:44:144:47 | **argv | libarchiveTests.cpp:145:13:145:19 | *access to array | provenance |  |
 | libarchiveTests.cpp:145:13:145:19 | *access to array | libarchiveTests.cpp:105:33:105:40 | *filename | provenance |  |
+| main.cpp:7:33:7:36 | **argv | main.cpp:8:23:8:26 | **argv | provenance |  |
+| main.cpp:7:33:7:36 | **argv | main.cpp:9:27:9:30 | **argv | provenance |  |
+| main.cpp:7:33:7:36 | **argv | main.cpp:10:24:10:27 | **argv | provenance |  |
+| main.cpp:7:33:7:36 | **argv | main.cpp:11:21:11:24 | **argv | provenance |  |
+| main.cpp:8:23:8:26 | **argv | brotliTest.cpp:29:40:29:43 | **argv | provenance |  |
+| main.cpp:8:23:8:26 | **argv | main.cpp:8:23:8:26 | brotli_test output argument | provenance |  |
+| main.cpp:8:23:8:26 | brotli_test output argument | main.cpp:9:27:9:30 | **argv | provenance |  |
+| main.cpp:8:23:8:26 | brotli_test output argument | main.cpp:10:24:10:27 | **argv | provenance |  |
+| main.cpp:8:23:8:26 | brotli_test output argument | main.cpp:11:21:11:24 | **argv | provenance |  |
+| main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:144:44:144:47 | **argv | provenance |  |
+| main.cpp:9:27:9:30 | **argv | main.cpp:9:27:9:30 | libarchive_test output argument | provenance |  |
+| main.cpp:9:27:9:30 | libarchive_test output argument | main.cpp:10:24:10:27 | **argv | provenance |  |
+| main.cpp:9:27:9:30 | libarchive_test output argument | main.cpp:11:21:11:24 | **argv | provenance |  |
+| main.cpp:10:24:10:27 | **argv | main.cpp:10:24:10:27 | minizip_test output argument | provenance |  |
+| main.cpp:10:24:10:27 | **argv | main.cpp:10:24:10:27 | minizip_test output argument | provenance |  |
+| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:36:41:36:44 | **argv | provenance |  |
+| main.cpp:10:24:10:27 | minizip_test output argument | main.cpp:11:21:11:24 | **argv | provenance |  |
+| main.cpp:10:24:10:27 | minizip_test output argument | main.cpp:11:21:11:24 | *argv | provenance |  |
+| main.cpp:11:21:11:24 | **argv | zlibTest.cpp:168:32:168:35 | **argv | provenance |  |
+| main.cpp:11:21:11:24 | *argv | zlibTest.cpp:168:32:168:35 | **argv | provenance |  |
+| main.cpp:11:21:11:24 | *argv | zlibTest.cpp:168:32:168:35 | *argv | provenance |  |
 | minizipTest.cpp:28:46:28:48 | *buf | minizipTest.cpp:28:46:28:48 | *buf | provenance |  |
-| minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | provenance |  |
-| minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | provenance |  |
-| minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | provenance | TaintFunction |
-| minizipTest.cpp:36:32:36:35 | **argv | libarchiveTests.cpp:145:13:145:19 | *access to array | provenance |  |
-| minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | provenance |  |
-| minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | provenance |  |
-| minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | provenance |  |
-| minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:54:41:54:47 | *access to array | provenance |  |
-| minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | provenance |  |
-| minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | provenance |  |
+| minizipTest.cpp:36:41:36:44 | **argv | minizipTest.cpp:36:41:36:44 | **argv | provenance |  |
+| minizipTest.cpp:36:41:36:44 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | provenance |  |
+| minizipTest.cpp:36:41:36:44 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | provenance |  |
+| minizipTest.cpp:36:41:36:44 | **argv | minizipTest.cpp:54:41:54:47 | *access to array | provenance |  |
+| minizipTest.cpp:36:41:36:44 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | provenance |  |
 | minizipTest.cpp:42:52:42:67 | *access to array | minizipTest.cpp:28:46:28:48 | *buf | provenance |  |
 | minizipTest.cpp:42:52:42:67 | *access to array | minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | provenance |  |
+| minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | minizipTest.cpp:36:41:36:44 | **argv | provenance |  |
+| minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | minizipTest.cpp:36:41:36:44 | **argv [Return] | provenance |  |
 | minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | minizipTest.cpp:42:52:42:67 | *access to array | provenance |  |
 | minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | minizipTest.cpp:42:52:42:67 | *access to array | provenance |  |
 | minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | minizipTest.cpp:54:41:54:47 | *access to array | provenance |  |
@@ -100,11 +103,18 @@ edges
 | zlibTest.cpp:132:29:132:36 | *fileName | zlibTest.cpp:131:24:131:31 | *fileName | provenance |  |
 | zlibTest.cpp:132:29:132:36 | *fileName | zlibTest.cpp:132:22:132:27 | call to gzopen | provenance | Config |
 | zlibTest.cpp:156:41:156:45 | *input | zlibTest.cpp:163:29:163:43 | *input | provenance |  |
-| zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:169:19:169:25 | *access to array | provenance |  |
-| zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:170:18:170:24 | *access to array | provenance |  |
-| zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:171:19:171:25 | *access to array | provenance |  |
-| zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:172:18:172:24 | *access to array | provenance |  |
-| zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:174:19:174:66 | *access to array | provenance |  |
+| zlibTest.cpp:156:41:156:45 | input | zlibTest.cpp:163:29:163:43 | input | provenance |  |
+| zlibTest.cpp:168:32:168:35 | **argv | zlibTest.cpp:169:19:169:25 | *access to array | provenance |  |
+| zlibTest.cpp:168:32:168:35 | **argv | zlibTest.cpp:170:18:170:24 | *access to array | provenance |  |
+| zlibTest.cpp:168:32:168:35 | **argv | zlibTest.cpp:171:19:171:25 | *access to array | provenance |  |
+| zlibTest.cpp:168:32:168:35 | **argv | zlibTest.cpp:172:18:172:24 | *access to array | provenance |  |
+| zlibTest.cpp:168:32:168:35 | **argv | zlibTest.cpp:174:19:174:66 | *access to array | provenance |  |
+| zlibTest.cpp:168:32:168:35 | *argv | zlibTest.cpp:169:19:169:25 | *access to array | provenance |  |
+| zlibTest.cpp:168:32:168:35 | *argv | zlibTest.cpp:170:18:170:24 | *access to array | provenance |  |
+| zlibTest.cpp:168:32:168:35 | *argv | zlibTest.cpp:171:19:171:25 | *access to array | provenance |  |
+| zlibTest.cpp:168:32:168:35 | *argv | zlibTest.cpp:172:18:172:24 | *access to array | provenance |  |
+| zlibTest.cpp:168:32:168:35 | *argv | zlibTest.cpp:174:19:174:66 | *access to array | provenance |  |
+| zlibTest.cpp:168:32:168:35 | *argv | zlibTest.cpp:174:19:174:66 | access to array | provenance |  |
 | zlibTest.cpp:169:19:169:25 | *access to array | zlibTest.cpp:114:25:114:32 | *fileName | provenance |  |
 | zlibTest.cpp:169:19:169:25 | *access to array | zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | provenance |  |
 | zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | zlibTest.cpp:170:18:170:24 | *access to array | provenance |  |
@@ -124,20 +134,11 @@ edges
 | zlibTest.cpp:172:18:172:24 | *access to array | zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument | provenance |  |
 | zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument | zlibTest.cpp:174:19:174:66 | *access to array | provenance |  |
 | zlibTest.cpp:174:19:174:66 | *access to array | zlibTest.cpp:156:41:156:45 | *input | provenance |  |
-| zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | provenance |  |
-| zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:31:42:31:60 | access to array | provenance |  |
-| zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | provenance | TaintFunction |
-| zstdTest.cpp:114:33:114:36 | **argv | libarchiveTests.cpp:145:13:145:19 | *access to array | provenance |  |
-| zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | provenance |  |
-| zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | provenance |  |
-| zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | access to array | provenance |  |
-| zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:54:41:54:47 | *access to array | provenance |  |
-| zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | provenance |  |
-| zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:69:13:69:19 | access to array | provenance |  |
+| zlibTest.cpp:174:19:174:66 | access to array | zlibTest.cpp:156:41:156:45 | input | provenance |  |
 nodes
-| brotliTest.cpp:29:32:29:35 | **argv | semmle.label | **argv |
+| brotliTest.cpp:29:40:29:43 | **argv | semmle.label | **argv |
+| brotliTest.cpp:29:40:29:43 | **argv | semmle.label | **argv |
 | brotliTest.cpp:31:42:31:60 | *access to array | semmle.label | *access to array |
-| brotliTest.cpp:31:42:31:60 | access to array | semmle.label | access to array |
 | brotliTest.cpp:37:35:37:40 | *input2 | semmle.label | *input2 |
 | libarchiveTests.cpp:10:46:10:46 | *a | semmle.label | *a |
 | libarchiveTests.cpp:10:46:10:46 | *a | semmle.label | *a |
@@ -159,14 +160,26 @@ nodes
 | libarchiveTests.cpp:126:34:126:34 | archive_read_next_header output argument | semmle.label | archive_read_next_header output argument |
 | libarchiveTests.cpp:129:23:129:23 | *a | semmle.label | *a |
 | libarchiveTests.cpp:129:23:129:23 | copy_data output argument | semmle.label | copy_data output argument |
-| libarchiveTests.cpp:144:32:144:35 | **argv | semmle.label | **argv |
+| libarchiveTests.cpp:144:44:144:47 | **argv | semmle.label | **argv |
+| libarchiveTests.cpp:144:44:144:47 | **argv | semmle.label | **argv |
 | libarchiveTests.cpp:145:13:145:19 | *access to array | semmle.label | *access to array |
+| main.cpp:7:33:7:36 | **argv | semmle.label | **argv |
+| main.cpp:8:23:8:26 | **argv | semmle.label | **argv |
+| main.cpp:8:23:8:26 | brotli_test output argument | semmle.label | brotli_test output argument |
+| main.cpp:9:27:9:30 | **argv | semmle.label | **argv |
+| main.cpp:9:27:9:30 | libarchive_test output argument | semmle.label | libarchive_test output argument |
+| main.cpp:10:24:10:27 | **argv | semmle.label | **argv |
+| main.cpp:10:24:10:27 | minizip_test output argument | semmle.label | minizip_test output argument |
+| main.cpp:10:24:10:27 | minizip_test output argument | semmle.label | minizip_test output argument |
+| main.cpp:11:21:11:24 | **argv | semmle.label | **argv |
+| main.cpp:11:21:11:24 | *argv | semmle.label | *argv |
 | minizipTest.cpp:28:46:28:48 | *buf | semmle.label | *buf |
 | minizipTest.cpp:28:46:28:48 | *buf | semmle.label | *buf |
-| minizipTest.cpp:36:32:36:35 | **argv | semmle.label | **argv |
+| minizipTest.cpp:36:41:36:44 | **argv | semmle.label | **argv |
+| minizipTest.cpp:36:41:36:44 | **argv | semmle.label | **argv |
+| minizipTest.cpp:36:41:36:44 | **argv [Return] | semmle.label | **argv [Return] |
 | minizipTest.cpp:42:52:42:67 | *access to array | semmle.label | *access to array |
 | minizipTest.cpp:42:52:42:67 | *access to array | semmle.label | *access to array |
-| minizipTest.cpp:42:52:42:67 | access to array | semmle.label | access to array |
 | minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | semmle.label | mz_zip_entry_read output argument |
 | minizipTest.cpp:54:29:54:38 | **zip_reader | semmle.label | **zip_reader |
 | minizipTest.cpp:54:29:54:38 | *zip_reader | semmle.label | *zip_reader |
@@ -177,7 +190,6 @@ nodes
 | minizipTest.cpp:60:30:60:39 | **zip_reader | semmle.label | **zip_reader |
 | minizipTest.cpp:60:30:60:39 | *zip_reader | semmle.label | *zip_reader |
 | minizipTest.cpp:69:13:69:19 | *access to array | semmle.label | *access to array |
-| minizipTest.cpp:69:13:69:19 | access to array | semmle.label | access to array |
 | minizipTest.cpp:101:46:101:50 | *pVoid | semmle.label | *pVoid |
 | minizipTest.cpp:101:46:101:50 | *pVoid | semmle.label | *pVoid |
 | minizipTest.cpp:109:39:109:44 | *handle | semmle.label | *handle |
@@ -206,8 +218,11 @@ nodes
 | zlibTest.cpp:132:29:132:36 | *fileName | semmle.label | *fileName |
 | zlibTest.cpp:139:25:139:31 | inFileZ | semmle.label | inFileZ |
 | zlibTest.cpp:156:41:156:45 | *input | semmle.label | *input |
+| zlibTest.cpp:156:41:156:45 | input | semmle.label | input |
 | zlibTest.cpp:163:29:163:43 | *input | semmle.label | *input |
-| zlibTest.cpp:168:27:168:30 | **argv | semmle.label | **argv |
+| zlibTest.cpp:163:29:163:43 | input | semmle.label | input |
+| zlibTest.cpp:168:32:168:35 | **argv | semmle.label | **argv |
+| zlibTest.cpp:168:32:168:35 | *argv | semmle.label | *argv |
 | zlibTest.cpp:169:19:169:25 | *access to array | semmle.label | *access to array |
 | zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | semmle.label | UnsafeGzfread output argument |
 | zlibTest.cpp:170:18:170:24 | *access to array | semmle.label | *access to array |
@@ -217,13 +232,18 @@ nodes
 | zlibTest.cpp:172:18:172:24 | *access to array | semmle.label | *access to array |
 | zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument | semmle.label | UnsafeGzread output argument |
 | zlibTest.cpp:174:19:174:66 | *access to array | semmle.label | *access to array |
-| zstdTest.cpp:114:33:114:36 | **argv | semmle.label | **argv |
+| zlibTest.cpp:174:19:174:66 | access to array | semmle.label | access to array |
 subpaths
 | libarchiveTests.cpp:93:33:93:34 | *ar | libarchiveTests.cpp:57:45:57:52 | *pArchive | libarchiveTests.cpp:57:45:57:52 | *pArchive | libarchiveTests.cpp:93:33:93:34 | archive_read_data_block output argument |
 | libarchiveTests.cpp:123:37:123:37 | *a | libarchiveTests.cpp:38:48:38:55 | *pArchive | libarchiveTests.cpp:38:48:38:55 | *pArchive | libarchiveTests.cpp:123:37:123:37 | archive_read_open_filename output argument |
 | libarchiveTests.cpp:126:34:126:34 | *a | libarchiveTests.cpp:10:46:10:46 | *a | libarchiveTests.cpp:10:46:10:46 | *a | libarchiveTests.cpp:126:34:126:34 | archive_read_next_header output argument |
 | libarchiveTests.cpp:129:23:129:23 | *a | libarchiveTests.cpp:86:38:86:39 | *ar | libarchiveTests.cpp:86:38:86:39 | *ar | libarchiveTests.cpp:129:23:129:23 | copy_data output argument |
 | libarchiveTests.cpp:129:23:129:23 | *a | libarchiveTests.cpp:86:38:86:39 | *ar | libarchiveTests.cpp:86:38:86:39 | *ar [Return] | libarchiveTests.cpp:129:23:129:23 | copy_data output argument |
+| main.cpp:8:23:8:26 | **argv | brotliTest.cpp:29:40:29:43 | **argv | brotliTest.cpp:29:40:29:43 | **argv | main.cpp:8:23:8:26 | brotli_test output argument |
+| main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:144:44:144:47 | **argv | libarchiveTests.cpp:144:44:144:47 | **argv | main.cpp:9:27:9:30 | libarchive_test output argument |
+| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:36:41:36:44 | **argv | minizipTest.cpp:36:41:36:44 | **argv | main.cpp:10:24:10:27 | minizip_test output argument |
+| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:36:41:36:44 | **argv | minizipTest.cpp:36:41:36:44 | **argv [Return] | main.cpp:10:24:10:27 | minizip_test output argument |
+| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:36:41:36:44 | **argv | minizipTest.cpp:36:41:36:44 | **argv [Return] | main.cpp:10:24:10:27 | minizip_test output argument |
 | minizipTest.cpp:42:52:42:67 | *access to array | minizipTest.cpp:28:46:28:48 | *buf | minizipTest.cpp:28:46:28:48 | *buf | minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument |
 | minizipTest.cpp:54:29:54:38 | *zip_reader | minizipTest.cpp:109:39:109:44 | *handle | minizipTest.cpp:109:39:109:44 | *handle | minizipTest.cpp:54:29:54:38 | mz_zip_reader_open_file output argument |
 | minizipTest.cpp:55:36:55:45 | *zip_reader | minizipTest.cpp:101:46:101:50 | *pVoid | minizipTest.cpp:101:46:101:50 | *pVoid | minizipTest.cpp:55:36:55:45 | mz_zip_reader_goto_first_entry output argument |
@@ -232,168 +252,16 @@ subpaths
 | zlibTest.cpp:171:19:171:25 | *access to array | zlibTest.cpp:52:25:52:25 | *a | zlibTest.cpp:52:25:52:25 | *a | zlibTest.cpp:171:19:171:25 | UnsafeInflate output argument |
 | zlibTest.cpp:172:18:172:24 | *access to array | zlibTest.cpp:93:24:93:31 | *fileName | zlibTest.cpp:93:24:93:31 | *fileName | zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument |
 #select
-| brotliTest.cpp:31:42:31:60 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | access to array | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | access to array | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | access to array | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | access to array | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | access to array | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | access to array | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | access to array | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | access to array | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | access to array | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | access to array | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | access to array | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| brotliTest.cpp:31:42:31:60 | access to array | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:31:42:31:60 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| brotliTest.cpp:37:35:37:40 | *input2 | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| brotliTest.cpp:37:35:37:40 | *input2 | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| brotliTest.cpp:37:35:37:40 | *input2 | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| brotliTest.cpp:37:35:37:40 | *input2 | brotliTest.cpp:29:32:29:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| brotliTest.cpp:37:35:37:40 | *input2 | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| brotliTest.cpp:37:35:37:40 | *input2 | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| brotliTest.cpp:37:35:37:40 | *input2 | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| brotliTest.cpp:37:35:37:40 | *input2 | libarchiveTests.cpp:144:32:144:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| brotliTest.cpp:37:35:37:40 | *input2 | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| brotliTest.cpp:37:35:37:40 | *input2 | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| brotliTest.cpp:37:35:37:40 | *input2 | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| brotliTest.cpp:37:35:37:40 | *input2 | minizipTest.cpp:36:32:36:35 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| brotliTest.cpp:37:35:37:40 | *input2 | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| brotliTest.cpp:37:35:37:40 | *input2 | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| brotliTest.cpp:37:35:37:40 | *input2 | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| brotliTest.cpp:37:35:37:40 | *input2 | zstdTest.cpp:114:33:114:36 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| libarchiveTests.cpp:93:33:93:34 | *ar | brotliTest.cpp:29:32:29:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| libarchiveTests.cpp:93:33:93:34 | *ar | brotliTest.cpp:29:32:29:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| libarchiveTests.cpp:93:33:93:34 | *ar | brotliTest.cpp:29:32:29:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| libarchiveTests.cpp:93:33:93:34 | *ar | brotliTest.cpp:29:32:29:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| libarchiveTests.cpp:93:33:93:34 | *ar | libarchiveTests.cpp:144:32:144:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| libarchiveTests.cpp:93:33:93:34 | *ar | libarchiveTests.cpp:144:32:144:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| libarchiveTests.cpp:93:33:93:34 | *ar | libarchiveTests.cpp:144:32:144:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| libarchiveTests.cpp:93:33:93:34 | *ar | libarchiveTests.cpp:144:32:144:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| libarchiveTests.cpp:93:33:93:34 | *ar | minizipTest.cpp:36:32:36:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| libarchiveTests.cpp:93:33:93:34 | *ar | minizipTest.cpp:36:32:36:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| libarchiveTests.cpp:93:33:93:34 | *ar | minizipTest.cpp:36:32:36:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| libarchiveTests.cpp:93:33:93:34 | *ar | minizipTest.cpp:36:32:36:35 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| libarchiveTests.cpp:93:33:93:34 | *ar | zstdTest.cpp:114:33:114:36 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| libarchiveTests.cpp:93:33:93:34 | *ar | zstdTest.cpp:114:33:114:36 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| libarchiveTests.cpp:93:33:93:34 | *ar | zstdTest.cpp:114:33:114:36 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| libarchiveTests.cpp:93:33:93:34 | *ar | zstdTest.cpp:114:33:114:36 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:42:52:42:67 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | **zip_reader | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | **zip_reader | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | **zip_reader | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | **zip_reader | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | **zip_reader | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | **zip_reader | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | **zip_reader | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | **zip_reader | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | **zip_reader | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | **zip_reader | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | **zip_reader | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | **zip_reader | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | **zip_reader | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | **zip_reader | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | **zip_reader | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | **zip_reader | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | *zip_reader | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | *zip_reader | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | *zip_reader | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | *zip_reader | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | *zip_reader | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | *zip_reader | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | *zip_reader | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | *zip_reader | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | *zip_reader | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | *zip_reader | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | *zip_reader | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | *zip_reader | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | *zip_reader | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | *zip_reader | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | *zip_reader | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | *zip_reader | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | *access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | *access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | *access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | *access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | access to array | brotliTest.cpp:29:32:29:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | access to array | libarchiveTests.cpp:144:32:144:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | access to array | minizipTest.cpp:36:32:36:35 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | brotliTest.cpp:29:32:29:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | libarchiveTests.cpp:144:32:144:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | minizipTest.cpp:36:32:36:35 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | access to array | zstdTest.cpp:114:33:114:36 | **argv | minizipTest.cpp:69:13:69:19 | access to array | This Decompression output $@. | zstdTest.cpp:114:33:114:36 | **argv | is not limited |
-| zlibTest.cpp:70:13:70:22 | & ... | zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:70:13:70:22 | & ... | This Decompression output $@. | zlibTest.cpp:168:27:168:30 | **argv | is not limited |
-| zlibTest.cpp:101:32:101:38 | inFileZ | zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:101:32:101:38 | inFileZ | This Decompression output $@. | zlibTest.cpp:168:27:168:30 | **argv | is not limited |
-| zlibTest.cpp:121:38:121:44 | inFileZ | zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:121:38:121:44 | inFileZ | This Decompression output $@. | zlibTest.cpp:168:27:168:30 | **argv | is not limited |
-| zlibTest.cpp:139:25:139:31 | inFileZ | zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:139:25:139:31 | inFileZ | This Decompression output $@. | zlibTest.cpp:168:27:168:30 | **argv | is not limited |
-| zlibTest.cpp:163:29:163:43 | *input | zlibTest.cpp:168:27:168:30 | **argv | zlibTest.cpp:163:29:163:43 | *input | This Decompression output $@. | zlibTest.cpp:168:27:168:30 | **argv | is not limited |
+| brotliTest.cpp:31:42:31:60 | *access to array | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| brotliTest.cpp:37:35:37:40 | *input2 | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| libarchiveTests.cpp:93:33:93:34 | *ar | main.cpp:7:33:7:36 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| minizipTest.cpp:42:52:42:67 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| minizipTest.cpp:60:30:60:39 | **zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| minizipTest.cpp:60:30:60:39 | *zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| minizipTest.cpp:69:13:69:19 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| zlibTest.cpp:70:13:70:22 | & ... | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:70:13:70:22 | & ... | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| zlibTest.cpp:101:32:101:38 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:101:32:101:38 | inFileZ | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| zlibTest.cpp:121:38:121:44 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:121:38:121:44 | inFileZ | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| zlibTest.cpp:139:25:139:31 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:139:25:139:31 | inFileZ | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| zlibTest.cpp:163:29:163:43 | *input | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:163:29:163:43 | *input | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| zlibTest.cpp:163:29:163:43 | input | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:163:29:163:43 | input | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp
index 34285afc4649..f56b5b789488 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp
@@ -26,7 +26,7 @@ namespace std {
     }
 }
 
-int main(int argc, const char *argv[]) {
+int brotli_test(int argc, const char **argv) {
     uint8_t *output = nullptr;
     BrotliDecoderDecompress(1024 * 1024, (uint8_t *) argv[2],
                             reinterpret_cast<size_t *>(1024 * 1024 * 1024), output);
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp
index d20486a007b3..58ed97b93696 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp
@@ -141,7 +141,7 @@ static void extract(const char *filename) {
 }
 
 
-int main(int argc, const char *argv[]) {
+int libarchive_test(int argc, const char **argv) {
     extract(argv[1]);
     return 0;
 }
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/main.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/main.cpp
new file mode 100644
index 000000000000..4417099e949f
--- /dev/null
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/main.cpp
@@ -0,0 +1,14 @@
+int brotli_test(int argc, const char **argv);
+int libarchive_test(int argc, const char **argv);
+int minizip_test(int argc, const char **argv);
+int zlib_test(int argc, const char **argv);
+int zstd_test(int argc, const char **argv);
+
+int main(int argc, const char **argv) {
+    brotli_test(argc, argv);
+    libarchive_test(argc, argv);
+    minizip_test(argc, argv);
+    zlib_test(argc, argv);
+    zstd_test(argc, argv);
+    return 0;
+}
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp
index f48b13d0488a..76747b837ac4 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp
@@ -33,7 +33,7 @@ void *mz_zip_create() {
     return nullptr;
 }
 
-int main(int argc, const char *argv[]) {
+int minizip_test(int argc, const char **argv) {
     void *zip_handle = mz_zip_create();
     int32_t bytes_read;
     int32_t err;
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zlibTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zlibTest.cpp
index 9e23944e7ce1..92e7b09b0906 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zlibTest.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zlibTest.cpp
@@ -165,7 +165,7 @@ bool InflateString(const unsigned char *input, const unsigned char *output, size
     return result == Z_OK;
 }
 
-int main(int argc, char **argv) {
+int zlib_test(int argc, char **argv) {
     UnsafeGzfread(argv[2]);
     UnsafeGzgets(argv[2]);
     UnsafeInflate(argv[2]);
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zstdTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zstdTest.cpp
index e04b85adfb7c..a8c39a762511 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zstdTest.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zstdTest.cpp
@@ -111,8 +111,8 @@ static void decompressFile_orDie(const char *fname) {
 }
 
 
-int main(int argc, const char **argv) {
+int zstd_test(int argc, const char **argv) {
     const char *const inFilename = argv[1];
     decompressFile_orDie(inFilename);
     return 0;
-}
\ No newline at end of file
+}

From 751e7e6bfbe844b178eaad72f49e63a17dacd4e1 Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Wed, 4 Sep 2024 10:03:19 +0200
Subject: [PATCH 03/17] C++: Remove useless function bodies from tests

---
 .../DecompressionBombs.expected               | 212 +++++-------------
 .../CWE-409/DecompressionBombs/brotliTest.cpp |   3 -
 .../DecompressionBombs/libarchiveTests.cpp    |  73 ++----
 .../DecompressionBombs/minizipTest.cpp        |  53 ++---
 .../CWE-409/DecompressionBombs/zstdTest.cpp   |  58 ++---
 5 files changed, 106 insertions(+), 293 deletions(-)

diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
index f971c0e90bb8..cf83e5726bf5 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
@@ -1,87 +1,43 @@
 edges
-| brotliTest.cpp:29:40:29:43 | **argv | brotliTest.cpp:29:40:29:43 | **argv | provenance |  |
-| brotliTest.cpp:29:40:29:43 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | provenance |  |
-| brotliTest.cpp:29:40:29:43 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | provenance | TaintFunction |
-| libarchiveTests.cpp:10:46:10:46 | *a | libarchiveTests.cpp:10:46:10:46 | *a | provenance |  |
-| libarchiveTests.cpp:38:48:38:55 | *pArchive | libarchiveTests.cpp:38:48:38:55 | *pArchive | provenance |  |
-| libarchiveTests.cpp:57:45:57:52 | *pArchive | libarchiveTests.cpp:57:45:57:52 | *pArchive | provenance |  |
-| libarchiveTests.cpp:86:38:86:39 | *ar | libarchiveTests.cpp:86:38:86:39 | *ar | provenance |  |
-| libarchiveTests.cpp:86:38:86:39 | *ar | libarchiveTests.cpp:93:33:93:34 | *ar | provenance |  |
-| libarchiveTests.cpp:86:38:86:39 | *ar | libarchiveTests.cpp:93:33:93:34 | *ar | provenance |  |
-| libarchiveTests.cpp:93:33:93:34 | *ar | libarchiveTests.cpp:57:45:57:52 | *pArchive | provenance |  |
-| libarchiveTests.cpp:93:33:93:34 | *ar | libarchiveTests.cpp:93:33:93:34 | archive_read_data_block output argument | provenance |  |
-| libarchiveTests.cpp:93:33:93:34 | archive_read_data_block output argument | libarchiveTests.cpp:86:38:86:39 | *ar | provenance |  |
-| libarchiveTests.cpp:93:33:93:34 | archive_read_data_block output argument | libarchiveTests.cpp:86:38:86:39 | *ar [Return] | provenance |  |
-| libarchiveTests.cpp:93:33:93:34 | archive_read_data_block output argument | libarchiveTests.cpp:93:33:93:34 | *ar | provenance |  |
-| libarchiveTests.cpp:93:33:93:34 | archive_read_data_block output argument | libarchiveTests.cpp:93:33:93:34 | *ar | provenance |  |
-| libarchiveTests.cpp:105:33:105:40 | *filename | libarchiveTests.cpp:123:40:123:47 | *filename | provenance |  |
-| libarchiveTests.cpp:123:37:123:37 | *a | libarchiveTests.cpp:38:48:38:55 | *pArchive | provenance |  |
-| libarchiveTests.cpp:123:37:123:37 | *a | libarchiveTests.cpp:123:37:123:37 | archive_read_open_filename output argument | provenance |  |
-| libarchiveTests.cpp:123:37:123:37 | *a | libarchiveTests.cpp:126:34:126:34 | *a | provenance |  |
-| libarchiveTests.cpp:123:37:123:37 | *a | libarchiveTests.cpp:129:23:129:23 | *a | provenance |  |
-| libarchiveTests.cpp:123:37:123:37 | archive_read_open_filename output argument | libarchiveTests.cpp:126:34:126:34 | *a | provenance |  |
-| libarchiveTests.cpp:123:37:123:37 | archive_read_open_filename output argument | libarchiveTests.cpp:129:23:129:23 | *a | provenance |  |
-| libarchiveTests.cpp:123:40:123:47 | *filename | libarchiveTests.cpp:123:37:123:37 | *a | provenance | Config |
-| libarchiveTests.cpp:126:34:126:34 | *a | libarchiveTests.cpp:10:46:10:46 | *a | provenance |  |
-| libarchiveTests.cpp:126:34:126:34 | *a | libarchiveTests.cpp:126:34:126:34 | archive_read_next_header output argument | provenance |  |
-| libarchiveTests.cpp:126:34:126:34 | archive_read_next_header output argument | libarchiveTests.cpp:126:34:126:34 | *a | provenance |  |
-| libarchiveTests.cpp:126:34:126:34 | archive_read_next_header output argument | libarchiveTests.cpp:129:23:129:23 | *a | provenance |  |
-| libarchiveTests.cpp:129:23:129:23 | *a | libarchiveTests.cpp:86:38:86:39 | *ar | provenance |  |
-| libarchiveTests.cpp:129:23:129:23 | *a | libarchiveTests.cpp:129:23:129:23 | copy_data output argument | provenance |  |
-| libarchiveTests.cpp:129:23:129:23 | copy_data output argument | libarchiveTests.cpp:126:34:126:34 | *a | provenance |  |
-| libarchiveTests.cpp:129:23:129:23 | copy_data output argument | libarchiveTests.cpp:129:23:129:23 | *a | provenance |  |
-| libarchiveTests.cpp:144:44:144:47 | **argv | libarchiveTests.cpp:144:44:144:47 | **argv | provenance |  |
-| libarchiveTests.cpp:144:44:144:47 | **argv | libarchiveTests.cpp:145:13:145:19 | *access to array | provenance |  |
-| libarchiveTests.cpp:145:13:145:19 | *access to array | libarchiveTests.cpp:105:33:105:40 | *filename | provenance |  |
+| brotliTest.cpp:26:40:26:43 | **argv | brotliTest.cpp:26:40:26:43 | **argv | provenance |  |
+| brotliTest.cpp:26:40:26:43 | **argv | brotliTest.cpp:28:42:28:60 | *access to array | provenance |  |
+| brotliTest.cpp:26:40:26:43 | **argv | brotliTest.cpp:34:35:34:40 | *input2 | provenance | TaintFunction |
+| libarchiveTests.cpp:49:38:49:39 | *ar | libarchiveTests.cpp:49:38:49:39 | *ar | provenance |  |
+| libarchiveTests.cpp:49:38:49:39 | *ar | libarchiveTests.cpp:56:33:56:34 | *ar | provenance |  |
+| libarchiveTests.cpp:68:33:68:40 | *filename | libarchiveTests.cpp:86:40:86:47 | *filename | provenance |  |
+| libarchiveTests.cpp:86:37:86:37 | *a | libarchiveTests.cpp:92:23:92:23 | *a | provenance |  |
+| libarchiveTests.cpp:86:40:86:47 | *filename | libarchiveTests.cpp:86:37:86:37 | *a | provenance | Config |
+| libarchiveTests.cpp:92:23:92:23 | *a | libarchiveTests.cpp:49:38:49:39 | *ar | provenance |  |
+| libarchiveTests.cpp:92:23:92:23 | *a | libarchiveTests.cpp:92:23:92:23 | copy_data output argument | provenance |  |
+| libarchiveTests.cpp:92:23:92:23 | copy_data output argument | libarchiveTests.cpp:92:23:92:23 | *a | provenance |  |
+| libarchiveTests.cpp:107:44:107:47 | **argv | libarchiveTests.cpp:107:44:107:47 | **argv | provenance |  |
+| libarchiveTests.cpp:107:44:107:47 | **argv | libarchiveTests.cpp:108:13:108:19 | *access to array | provenance |  |
+| libarchiveTests.cpp:108:13:108:19 | *access to array | libarchiveTests.cpp:68:33:68:40 | *filename | provenance |  |
 | main.cpp:7:33:7:36 | **argv | main.cpp:8:23:8:26 | **argv | provenance |  |
 | main.cpp:7:33:7:36 | **argv | main.cpp:9:27:9:30 | **argv | provenance |  |
 | main.cpp:7:33:7:36 | **argv | main.cpp:10:24:10:27 | **argv | provenance |  |
 | main.cpp:7:33:7:36 | **argv | main.cpp:11:21:11:24 | **argv | provenance |  |
-| main.cpp:8:23:8:26 | **argv | brotliTest.cpp:29:40:29:43 | **argv | provenance |  |
+| main.cpp:8:23:8:26 | **argv | brotliTest.cpp:26:40:26:43 | **argv | provenance |  |
 | main.cpp:8:23:8:26 | **argv | main.cpp:8:23:8:26 | brotli_test output argument | provenance |  |
 | main.cpp:8:23:8:26 | brotli_test output argument | main.cpp:9:27:9:30 | **argv | provenance |  |
 | main.cpp:8:23:8:26 | brotli_test output argument | main.cpp:10:24:10:27 | **argv | provenance |  |
 | main.cpp:8:23:8:26 | brotli_test output argument | main.cpp:11:21:11:24 | **argv | provenance |  |
-| main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:144:44:144:47 | **argv | provenance |  |
+| main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:107:44:107:47 | **argv | provenance |  |
 | main.cpp:9:27:9:30 | **argv | main.cpp:9:27:9:30 | libarchive_test output argument | provenance |  |
 | main.cpp:9:27:9:30 | libarchive_test output argument | main.cpp:10:24:10:27 | **argv | provenance |  |
 | main.cpp:9:27:9:30 | libarchive_test output argument | main.cpp:11:21:11:24 | **argv | provenance |  |
 | main.cpp:10:24:10:27 | **argv | main.cpp:10:24:10:27 | minizip_test output argument | provenance |  |
-| main.cpp:10:24:10:27 | **argv | main.cpp:10:24:10:27 | minizip_test output argument | provenance |  |
-| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:36:41:36:44 | **argv | provenance |  |
+| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:34:41:34:44 | **argv | provenance |  |
 | main.cpp:10:24:10:27 | minizip_test output argument | main.cpp:11:21:11:24 | **argv | provenance |  |
-| main.cpp:10:24:10:27 | minizip_test output argument | main.cpp:11:21:11:24 | *argv | provenance |  |
 | main.cpp:11:21:11:24 | **argv | zlibTest.cpp:168:32:168:35 | **argv | provenance |  |
-| main.cpp:11:21:11:24 | *argv | zlibTest.cpp:168:32:168:35 | **argv | provenance |  |
-| main.cpp:11:21:11:24 | *argv | zlibTest.cpp:168:32:168:35 | *argv | provenance |  |
-| minizipTest.cpp:28:46:28:48 | *buf | minizipTest.cpp:28:46:28:48 | *buf | provenance |  |
-| minizipTest.cpp:36:41:36:44 | **argv | minizipTest.cpp:36:41:36:44 | **argv | provenance |  |
-| minizipTest.cpp:36:41:36:44 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | provenance |  |
-| minizipTest.cpp:36:41:36:44 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | provenance |  |
-| minizipTest.cpp:36:41:36:44 | **argv | minizipTest.cpp:54:41:54:47 | *access to array | provenance |  |
-| minizipTest.cpp:36:41:36:44 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | provenance |  |
-| minizipTest.cpp:42:52:42:67 | *access to array | minizipTest.cpp:28:46:28:48 | *buf | provenance |  |
-| minizipTest.cpp:42:52:42:67 | *access to array | minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | provenance |  |
-| minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | minizipTest.cpp:36:41:36:44 | **argv | provenance |  |
-| minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | minizipTest.cpp:36:41:36:44 | **argv [Return] | provenance |  |
-| minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | minizipTest.cpp:42:52:42:67 | *access to array | provenance |  |
-| minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | minizipTest.cpp:42:52:42:67 | *access to array | provenance |  |
-| minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | minizipTest.cpp:54:41:54:47 | *access to array | provenance |  |
-| minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | minizipTest.cpp:69:13:69:19 | *access to array | provenance |  |
-| minizipTest.cpp:54:29:54:38 | **zip_reader | minizipTest.cpp:60:30:60:39 | **zip_reader | provenance |  |
-| minizipTest.cpp:54:29:54:38 | *zip_reader | minizipTest.cpp:54:29:54:38 | mz_zip_reader_open_file output argument | provenance |  |
-| minizipTest.cpp:54:29:54:38 | *zip_reader | minizipTest.cpp:55:36:55:45 | *zip_reader | provenance |  |
-| minizipTest.cpp:54:29:54:38 | *zip_reader | minizipTest.cpp:60:30:60:39 | *zip_reader | provenance |  |
-| minizipTest.cpp:54:29:54:38 | *zip_reader | minizipTest.cpp:109:39:109:44 | *handle | provenance |  |
-| minizipTest.cpp:54:29:54:38 | mz_zip_reader_open_file output argument | minizipTest.cpp:55:36:55:45 | *zip_reader | provenance |  |
-| minizipTest.cpp:54:29:54:38 | mz_zip_reader_open_file output argument | minizipTest.cpp:60:30:60:39 | *zip_reader | provenance |  |
-| minizipTest.cpp:54:41:54:47 | *access to array | minizipTest.cpp:54:29:54:38 | **zip_reader | provenance | Config |
-| minizipTest.cpp:54:41:54:47 | *access to array | minizipTest.cpp:54:29:54:38 | *zip_reader | provenance | Config |
-| minizipTest.cpp:55:36:55:45 | *zip_reader | minizipTest.cpp:55:36:55:45 | mz_zip_reader_goto_first_entry output argument | provenance |  |
-| minizipTest.cpp:55:36:55:45 | *zip_reader | minizipTest.cpp:101:46:101:50 | *pVoid | provenance |  |
-| minizipTest.cpp:55:36:55:45 | mz_zip_reader_goto_first_entry output argument | minizipTest.cpp:60:30:60:39 | *zip_reader | provenance |  |
-| minizipTest.cpp:101:46:101:50 | *pVoid | minizipTest.cpp:101:46:101:50 | *pVoid | provenance |  |
-| minizipTest.cpp:109:39:109:44 | *handle | minizipTest.cpp:109:39:109:44 | *handle | provenance |  |
+| minizipTest.cpp:34:41:34:44 | **argv | minizipTest.cpp:34:41:34:44 | **argv | provenance |  |
+| minizipTest.cpp:34:41:34:44 | **argv | minizipTest.cpp:40:52:40:67 | *access to array | provenance |  |
+| minizipTest.cpp:34:41:34:44 | **argv | minizipTest.cpp:52:41:52:47 | *access to array | provenance |  |
+| minizipTest.cpp:34:41:34:44 | **argv | minizipTest.cpp:67:13:67:19 | *access to array | provenance |  |
+| minizipTest.cpp:52:29:52:38 | **zip_reader | minizipTest.cpp:58:30:58:39 | **zip_reader | provenance |  |
+| minizipTest.cpp:52:29:52:38 | *zip_reader | minizipTest.cpp:58:30:58:39 | *zip_reader | provenance |  |
+| minizipTest.cpp:52:41:52:47 | *access to array | minizipTest.cpp:52:29:52:38 | **zip_reader | provenance | Config |
+| minizipTest.cpp:52:41:52:47 | *access to array | minizipTest.cpp:52:29:52:38 | *zip_reader | provenance | Config |
 | zlibTest.cpp:52:25:52:25 | *a | zlibTest.cpp:63:25:63:35 | *a | provenance |  |
 | zlibTest.cpp:63:25:63:35 | *a | zlibTest.cpp:52:25:52:25 | *a | provenance |  |
 | zlibTest.cpp:63:25:63:35 | *a | zlibTest.cpp:69:17:69:26 | & ... | provenance | Config |
@@ -103,18 +59,11 @@ edges
 | zlibTest.cpp:132:29:132:36 | *fileName | zlibTest.cpp:131:24:131:31 | *fileName | provenance |  |
 | zlibTest.cpp:132:29:132:36 | *fileName | zlibTest.cpp:132:22:132:27 | call to gzopen | provenance | Config |
 | zlibTest.cpp:156:41:156:45 | *input | zlibTest.cpp:163:29:163:43 | *input | provenance |  |
-| zlibTest.cpp:156:41:156:45 | input | zlibTest.cpp:163:29:163:43 | input | provenance |  |
 | zlibTest.cpp:168:32:168:35 | **argv | zlibTest.cpp:169:19:169:25 | *access to array | provenance |  |
 | zlibTest.cpp:168:32:168:35 | **argv | zlibTest.cpp:170:18:170:24 | *access to array | provenance |  |
 | zlibTest.cpp:168:32:168:35 | **argv | zlibTest.cpp:171:19:171:25 | *access to array | provenance |  |
 | zlibTest.cpp:168:32:168:35 | **argv | zlibTest.cpp:172:18:172:24 | *access to array | provenance |  |
 | zlibTest.cpp:168:32:168:35 | **argv | zlibTest.cpp:174:19:174:66 | *access to array | provenance |  |
-| zlibTest.cpp:168:32:168:35 | *argv | zlibTest.cpp:169:19:169:25 | *access to array | provenance |  |
-| zlibTest.cpp:168:32:168:35 | *argv | zlibTest.cpp:170:18:170:24 | *access to array | provenance |  |
-| zlibTest.cpp:168:32:168:35 | *argv | zlibTest.cpp:171:19:171:25 | *access to array | provenance |  |
-| zlibTest.cpp:168:32:168:35 | *argv | zlibTest.cpp:172:18:172:24 | *access to array | provenance |  |
-| zlibTest.cpp:168:32:168:35 | *argv | zlibTest.cpp:174:19:174:66 | *access to array | provenance |  |
-| zlibTest.cpp:168:32:168:35 | *argv | zlibTest.cpp:174:19:174:66 | access to array | provenance |  |
 | zlibTest.cpp:169:19:169:25 | *access to array | zlibTest.cpp:114:25:114:32 | *fileName | provenance |  |
 | zlibTest.cpp:169:19:169:25 | *access to array | zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | provenance |  |
 | zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | zlibTest.cpp:170:18:170:24 | *access to array | provenance |  |
@@ -134,35 +83,22 @@ edges
 | zlibTest.cpp:172:18:172:24 | *access to array | zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument | provenance |  |
 | zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument | zlibTest.cpp:174:19:174:66 | *access to array | provenance |  |
 | zlibTest.cpp:174:19:174:66 | *access to array | zlibTest.cpp:156:41:156:45 | *input | provenance |  |
-| zlibTest.cpp:174:19:174:66 | access to array | zlibTest.cpp:156:41:156:45 | input | provenance |  |
 nodes
-| brotliTest.cpp:29:40:29:43 | **argv | semmle.label | **argv |
-| brotliTest.cpp:29:40:29:43 | **argv | semmle.label | **argv |
-| brotliTest.cpp:31:42:31:60 | *access to array | semmle.label | *access to array |
-| brotliTest.cpp:37:35:37:40 | *input2 | semmle.label | *input2 |
-| libarchiveTests.cpp:10:46:10:46 | *a | semmle.label | *a |
-| libarchiveTests.cpp:10:46:10:46 | *a | semmle.label | *a |
-| libarchiveTests.cpp:38:48:38:55 | *pArchive | semmle.label | *pArchive |
-| libarchiveTests.cpp:38:48:38:55 | *pArchive | semmle.label | *pArchive |
-| libarchiveTests.cpp:57:45:57:52 | *pArchive | semmle.label | *pArchive |
-| libarchiveTests.cpp:57:45:57:52 | *pArchive | semmle.label | *pArchive |
-| libarchiveTests.cpp:86:38:86:39 | *ar | semmle.label | *ar |
-| libarchiveTests.cpp:86:38:86:39 | *ar | semmle.label | *ar |
-| libarchiveTests.cpp:86:38:86:39 | *ar [Return] | semmle.label | *ar [Return] |
-| libarchiveTests.cpp:93:33:93:34 | *ar | semmle.label | *ar |
-| libarchiveTests.cpp:93:33:93:34 | *ar | semmle.label | *ar |
-| libarchiveTests.cpp:93:33:93:34 | archive_read_data_block output argument | semmle.label | archive_read_data_block output argument |
-| libarchiveTests.cpp:105:33:105:40 | *filename | semmle.label | *filename |
-| libarchiveTests.cpp:123:37:123:37 | *a | semmle.label | *a |
-| libarchiveTests.cpp:123:37:123:37 | archive_read_open_filename output argument | semmle.label | archive_read_open_filename output argument |
-| libarchiveTests.cpp:123:40:123:47 | *filename | semmle.label | *filename |
-| libarchiveTests.cpp:126:34:126:34 | *a | semmle.label | *a |
-| libarchiveTests.cpp:126:34:126:34 | archive_read_next_header output argument | semmle.label | archive_read_next_header output argument |
-| libarchiveTests.cpp:129:23:129:23 | *a | semmle.label | *a |
-| libarchiveTests.cpp:129:23:129:23 | copy_data output argument | semmle.label | copy_data output argument |
-| libarchiveTests.cpp:144:44:144:47 | **argv | semmle.label | **argv |
-| libarchiveTests.cpp:144:44:144:47 | **argv | semmle.label | **argv |
-| libarchiveTests.cpp:145:13:145:19 | *access to array | semmle.label | *access to array |
+| brotliTest.cpp:26:40:26:43 | **argv | semmle.label | **argv |
+| brotliTest.cpp:26:40:26:43 | **argv | semmle.label | **argv |
+| brotliTest.cpp:28:42:28:60 | *access to array | semmle.label | *access to array |
+| brotliTest.cpp:34:35:34:40 | *input2 | semmle.label | *input2 |
+| libarchiveTests.cpp:49:38:49:39 | *ar | semmle.label | *ar |
+| libarchiveTests.cpp:49:38:49:39 | *ar | semmle.label | *ar |
+| libarchiveTests.cpp:56:33:56:34 | *ar | semmle.label | *ar |
+| libarchiveTests.cpp:68:33:68:40 | *filename | semmle.label | *filename |
+| libarchiveTests.cpp:86:37:86:37 | *a | semmle.label | *a |
+| libarchiveTests.cpp:86:40:86:47 | *filename | semmle.label | *filename |
+| libarchiveTests.cpp:92:23:92:23 | *a | semmle.label | *a |
+| libarchiveTests.cpp:92:23:92:23 | copy_data output argument | semmle.label | copy_data output argument |
+| libarchiveTests.cpp:107:44:107:47 | **argv | semmle.label | **argv |
+| libarchiveTests.cpp:107:44:107:47 | **argv | semmle.label | **argv |
+| libarchiveTests.cpp:108:13:108:19 | *access to array | semmle.label | *access to array |
 | main.cpp:7:33:7:36 | **argv | semmle.label | **argv |
 | main.cpp:8:23:8:26 | **argv | semmle.label | **argv |
 | main.cpp:8:23:8:26 | brotli_test output argument | semmle.label | brotli_test output argument |
@@ -170,30 +106,16 @@ nodes
 | main.cpp:9:27:9:30 | libarchive_test output argument | semmle.label | libarchive_test output argument |
 | main.cpp:10:24:10:27 | **argv | semmle.label | **argv |
 | main.cpp:10:24:10:27 | minizip_test output argument | semmle.label | minizip_test output argument |
-| main.cpp:10:24:10:27 | minizip_test output argument | semmle.label | minizip_test output argument |
 | main.cpp:11:21:11:24 | **argv | semmle.label | **argv |
-| main.cpp:11:21:11:24 | *argv | semmle.label | *argv |
-| minizipTest.cpp:28:46:28:48 | *buf | semmle.label | *buf |
-| minizipTest.cpp:28:46:28:48 | *buf | semmle.label | *buf |
-| minizipTest.cpp:36:41:36:44 | **argv | semmle.label | **argv |
-| minizipTest.cpp:36:41:36:44 | **argv | semmle.label | **argv |
-| minizipTest.cpp:36:41:36:44 | **argv [Return] | semmle.label | **argv [Return] |
-| minizipTest.cpp:42:52:42:67 | *access to array | semmle.label | *access to array |
-| minizipTest.cpp:42:52:42:67 | *access to array | semmle.label | *access to array |
-| minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument | semmle.label | mz_zip_entry_read output argument |
-| minizipTest.cpp:54:29:54:38 | **zip_reader | semmle.label | **zip_reader |
-| minizipTest.cpp:54:29:54:38 | *zip_reader | semmle.label | *zip_reader |
-| minizipTest.cpp:54:29:54:38 | mz_zip_reader_open_file output argument | semmle.label | mz_zip_reader_open_file output argument |
-| minizipTest.cpp:54:41:54:47 | *access to array | semmle.label | *access to array |
-| minizipTest.cpp:55:36:55:45 | *zip_reader | semmle.label | *zip_reader |
-| minizipTest.cpp:55:36:55:45 | mz_zip_reader_goto_first_entry output argument | semmle.label | mz_zip_reader_goto_first_entry output argument |
-| minizipTest.cpp:60:30:60:39 | **zip_reader | semmle.label | **zip_reader |
-| minizipTest.cpp:60:30:60:39 | *zip_reader | semmle.label | *zip_reader |
-| minizipTest.cpp:69:13:69:19 | *access to array | semmle.label | *access to array |
-| minizipTest.cpp:101:46:101:50 | *pVoid | semmle.label | *pVoid |
-| minizipTest.cpp:101:46:101:50 | *pVoid | semmle.label | *pVoid |
-| minizipTest.cpp:109:39:109:44 | *handle | semmle.label | *handle |
-| minizipTest.cpp:109:39:109:44 | *handle | semmle.label | *handle |
+| minizipTest.cpp:34:41:34:44 | **argv | semmle.label | **argv |
+| minizipTest.cpp:34:41:34:44 | **argv | semmle.label | **argv |
+| minizipTest.cpp:40:52:40:67 | *access to array | semmle.label | *access to array |
+| minizipTest.cpp:52:29:52:38 | **zip_reader | semmle.label | **zip_reader |
+| minizipTest.cpp:52:29:52:38 | *zip_reader | semmle.label | *zip_reader |
+| minizipTest.cpp:52:41:52:47 | *access to array | semmle.label | *access to array |
+| minizipTest.cpp:58:30:58:39 | **zip_reader | semmle.label | **zip_reader |
+| minizipTest.cpp:58:30:58:39 | *zip_reader | semmle.label | *zip_reader |
+| minizipTest.cpp:67:13:67:19 | *access to array | semmle.label | *access to array |
 | zlibTest.cpp:52:25:52:25 | *a | semmle.label | *a |
 | zlibTest.cpp:52:25:52:25 | *a | semmle.label | *a |
 | zlibTest.cpp:63:25:63:35 | *a | semmle.label | *a |
@@ -218,11 +140,8 @@ nodes
 | zlibTest.cpp:132:29:132:36 | *fileName | semmle.label | *fileName |
 | zlibTest.cpp:139:25:139:31 | inFileZ | semmle.label | inFileZ |
 | zlibTest.cpp:156:41:156:45 | *input | semmle.label | *input |
-| zlibTest.cpp:156:41:156:45 | input | semmle.label | input |
 | zlibTest.cpp:163:29:163:43 | *input | semmle.label | *input |
-| zlibTest.cpp:163:29:163:43 | input | semmle.label | input |
 | zlibTest.cpp:168:32:168:35 | **argv | semmle.label | **argv |
-| zlibTest.cpp:168:32:168:35 | *argv | semmle.label | *argv |
 | zlibTest.cpp:169:19:169:25 | *access to array | semmle.label | *access to array |
 | zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | semmle.label | UnsafeGzfread output argument |
 | zlibTest.cpp:170:18:170:24 | *access to array | semmle.label | *access to array |
@@ -232,36 +151,25 @@ nodes
 | zlibTest.cpp:172:18:172:24 | *access to array | semmle.label | *access to array |
 | zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument | semmle.label | UnsafeGzread output argument |
 | zlibTest.cpp:174:19:174:66 | *access to array | semmle.label | *access to array |
-| zlibTest.cpp:174:19:174:66 | access to array | semmle.label | access to array |
 subpaths
-| libarchiveTests.cpp:93:33:93:34 | *ar | libarchiveTests.cpp:57:45:57:52 | *pArchive | libarchiveTests.cpp:57:45:57:52 | *pArchive | libarchiveTests.cpp:93:33:93:34 | archive_read_data_block output argument |
-| libarchiveTests.cpp:123:37:123:37 | *a | libarchiveTests.cpp:38:48:38:55 | *pArchive | libarchiveTests.cpp:38:48:38:55 | *pArchive | libarchiveTests.cpp:123:37:123:37 | archive_read_open_filename output argument |
-| libarchiveTests.cpp:126:34:126:34 | *a | libarchiveTests.cpp:10:46:10:46 | *a | libarchiveTests.cpp:10:46:10:46 | *a | libarchiveTests.cpp:126:34:126:34 | archive_read_next_header output argument |
-| libarchiveTests.cpp:129:23:129:23 | *a | libarchiveTests.cpp:86:38:86:39 | *ar | libarchiveTests.cpp:86:38:86:39 | *ar | libarchiveTests.cpp:129:23:129:23 | copy_data output argument |
-| libarchiveTests.cpp:129:23:129:23 | *a | libarchiveTests.cpp:86:38:86:39 | *ar | libarchiveTests.cpp:86:38:86:39 | *ar [Return] | libarchiveTests.cpp:129:23:129:23 | copy_data output argument |
-| main.cpp:8:23:8:26 | **argv | brotliTest.cpp:29:40:29:43 | **argv | brotliTest.cpp:29:40:29:43 | **argv | main.cpp:8:23:8:26 | brotli_test output argument |
-| main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:144:44:144:47 | **argv | libarchiveTests.cpp:144:44:144:47 | **argv | main.cpp:9:27:9:30 | libarchive_test output argument |
-| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:36:41:36:44 | **argv | minizipTest.cpp:36:41:36:44 | **argv | main.cpp:10:24:10:27 | minizip_test output argument |
-| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:36:41:36:44 | **argv | minizipTest.cpp:36:41:36:44 | **argv [Return] | main.cpp:10:24:10:27 | minizip_test output argument |
-| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:36:41:36:44 | **argv | minizipTest.cpp:36:41:36:44 | **argv [Return] | main.cpp:10:24:10:27 | minizip_test output argument |
-| minizipTest.cpp:42:52:42:67 | *access to array | minizipTest.cpp:28:46:28:48 | *buf | minizipTest.cpp:28:46:28:48 | *buf | minizipTest.cpp:42:52:42:67 | mz_zip_entry_read output argument |
-| minizipTest.cpp:54:29:54:38 | *zip_reader | minizipTest.cpp:109:39:109:44 | *handle | minizipTest.cpp:109:39:109:44 | *handle | minizipTest.cpp:54:29:54:38 | mz_zip_reader_open_file output argument |
-| minizipTest.cpp:55:36:55:45 | *zip_reader | minizipTest.cpp:101:46:101:50 | *pVoid | minizipTest.cpp:101:46:101:50 | *pVoid | minizipTest.cpp:55:36:55:45 | mz_zip_reader_goto_first_entry output argument |
+| libarchiveTests.cpp:92:23:92:23 | *a | libarchiveTests.cpp:49:38:49:39 | *ar | libarchiveTests.cpp:49:38:49:39 | *ar | libarchiveTests.cpp:92:23:92:23 | copy_data output argument |
+| main.cpp:8:23:8:26 | **argv | brotliTest.cpp:26:40:26:43 | **argv | brotliTest.cpp:26:40:26:43 | **argv | main.cpp:8:23:8:26 | brotli_test output argument |
+| main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:107:44:107:47 | **argv | libarchiveTests.cpp:107:44:107:47 | **argv | main.cpp:9:27:9:30 | libarchive_test output argument |
+| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:34:41:34:44 | **argv | minizipTest.cpp:34:41:34:44 | **argv | main.cpp:10:24:10:27 | minizip_test output argument |
 | zlibTest.cpp:169:19:169:25 | *access to array | zlibTest.cpp:114:25:114:32 | *fileName | zlibTest.cpp:114:25:114:32 | *fileName | zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument |
 | zlibTest.cpp:170:18:170:24 | *access to array | zlibTest.cpp:131:24:131:31 | *fileName | zlibTest.cpp:131:24:131:31 | *fileName | zlibTest.cpp:170:18:170:24 | UnsafeGzgets output argument |
 | zlibTest.cpp:171:19:171:25 | *access to array | zlibTest.cpp:52:25:52:25 | *a | zlibTest.cpp:52:25:52:25 | *a | zlibTest.cpp:171:19:171:25 | UnsafeInflate output argument |
 | zlibTest.cpp:172:18:172:24 | *access to array | zlibTest.cpp:93:24:93:31 | *fileName | zlibTest.cpp:93:24:93:31 | *fileName | zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument |
 #select
-| brotliTest.cpp:31:42:31:60 | *access to array | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:31:42:31:60 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| brotliTest.cpp:37:35:37:40 | *input2 | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:37:35:37:40 | *input2 | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| libarchiveTests.cpp:93:33:93:34 | *ar | main.cpp:7:33:7:36 | **argv | libarchiveTests.cpp:93:33:93:34 | *ar | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| minizipTest.cpp:42:52:42:67 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:42:52:42:67 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | **zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:60:30:60:39 | **zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| minizipTest.cpp:60:30:60:39 | *zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:60:30:60:39 | *zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| minizipTest.cpp:69:13:69:19 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:69:13:69:19 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| brotliTest.cpp:28:42:28:60 | *access to array | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:28:42:28:60 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| brotliTest.cpp:34:35:34:40 | *input2 | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:34:35:34:40 | *input2 | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| libarchiveTests.cpp:56:33:56:34 | *ar | main.cpp:7:33:7:36 | **argv | libarchiveTests.cpp:56:33:56:34 | *ar | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| minizipTest.cpp:40:52:40:67 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:40:52:40:67 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| minizipTest.cpp:58:30:58:39 | **zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:58:30:58:39 | **zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| minizipTest.cpp:58:30:58:39 | *zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:58:30:58:39 | *zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| minizipTest.cpp:67:13:67:19 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:67:13:67:19 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | zlibTest.cpp:70:13:70:22 | & ... | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:70:13:70:22 | & ... | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | zlibTest.cpp:101:32:101:38 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:101:32:101:38 | inFileZ | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | zlibTest.cpp:121:38:121:44 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:121:38:121:44 | inFileZ | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | zlibTest.cpp:139:25:139:31 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:139:25:139:31 | inFileZ | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | zlibTest.cpp:163:29:163:43 | *input | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:163:29:163:43 | *input | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| zlibTest.cpp:163:29:163:43 | input | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:163:29:163:43 | input | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp
index f56b5b789488..4ff9713a0c2d 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp
@@ -9,9 +9,6 @@ BrotliDecoderResult BrotliDecoderDecompress(
         size_t *decoded_size,
         uint8_t decoded_buffer[]) { return static_cast<BrotliDecoderResult>(0); };
 
-struct {
-} BrotliDecoderStateStruct;
-
 void strncpy(char *string, const char *string1, int i);
 
 typedef struct BrotliDecoderStateStruct BrotliDecoderState;
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp
index 58ed97b93696..b169416d3a39 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp
@@ -7,81 +7,44 @@
 #define    ARCHIVE_WARN    (-20)    /* Partial success. */
 
 
-int archive_read_next_header(struct archive *a, struct archive_entry **entry) {
-    return 1;
-}
-
-static struct archive *archive_read_new() {
-    return nullptr;
-}
-
-static archive *archive_write_disk_new() {
-    return nullptr;
-}
-
-static void archive_read_support_format_all(archive *pArchive) {
-
-}
+int archive_read_next_header(struct archive *a, struct archive_entry **entry);
 
-static void archive_read_support_filter_all(archive *pArchive) {
+struct archive *archive_read_new();
 
-}
-
-static void archive_write_disk_set_options(archive *pArchive, int flags) {
-
-}
+archive *archive_write_disk_new();
 
-static void archive_write_disk_set_standard_lookup(archive *pArchive) {
+void archive_read_support_format_all(archive *pArchive);
 
-}
+void archive_read_support_filter_all(archive *pArchive);
 
-static int archive_read_open_filename(archive *pArchive, const char *filename, int i) {}
+void archive_write_disk_set_options(archive *pArchive, int flags);
 
-static void archive_error_string(archive *pArchive) {
+void archive_write_disk_set_standard_lookup(archive *pArchive);
 
-}
+int archive_read_open_filename(archive *pArchive, const char *filename, int i);
 
-struct archive_entry {
-};
+struct archive_entry;
 
-static int archive_write_header(archive *pArchive, archive_entry *entry) {
-    return 0;
-}
+int archive_write_header(archive *pArchive, archive_entry *entry);
 
-static int archive_entry_size(archive_entry *pEntry) {
-}
+int archive_entry_size(archive_entry *pEntry);
 
 typedef int size_t;
 typedef int la_int64_t;
 
-static int archive_read_data_block(archive *pArchive, const void **pVoid, size_t *pInt, la_int64_t *pInt1) {
-    return 0;
-}
-
-static int archive_write_data_block(archive *pArchive, const void *pVoid, size_t size, la_int64_t offset) {
-    return 0;
-}
-
-static int archive_write_finish_entry(archive *pArchive) {
-    return 0;
-}
-
-static void archive_read_close(archive *pArchive) {
-
-}
-
-static void archive_read_free(archive *pArchive) {
+int archive_read_data_block(archive *pArchive, const void **pVoid, size_t *pInt, la_int64_t *pInt1);
 
-}
+int archive_write_data_block(archive *pArchive, const void *pVoid, size_t size, la_int64_t offset);
 
-static void archive_write_close(archive *pArchive) {
+int archive_write_finish_entry(archive *pArchive);
 
-}
+void archive_read_close(archive *pArchive);
 
-static void archive_write_free(archive *pArchive) {
+void archive_read_free(archive *pArchive);
 
-}
+void archive_write_close(archive *pArchive);
 
+void archive_write_free(archive *pArchive);
 
 static int copy_data(struct archive *ar, struct archive *aw) {
     int r;
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp
index 76747b837ac4..62368ceb4754 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp
@@ -25,9 +25,7 @@ int32_t mz_zip_reader_entry_save(void *pVoid, int stream, int write);
 
 void UnzOpen(const char *string);
 
-int32_t mz_zip_entry_read(void *pVoid, void *buf, int32_t i) {
-    return 0;
-}
+int32_t mz_zip_entry_read(void *pVoid, void *buf, int32_t i);
 
 void *mz_zip_create() {
     return nullptr;
@@ -70,51 +68,26 @@ int minizip_test(int argc, const char **argv) {
     return 0;
 }
 
-void UnzOpen(const char *path) {
-
-}
-
-int32_t mz_zip_reader_entry_save(void *pVoid, int stream, int write) {
-    return 0;
-}
-
-void mz_zip_reader_delete(void **pVoid) {
-
-}
+void UnzOpen(const char *path);
 
-void mz_zip_reader_close(void *pVoid) {
-
-}
-
-void mz_stream_os_delete(void **pVoid) {
+int32_t mz_zip_reader_entry_save(void *pVoid, int stream, int write);
 
-}
+void mz_zip_reader_delete(void **pVoid);
 
-void mz_stream_os_close(void *pVoid) {
+void mz_zip_reader_close(void *pVoid);
 
-}
+void mz_stream_os_delete(void **pVoid);
 
-int32_t mz_stream_os_open(void *pVoid, const char *path, int write) {
-    return 0;
-}
+void mz_stream_os_close(void *pVoid);
 
-int32_t mz_zip_reader_goto_first_entry(void *pVoid) {
-    return 0;
-}
+int32_t mz_stream_os_open(void *pVoid, const char *path, int write);
 
-void *mz_zip_reader_create() {
-    return nullptr;
-}
+int32_t mz_zip_reader_goto_first_entry(void *pVoid);
 
-int32_t mz_zip_reader_open_file(void *handle, const char *path) {
-    return 0;
-}
+void *mz_zip_reader_create();
 
-int32_t mz_zip_reader_open_file_in_memory(void *handle, const char *path) {
-    return 0;
-}
+int32_t mz_zip_reader_open_file(void *handle, const char *path);
 
-void *mz_stream_os_create() {
-    return nullptr;
-}
+int32_t mz_zip_reader_open_file_in_memory(void *handle, const char *path);
 
+void *mz_stream_os_create();
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zstdTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zstdTest.cpp
index a8c39a762511..510a10c5c7a3 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zstdTest.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zstdTest.cpp
@@ -1,25 +1,16 @@
 typedef struct _IO_FILE FILE;
 
-static FILE *fopen_orDie(const char *filename, const char *instruction) {
-    return nullptr;
-}
+FILE *fopen_orDie(const char *filename, const char *instruction);
 
 typedef long unsigned int size_t;
 
-static const size_t ZSTD_DStreamInSize() {
-    return 0;
-}
+const size_t ZSTD_DStreamInSize();
 
-static void *const malloc_orDie(const size_t size) {
-    return nullptr;
-}
+void *const malloc_orDie(const size_t size);
 
-static const size_t ZSTD_DStreamOutSize() {
-    return 0;
-}
+const size_t ZSTD_DStreamOutSize();
 
-struct ZSTD_DCtx {
-};
+struct ZSTD_DCtx;
 
 typedef struct ZSTD_inBuffer_s {
     const void *src;
@@ -32,44 +23,25 @@ typedef struct ZSTD_outBuffer_s {
     size_t pos;
 } ZSTD_outBuffer;
 
-static ZSTD_DCtx *const ZSTD_createDCtx() {
-    return nullptr;
-}
-
-static void CHECK(bool b, const char *string) {
-
-}
-
-static size_t fread_orDie(void *const pVoid, const size_t read, FILE *const pFile) {
-}
-
-static void CHECK_ZSTD(const size_t ret) {
-
-}
-
-static void fwrite_orDie(void *const pVoid, size_t pos, FILE *const pFile) {
-
-}
-
-static void exit(int i) {
+ZSTD_DCtx *const ZSTD_createDCtx();
 
-}
+void CHECK(bool b, const char *string);
 
-static void fclose_orDie(FILE *const pFile) {
+size_t fread_orDie(void *const pVoid, const size_t read, FILE *const pFile);
 
-}
+void CHECK_ZSTD(const size_t ret);
 
-static void free(void *const pVoid) {
+void fwrite_orDie(void *const pVoid, size_t pos, FILE *const pFile);
 
-}
+void exit(int i);
 
-static const size_t ZSTD_decompressStream(ZSTD_DCtx *const pCtx, ZSTD_outBuffer *pS, ZSTD_inBuffer *pS1) {
+void fclose_orDie(FILE *const pFile);
 
-}
+void free(void *const pVoid);
 
-static void ZSTD_freeDCtx(ZSTD_DCtx *const pCtx) {
+const size_t ZSTD_decompressStream(ZSTD_DCtx *const pCtx, ZSTD_outBuffer *pS, ZSTD_inBuffer *pS1);
 
-}
+void ZSTD_freeDCtx(ZSTD_DCtx *const pCtx);
 
 static void decompressFile_orDie(const char *fname) {
     FILE *const fin = fopen_orDie(fname, "rb");

From d8a70d8d58c729d91960b90be360a3d8edf109d7 Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Wed, 4 Sep 2024 10:23:51 +0200
Subject: [PATCH 04/17] C++: Add test annotations

---
 .../CWE/CWE-409/DecompressionBombs/brotliTest.cpp      |  4 ++--
 .../CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp |  2 +-
 .../CWE/CWE-409/DecompressionBombs/minizipTest.cpp     |  6 +++---
 .../CWE/CWE-409/DecompressionBombs/zlibTest.cpp        | 10 +++++-----
 4 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp
index 4ff9713a0c2d..3444c6c3c1cf 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp
@@ -25,13 +25,13 @@ namespace std {
 
 int brotli_test(int argc, const char **argv) {
     uint8_t *output = nullptr;
-    BrotliDecoderDecompress(1024 * 1024, (uint8_t *) argv[2],
+    BrotliDecoderDecompress(1024 * 1024, (uint8_t *) argv[2], // BAD
                             reinterpret_cast<size_t *>(1024 * 1024 * 1024), output);
     uint8_t **output2 = nullptr;
     const uint8_t **input2 = nullptr;
     std::strncpy(reinterpret_cast<char *>(input2), argv[2], 32);
     BrotliDecoderDecompressStream(0, reinterpret_cast<size_t *>(1024 * 1024),
-                                  input2, reinterpret_cast<size_t *>(1024 * 1024 * 1024),
+                                  input2, reinterpret_cast<size_t *>(1024 * 1024 * 1024), // BAD
                                   output2,
                                   reinterpret_cast<size_t *>(1024 * 1024 * 1024));
     return 0;
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp
index b169416d3a39..b6103fe54ea7 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp
@@ -53,7 +53,7 @@ static int copy_data(struct archive *ar, struct archive *aw) {
     la_int64_t offset;
 
     for (;;) {
-        archive_read_data_block(ar, &buff, &size, &offset);
+        archive_read_data_block(ar, &buff, &size, &offset); // BAD
         if (r == ARCHIVE_EOF)
             return (ARCHIVE_OK);
         if (r < ARCHIVE_OK)
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp
index 62368ceb4754..cc5dd387fe92 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp
@@ -37,7 +37,7 @@ int minizip_test(int argc, const char **argv) {
     int32_t err;
     char buf[4096];
     do {
-        bytes_read = mz_zip_entry_read(zip_handle, (char *) argv[1], sizeof(buf));
+        bytes_read = mz_zip_entry_read(zip_handle, (char *) argv[1], sizeof(buf)); // BAD
         if (bytes_read < 0) {
             err = bytes_read;
         }
@@ -55,7 +55,7 @@ int minizip_test(int argc, const char **argv) {
     mz_stream_os_open(entry_stream, entry_path, 1);
     int file_stream;
     int mz_stream_os_write;
-    mz_zip_reader_entry_save(zip_reader, file_stream, mz_stream_os_write);
+    mz_zip_reader_entry_save(zip_reader, file_stream, mz_stream_os_write); // BAD
     // the above sink is same as "mz_zip_reader_entry_save", "mz_zip_reader_entry_read", "mz_zip_reader_entry_save_process",
     // "mz_zip_reader_entry_save_file", "mz_zip_reader_entry_save_buffer", "mz_zip_reader_save_all" and "mz_zip_entry_read" functions
     mz_stream_os_close(entry_stream);
@@ -64,7 +64,7 @@ int minizip_test(int argc, const char **argv) {
     mz_zip_reader_delete(&zip_reader);
 
 
-    UnzOpen(argv[3]);
+    UnzOpen(argv[3]); // BAD
     return 0;
 }
 
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zlibTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zlibTest.cpp
index 92e7b09b0906..0c12c60c14ad 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zlibTest.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zlibTest.cpp
@@ -67,7 +67,7 @@ int UnsafeInflate(char *a) {
     // uLong  total_out; /* total number of bytes output so far */
     // the actual DE-compression work.
     inflateInit(&infstream);
-    inflate(&infstream, Z_NO_FLUSH);
+    inflate(&infstream, Z_NO_FLUSH); // BAD
     inflateEnd(&infstream);
 
 
@@ -98,7 +98,7 @@ int UnsafeGzread(char *fileName) {
     unsigned char unzipBuffer[8192];
     unsigned int unzippedBytes;
     while (true) {
-        unzippedBytes = gzread(inFileZ, unzipBuffer, 8192);
+        unzippedBytes = gzread(inFileZ, unzipBuffer, 8192); // BAD
         if (unzippedBytes > 0) {
             std::cout << unzippedBytes;
         } else {
@@ -118,7 +118,7 @@ int UnsafeGzfread(char *fileName) {
     }
     while (true) {
         char buffer[1000];
-        if (!gzfread(buffer, 999, 1, inFileZ)) {
+        if (!gzfread(buffer, 999, 1, inFileZ)) { // BAD
             break;
         }
     }
@@ -136,7 +136,7 @@ int UnsafeGzgets(char *fileName) {
     char *buffer = new char[4000000000];
     char *result;
     while (true) {
-        result = gzgets(inFileZ, buffer, 1000000000);
+        result = gzgets(inFileZ, buffer, 1000000000); // BAD
         if (result == nullptr) {
             break;
         }
@@ -160,7 +160,7 @@ bool InflateString(const unsigned char *input, const unsigned char *output, size
     destination_length = (uLong) output_length;
 
     int result = uncompress((Bytef *) output, &destination_length,
-                            (Bytef *) input, source_length);
+                            (Bytef *) input, source_length); // BAD
 
     return result == Z_OK;
 }

From ad3605c5950c2af222e0a9faf557aca2cb8b0b4b Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Wed, 4 Sep 2024 10:26:53 +0200
Subject: [PATCH 05/17] C++: Minor test clean up

---
 .../DecompressionBombs.expected               | 56 +++++++++----------
 .../CWE-409/DecompressionBombs/brotliTest.cpp |  3 +-
 .../DecompressionBombs/libarchiveTests.cpp    |  3 +-
 .../CWE/CWE-409/DecompressionBombs/main.cpp   | 10 ++--
 .../DecompressionBombs/minizipTest.cpp        | 27 +--------
 .../CWE-409/DecompressionBombs/zlibTest.cpp   |  4 +-
 .../CWE-409/DecompressionBombs/zstdTest.cpp   |  3 +-
 7 files changed, 39 insertions(+), 67 deletions(-)

diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
index cf83e5726bf5..38098f2d3a9b 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
@@ -1,7 +1,7 @@
 edges
-| brotliTest.cpp:26:40:26:43 | **argv | brotliTest.cpp:26:40:26:43 | **argv | provenance |  |
-| brotliTest.cpp:26:40:26:43 | **argv | brotliTest.cpp:28:42:28:60 | *access to array | provenance |  |
-| brotliTest.cpp:26:40:26:43 | **argv | brotliTest.cpp:34:35:34:40 | *input2 | provenance | TaintFunction |
+| brotliTest.cpp:26:41:26:44 | **argv | brotliTest.cpp:26:41:26:44 | **argv | provenance |  |
+| brotliTest.cpp:26:41:26:44 | **argv | brotliTest.cpp:28:42:28:60 | *access to array | provenance |  |
+| brotliTest.cpp:26:41:26:44 | **argv | brotliTest.cpp:34:35:34:40 | *input2 | provenance | TaintFunction |
 | libarchiveTests.cpp:49:38:49:39 | *ar | libarchiveTests.cpp:49:38:49:39 | *ar | provenance |  |
 | libarchiveTests.cpp:49:38:49:39 | *ar | libarchiveTests.cpp:56:33:56:34 | *ar | provenance |  |
 | libarchiveTests.cpp:68:33:68:40 | *filename | libarchiveTests.cpp:86:40:86:47 | *filename | provenance |  |
@@ -10,30 +10,30 @@ edges
 | libarchiveTests.cpp:92:23:92:23 | *a | libarchiveTests.cpp:49:38:49:39 | *ar | provenance |  |
 | libarchiveTests.cpp:92:23:92:23 | *a | libarchiveTests.cpp:92:23:92:23 | copy_data output argument | provenance |  |
 | libarchiveTests.cpp:92:23:92:23 | copy_data output argument | libarchiveTests.cpp:92:23:92:23 | *a | provenance |  |
-| libarchiveTests.cpp:107:44:107:47 | **argv | libarchiveTests.cpp:107:44:107:47 | **argv | provenance |  |
-| libarchiveTests.cpp:107:44:107:47 | **argv | libarchiveTests.cpp:108:13:108:19 | *access to array | provenance |  |
+| libarchiveTests.cpp:107:45:107:48 | **argv | libarchiveTests.cpp:107:45:107:48 | **argv | provenance |  |
+| libarchiveTests.cpp:107:45:107:48 | **argv | libarchiveTests.cpp:108:13:108:19 | *access to array | provenance |  |
 | libarchiveTests.cpp:108:13:108:19 | *access to array | libarchiveTests.cpp:68:33:68:40 | *filename | provenance |  |
 | main.cpp:7:33:7:36 | **argv | main.cpp:8:23:8:26 | **argv | provenance |  |
 | main.cpp:7:33:7:36 | **argv | main.cpp:9:27:9:30 | **argv | provenance |  |
 | main.cpp:7:33:7:36 | **argv | main.cpp:10:24:10:27 | **argv | provenance |  |
 | main.cpp:7:33:7:36 | **argv | main.cpp:11:21:11:24 | **argv | provenance |  |
-| main.cpp:8:23:8:26 | **argv | brotliTest.cpp:26:40:26:43 | **argv | provenance |  |
+| main.cpp:8:23:8:26 | **argv | brotliTest.cpp:26:41:26:44 | **argv | provenance |  |
 | main.cpp:8:23:8:26 | **argv | main.cpp:8:23:8:26 | brotli_test output argument | provenance |  |
 | main.cpp:8:23:8:26 | brotli_test output argument | main.cpp:9:27:9:30 | **argv | provenance |  |
 | main.cpp:8:23:8:26 | brotli_test output argument | main.cpp:10:24:10:27 | **argv | provenance |  |
 | main.cpp:8:23:8:26 | brotli_test output argument | main.cpp:11:21:11:24 | **argv | provenance |  |
-| main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:107:44:107:47 | **argv | provenance |  |
+| main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:107:45:107:48 | **argv | provenance |  |
 | main.cpp:9:27:9:30 | **argv | main.cpp:9:27:9:30 | libarchive_test output argument | provenance |  |
 | main.cpp:9:27:9:30 | libarchive_test output argument | main.cpp:10:24:10:27 | **argv | provenance |  |
 | main.cpp:9:27:9:30 | libarchive_test output argument | main.cpp:11:21:11:24 | **argv | provenance |  |
 | main.cpp:10:24:10:27 | **argv | main.cpp:10:24:10:27 | minizip_test output argument | provenance |  |
-| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:34:41:34:44 | **argv | provenance |  |
+| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:34:42:34:45 | **argv | provenance |  |
 | main.cpp:10:24:10:27 | minizip_test output argument | main.cpp:11:21:11:24 | **argv | provenance |  |
-| main.cpp:11:21:11:24 | **argv | zlibTest.cpp:168:32:168:35 | **argv | provenance |  |
-| minizipTest.cpp:34:41:34:44 | **argv | minizipTest.cpp:34:41:34:44 | **argv | provenance |  |
-| minizipTest.cpp:34:41:34:44 | **argv | minizipTest.cpp:40:52:40:67 | *access to array | provenance |  |
-| minizipTest.cpp:34:41:34:44 | **argv | minizipTest.cpp:52:41:52:47 | *access to array | provenance |  |
-| minizipTest.cpp:34:41:34:44 | **argv | minizipTest.cpp:67:13:67:19 | *access to array | provenance |  |
+| main.cpp:11:21:11:24 | **argv | zlibTest.cpp:168:33:168:36 | **argv | provenance |  |
+| minizipTest.cpp:34:42:34:45 | **argv | minizipTest.cpp:34:42:34:45 | **argv | provenance |  |
+| minizipTest.cpp:34:42:34:45 | **argv | minizipTest.cpp:40:52:40:67 | *access to array | provenance |  |
+| minizipTest.cpp:34:42:34:45 | **argv | minizipTest.cpp:52:41:52:47 | *access to array | provenance |  |
+| minizipTest.cpp:34:42:34:45 | **argv | minizipTest.cpp:67:13:67:19 | *access to array | provenance |  |
 | minizipTest.cpp:52:29:52:38 | **zip_reader | minizipTest.cpp:58:30:58:39 | **zip_reader | provenance |  |
 | minizipTest.cpp:52:29:52:38 | *zip_reader | minizipTest.cpp:58:30:58:39 | *zip_reader | provenance |  |
 | minizipTest.cpp:52:41:52:47 | *access to array | minizipTest.cpp:52:29:52:38 | **zip_reader | provenance | Config |
@@ -59,11 +59,11 @@ edges
 | zlibTest.cpp:132:29:132:36 | *fileName | zlibTest.cpp:131:24:131:31 | *fileName | provenance |  |
 | zlibTest.cpp:132:29:132:36 | *fileName | zlibTest.cpp:132:22:132:27 | call to gzopen | provenance | Config |
 | zlibTest.cpp:156:41:156:45 | *input | zlibTest.cpp:163:29:163:43 | *input | provenance |  |
-| zlibTest.cpp:168:32:168:35 | **argv | zlibTest.cpp:169:19:169:25 | *access to array | provenance |  |
-| zlibTest.cpp:168:32:168:35 | **argv | zlibTest.cpp:170:18:170:24 | *access to array | provenance |  |
-| zlibTest.cpp:168:32:168:35 | **argv | zlibTest.cpp:171:19:171:25 | *access to array | provenance |  |
-| zlibTest.cpp:168:32:168:35 | **argv | zlibTest.cpp:172:18:172:24 | *access to array | provenance |  |
-| zlibTest.cpp:168:32:168:35 | **argv | zlibTest.cpp:174:19:174:66 | *access to array | provenance |  |
+| zlibTest.cpp:168:33:168:36 | **argv | zlibTest.cpp:169:19:169:25 | *access to array | provenance |  |
+| zlibTest.cpp:168:33:168:36 | **argv | zlibTest.cpp:170:18:170:24 | *access to array | provenance |  |
+| zlibTest.cpp:168:33:168:36 | **argv | zlibTest.cpp:171:19:171:25 | *access to array | provenance |  |
+| zlibTest.cpp:168:33:168:36 | **argv | zlibTest.cpp:172:18:172:24 | *access to array | provenance |  |
+| zlibTest.cpp:168:33:168:36 | **argv | zlibTest.cpp:174:19:174:66 | *access to array | provenance |  |
 | zlibTest.cpp:169:19:169:25 | *access to array | zlibTest.cpp:114:25:114:32 | *fileName | provenance |  |
 | zlibTest.cpp:169:19:169:25 | *access to array | zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | provenance |  |
 | zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | zlibTest.cpp:170:18:170:24 | *access to array | provenance |  |
@@ -84,8 +84,8 @@ edges
 | zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument | zlibTest.cpp:174:19:174:66 | *access to array | provenance |  |
 | zlibTest.cpp:174:19:174:66 | *access to array | zlibTest.cpp:156:41:156:45 | *input | provenance |  |
 nodes
-| brotliTest.cpp:26:40:26:43 | **argv | semmle.label | **argv |
-| brotliTest.cpp:26:40:26:43 | **argv | semmle.label | **argv |
+| brotliTest.cpp:26:41:26:44 | **argv | semmle.label | **argv |
+| brotliTest.cpp:26:41:26:44 | **argv | semmle.label | **argv |
 | brotliTest.cpp:28:42:28:60 | *access to array | semmle.label | *access to array |
 | brotliTest.cpp:34:35:34:40 | *input2 | semmle.label | *input2 |
 | libarchiveTests.cpp:49:38:49:39 | *ar | semmle.label | *ar |
@@ -96,8 +96,8 @@ nodes
 | libarchiveTests.cpp:86:40:86:47 | *filename | semmle.label | *filename |
 | libarchiveTests.cpp:92:23:92:23 | *a | semmle.label | *a |
 | libarchiveTests.cpp:92:23:92:23 | copy_data output argument | semmle.label | copy_data output argument |
-| libarchiveTests.cpp:107:44:107:47 | **argv | semmle.label | **argv |
-| libarchiveTests.cpp:107:44:107:47 | **argv | semmle.label | **argv |
+| libarchiveTests.cpp:107:45:107:48 | **argv | semmle.label | **argv |
+| libarchiveTests.cpp:107:45:107:48 | **argv | semmle.label | **argv |
 | libarchiveTests.cpp:108:13:108:19 | *access to array | semmle.label | *access to array |
 | main.cpp:7:33:7:36 | **argv | semmle.label | **argv |
 | main.cpp:8:23:8:26 | **argv | semmle.label | **argv |
@@ -107,8 +107,8 @@ nodes
 | main.cpp:10:24:10:27 | **argv | semmle.label | **argv |
 | main.cpp:10:24:10:27 | minizip_test output argument | semmle.label | minizip_test output argument |
 | main.cpp:11:21:11:24 | **argv | semmle.label | **argv |
-| minizipTest.cpp:34:41:34:44 | **argv | semmle.label | **argv |
-| minizipTest.cpp:34:41:34:44 | **argv | semmle.label | **argv |
+| minizipTest.cpp:34:42:34:45 | **argv | semmle.label | **argv |
+| minizipTest.cpp:34:42:34:45 | **argv | semmle.label | **argv |
 | minizipTest.cpp:40:52:40:67 | *access to array | semmle.label | *access to array |
 | minizipTest.cpp:52:29:52:38 | **zip_reader | semmle.label | **zip_reader |
 | minizipTest.cpp:52:29:52:38 | *zip_reader | semmle.label | *zip_reader |
@@ -141,7 +141,7 @@ nodes
 | zlibTest.cpp:139:25:139:31 | inFileZ | semmle.label | inFileZ |
 | zlibTest.cpp:156:41:156:45 | *input | semmle.label | *input |
 | zlibTest.cpp:163:29:163:43 | *input | semmle.label | *input |
-| zlibTest.cpp:168:32:168:35 | **argv | semmle.label | **argv |
+| zlibTest.cpp:168:33:168:36 | **argv | semmle.label | **argv |
 | zlibTest.cpp:169:19:169:25 | *access to array | semmle.label | *access to array |
 | zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | semmle.label | UnsafeGzfread output argument |
 | zlibTest.cpp:170:18:170:24 | *access to array | semmle.label | *access to array |
@@ -153,9 +153,9 @@ nodes
 | zlibTest.cpp:174:19:174:66 | *access to array | semmle.label | *access to array |
 subpaths
 | libarchiveTests.cpp:92:23:92:23 | *a | libarchiveTests.cpp:49:38:49:39 | *ar | libarchiveTests.cpp:49:38:49:39 | *ar | libarchiveTests.cpp:92:23:92:23 | copy_data output argument |
-| main.cpp:8:23:8:26 | **argv | brotliTest.cpp:26:40:26:43 | **argv | brotliTest.cpp:26:40:26:43 | **argv | main.cpp:8:23:8:26 | brotli_test output argument |
-| main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:107:44:107:47 | **argv | libarchiveTests.cpp:107:44:107:47 | **argv | main.cpp:9:27:9:30 | libarchive_test output argument |
-| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:34:41:34:44 | **argv | minizipTest.cpp:34:41:34:44 | **argv | main.cpp:10:24:10:27 | minizip_test output argument |
+| main.cpp:8:23:8:26 | **argv | brotliTest.cpp:26:41:26:44 | **argv | brotliTest.cpp:26:41:26:44 | **argv | main.cpp:8:23:8:26 | brotli_test output argument |
+| main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:107:45:107:48 | **argv | libarchiveTests.cpp:107:45:107:48 | **argv | main.cpp:9:27:9:30 | libarchive_test output argument |
+| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:34:42:34:45 | **argv | minizipTest.cpp:34:42:34:45 | **argv | main.cpp:10:24:10:27 | minizip_test output argument |
 | zlibTest.cpp:169:19:169:25 | *access to array | zlibTest.cpp:114:25:114:32 | *fileName | zlibTest.cpp:114:25:114:32 | *fileName | zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument |
 | zlibTest.cpp:170:18:170:24 | *access to array | zlibTest.cpp:131:24:131:31 | *fileName | zlibTest.cpp:131:24:131:31 | *fileName | zlibTest.cpp:170:18:170:24 | UnsafeGzgets output argument |
 | zlibTest.cpp:171:19:171:25 | *access to array | zlibTest.cpp:52:25:52:25 | *a | zlibTest.cpp:52:25:52:25 | *a | zlibTest.cpp:171:19:171:25 | UnsafeInflate output argument |
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp
index 3444c6c3c1cf..ec802ae326ec 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp
@@ -23,7 +23,7 @@ namespace std {
     }
 }
 
-int brotli_test(int argc, const char **argv) {
+void brotli_test(int argc, const char **argv) {
     uint8_t *output = nullptr;
     BrotliDecoderDecompress(1024 * 1024, (uint8_t *) argv[2], // BAD
                             reinterpret_cast<size_t *>(1024 * 1024 * 1024), output);
@@ -34,5 +34,4 @@ int brotli_test(int argc, const char **argv) {
                                   input2, reinterpret_cast<size_t *>(1024 * 1024 * 1024), // BAD
                                   output2,
                                   reinterpret_cast<size_t *>(1024 * 1024 * 1024));
-    return 0;
 }
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp
index b6103fe54ea7..70ff6cef17f7 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp
@@ -104,7 +104,6 @@ static void extract(const char *filename) {
 }
 
 
-int libarchive_test(int argc, const char **argv) {
+void libarchive_test(int argc, const char **argv) {
     extract(argv[1]);
-    return 0;
 }
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/main.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/main.cpp
index 4417099e949f..47f76ff079ba 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/main.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/main.cpp
@@ -1,8 +1,8 @@
-int brotli_test(int argc, const char **argv);
-int libarchive_test(int argc, const char **argv);
-int minizip_test(int argc, const char **argv);
-int zlib_test(int argc, const char **argv);
-int zstd_test(int argc, const char **argv);
+void brotli_test(int argc, const char **argv);
+void libarchive_test(int argc, const char **argv);
+void minizip_test(int argc, const char **argv);
+void zlib_test(int argc, const char **argv);
+void zstd_test(int argc, const char **argv);
 
 int main(int argc, const char **argv) {
     brotli_test(argc, argv);
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp
index cc5dd387fe92..f89e8698108d 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp
@@ -31,7 +31,7 @@ void *mz_zip_create() {
     return nullptr;
 }
 
-int minizip_test(int argc, const char **argv) {
+void minizip_test(int argc, const char **argv) {
     void *zip_handle = mz_zip_create();
     int32_t bytes_read;
     int32_t err;
@@ -65,29 +65,4 @@ int minizip_test(int argc, const char **argv) {
 
 
     UnzOpen(argv[3]); // BAD
-    return 0;
 }
-
-void UnzOpen(const char *path);
-
-int32_t mz_zip_reader_entry_save(void *pVoid, int stream, int write);
-
-void mz_zip_reader_delete(void **pVoid);
-
-void mz_zip_reader_close(void *pVoid);
-
-void mz_stream_os_delete(void **pVoid);
-
-void mz_stream_os_close(void *pVoid);
-
-int32_t mz_stream_os_open(void *pVoid, const char *path, int write);
-
-int32_t mz_zip_reader_goto_first_entry(void *pVoid);
-
-void *mz_zip_reader_create();
-
-int32_t mz_zip_reader_open_file(void *handle, const char *path);
-
-int32_t mz_zip_reader_open_file_in_memory(void *handle, const char *path);
-
-void *mz_stream_os_create();
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zlibTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zlibTest.cpp
index 0c12c60c14ad..697500f139b5 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zlibTest.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zlibTest.cpp
@@ -151,7 +151,7 @@ typedef unsigned char Bytef;
 #define Z_OK            0
 
 int uncompress(Bytef *dest, uLongf *destLen,
-               const Bytef *source, uLong sourceLen) { return 0; }
+               const Bytef *source, uLong sourceLen);
 
 bool InflateString(const unsigned char *input, const unsigned char *output, size_t output_length) {
     uLong source_length;
@@ -165,7 +165,7 @@ bool InflateString(const unsigned char *input, const unsigned char *output, size
     return result == Z_OK;
 }
 
-int zlib_test(int argc, char **argv) {
+void zlib_test(int argc, char **argv) {
     UnsafeGzfread(argv[2]);
     UnsafeGzgets(argv[2]);
     UnsafeInflate(argv[2]);
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zstdTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zstdTest.cpp
index 510a10c5c7a3..e19f2d4c6757 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zstdTest.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zstdTest.cpp
@@ -83,8 +83,7 @@ static void decompressFile_orDie(const char *fname) {
 }
 
 
-int zstd_test(int argc, const char **argv) {
+void zstd_test(int argc, const char **argv) {
     const char *const inFilename = argv[1];
     decompressFile_orDie(inFilename);
-    return 0;
 }

From 078e63524c7697a03856e00566cec22d35e00d78 Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Wed, 4 Sep 2024 10:48:25 +0200
Subject: [PATCH 06/17] C++: Remove code that is irrelevant for the zlib test

---
 .../DecompressionBombs.expected               | 180 +++++++++---------
 .../CWE-409/DecompressionBombs/zlibTest.cpp   | 143 +++-----------
 2 files changed, 117 insertions(+), 206 deletions(-)

diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
index 38098f2d3a9b..75b842c270aa 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
@@ -29,7 +29,7 @@ edges
 | main.cpp:10:24:10:27 | **argv | main.cpp:10:24:10:27 | minizip_test output argument | provenance |  |
 | main.cpp:10:24:10:27 | **argv | minizipTest.cpp:34:42:34:45 | **argv | provenance |  |
 | main.cpp:10:24:10:27 | minizip_test output argument | main.cpp:11:21:11:24 | **argv | provenance |  |
-| main.cpp:11:21:11:24 | **argv | zlibTest.cpp:168:33:168:36 | **argv | provenance |  |
+| main.cpp:11:21:11:24 | **argv | zlibTest.cpp:80:33:80:36 | **argv | provenance |  |
 | minizipTest.cpp:34:42:34:45 | **argv | minizipTest.cpp:34:42:34:45 | **argv | provenance |  |
 | minizipTest.cpp:34:42:34:45 | **argv | minizipTest.cpp:40:52:40:67 | *access to array | provenance |  |
 | minizipTest.cpp:34:42:34:45 | **argv | minizipTest.cpp:52:41:52:47 | *access to array | provenance |  |
@@ -38,51 +38,51 @@ edges
 | minizipTest.cpp:52:29:52:38 | *zip_reader | minizipTest.cpp:58:30:58:39 | *zip_reader | provenance |  |
 | minizipTest.cpp:52:41:52:47 | *access to array | minizipTest.cpp:52:29:52:38 | **zip_reader | provenance | Config |
 | minizipTest.cpp:52:41:52:47 | *access to array | minizipTest.cpp:52:29:52:38 | *zip_reader | provenance | Config |
-| zlibTest.cpp:52:25:52:25 | *a | zlibTest.cpp:63:25:63:35 | *a | provenance |  |
-| zlibTest.cpp:63:25:63:35 | *a | zlibTest.cpp:52:25:52:25 | *a | provenance |  |
-| zlibTest.cpp:63:25:63:35 | *a | zlibTest.cpp:69:17:69:26 | & ... | provenance | Config |
-| zlibTest.cpp:63:25:63:35 | *a | zlibTest.cpp:70:13:70:22 | & ... | provenance | Config |
-| zlibTest.cpp:69:17:69:26 | & ... | zlibTest.cpp:70:13:70:22 | & ... | provenance |  |
-| zlibTest.cpp:93:24:93:31 | *fileName | zlibTest.cpp:94:29:94:36 | *fileName | provenance |  |
-| zlibTest.cpp:94:22:94:27 | call to gzopen | zlibTest.cpp:94:22:94:27 | call to gzopen | provenance |  |
-| zlibTest.cpp:94:22:94:27 | call to gzopen | zlibTest.cpp:101:32:101:38 | inFileZ | provenance |  |
-| zlibTest.cpp:94:29:94:36 | *fileName | zlibTest.cpp:93:24:93:31 | *fileName | provenance |  |
-| zlibTest.cpp:94:29:94:36 | *fileName | zlibTest.cpp:94:22:94:27 | call to gzopen | provenance | Config |
-| zlibTest.cpp:114:25:114:32 | *fileName | zlibTest.cpp:115:29:115:36 | *fileName | provenance |  |
-| zlibTest.cpp:115:22:115:27 | call to gzopen | zlibTest.cpp:115:22:115:27 | call to gzopen | provenance |  |
-| zlibTest.cpp:115:22:115:27 | call to gzopen | zlibTest.cpp:121:38:121:44 | inFileZ | provenance |  |
-| zlibTest.cpp:115:29:115:36 | *fileName | zlibTest.cpp:114:25:114:32 | *fileName | provenance |  |
-| zlibTest.cpp:115:29:115:36 | *fileName | zlibTest.cpp:115:22:115:27 | call to gzopen | provenance | Config |
-| zlibTest.cpp:131:24:131:31 | *fileName | zlibTest.cpp:132:29:132:36 | *fileName | provenance |  |
-| zlibTest.cpp:132:22:132:27 | call to gzopen | zlibTest.cpp:132:22:132:27 | call to gzopen | provenance |  |
-| zlibTest.cpp:132:22:132:27 | call to gzopen | zlibTest.cpp:139:25:139:31 | inFileZ | provenance |  |
-| zlibTest.cpp:132:29:132:36 | *fileName | zlibTest.cpp:131:24:131:31 | *fileName | provenance |  |
-| zlibTest.cpp:132:29:132:36 | *fileName | zlibTest.cpp:132:22:132:27 | call to gzopen | provenance | Config |
-| zlibTest.cpp:156:41:156:45 | *input | zlibTest.cpp:163:29:163:43 | *input | provenance |  |
-| zlibTest.cpp:168:33:168:36 | **argv | zlibTest.cpp:169:19:169:25 | *access to array | provenance |  |
-| zlibTest.cpp:168:33:168:36 | **argv | zlibTest.cpp:170:18:170:24 | *access to array | provenance |  |
-| zlibTest.cpp:168:33:168:36 | **argv | zlibTest.cpp:171:19:171:25 | *access to array | provenance |  |
-| zlibTest.cpp:168:33:168:36 | **argv | zlibTest.cpp:172:18:172:24 | *access to array | provenance |  |
-| zlibTest.cpp:168:33:168:36 | **argv | zlibTest.cpp:174:19:174:66 | *access to array | provenance |  |
-| zlibTest.cpp:169:19:169:25 | *access to array | zlibTest.cpp:114:25:114:32 | *fileName | provenance |  |
-| zlibTest.cpp:169:19:169:25 | *access to array | zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | provenance |  |
-| zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | zlibTest.cpp:170:18:170:24 | *access to array | provenance |  |
-| zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | zlibTest.cpp:171:19:171:25 | *access to array | provenance |  |
-| zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | zlibTest.cpp:172:18:172:24 | *access to array | provenance |  |
-| zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | zlibTest.cpp:174:19:174:66 | *access to array | provenance |  |
-| zlibTest.cpp:170:18:170:24 | *access to array | zlibTest.cpp:131:24:131:31 | *fileName | provenance |  |
-| zlibTest.cpp:170:18:170:24 | *access to array | zlibTest.cpp:170:18:170:24 | UnsafeGzgets output argument | provenance |  |
-| zlibTest.cpp:170:18:170:24 | UnsafeGzgets output argument | zlibTest.cpp:171:19:171:25 | *access to array | provenance |  |
-| zlibTest.cpp:170:18:170:24 | UnsafeGzgets output argument | zlibTest.cpp:172:18:172:24 | *access to array | provenance |  |
-| zlibTest.cpp:170:18:170:24 | UnsafeGzgets output argument | zlibTest.cpp:174:19:174:66 | *access to array | provenance |  |
-| zlibTest.cpp:171:19:171:25 | *access to array | zlibTest.cpp:52:25:52:25 | *a | provenance |  |
-| zlibTest.cpp:171:19:171:25 | *access to array | zlibTest.cpp:171:19:171:25 | UnsafeInflate output argument | provenance |  |
-| zlibTest.cpp:171:19:171:25 | UnsafeInflate output argument | zlibTest.cpp:172:18:172:24 | *access to array | provenance |  |
-| zlibTest.cpp:171:19:171:25 | UnsafeInflate output argument | zlibTest.cpp:174:19:174:66 | *access to array | provenance |  |
-| zlibTest.cpp:172:18:172:24 | *access to array | zlibTest.cpp:93:24:93:31 | *fileName | provenance |  |
-| zlibTest.cpp:172:18:172:24 | *access to array | zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument | provenance |  |
-| zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument | zlibTest.cpp:174:19:174:66 | *access to array | provenance |  |
-| zlibTest.cpp:174:19:174:66 | *access to array | zlibTest.cpp:156:41:156:45 | *input | provenance |  |
+| zlibTest.cpp:16:26:16:30 | *input | zlibTest.cpp:20:25:20:39 | *input | provenance |  |
+| zlibTest.cpp:20:25:20:39 | *input | zlibTest.cpp:16:26:16:30 | *input | provenance |  |
+| zlibTest.cpp:20:25:20:39 | *input | zlibTest.cpp:24:17:24:26 | & ... | provenance | Config |
+| zlibTest.cpp:20:25:20:39 | *input | zlibTest.cpp:25:13:25:22 | & ... | provenance | Config |
+| zlibTest.cpp:24:17:24:26 | & ... | zlibTest.cpp:25:13:25:22 | & ... | provenance |  |
+| zlibTest.cpp:37:25:37:32 | *fileName | zlibTest.cpp:38:29:38:36 | *fileName | provenance |  |
+| zlibTest.cpp:38:22:38:27 | call to gzopen | zlibTest.cpp:38:22:38:27 | call to gzopen | provenance |  |
+| zlibTest.cpp:38:22:38:27 | call to gzopen | zlibTest.cpp:41:20:41:26 | inFileZ | provenance |  |
+| zlibTest.cpp:38:29:38:36 | *fileName | zlibTest.cpp:37:25:37:32 | *fileName | provenance |  |
+| zlibTest.cpp:38:29:38:36 | *fileName | zlibTest.cpp:38:22:38:27 | call to gzopen | provenance | Config |
+| zlibTest.cpp:47:26:47:33 | *fileName | zlibTest.cpp:48:29:48:36 | *fileName | provenance |  |
+| zlibTest.cpp:48:22:48:27 | call to gzopen | zlibTest.cpp:48:22:48:27 | call to gzopen | provenance |  |
+| zlibTest.cpp:48:22:48:27 | call to gzopen | zlibTest.cpp:51:38:51:44 | inFileZ | provenance |  |
+| zlibTest.cpp:48:29:48:36 | *fileName | zlibTest.cpp:47:26:47:33 | *fileName | provenance |  |
+| zlibTest.cpp:48:29:48:36 | *fileName | zlibTest.cpp:48:22:48:27 | call to gzopen | provenance | Config |
+| zlibTest.cpp:57:25:57:32 | *fileName | zlibTest.cpp:58:29:58:36 | *fileName | provenance |  |
+| zlibTest.cpp:58:22:58:27 | call to gzopen | zlibTest.cpp:58:22:58:27 | call to gzopen | provenance |  |
+| zlibTest.cpp:58:22:58:27 | call to gzopen | zlibTest.cpp:62:25:62:31 | inFileZ | provenance |  |
+| zlibTest.cpp:58:29:58:36 | *fileName | zlibTest.cpp:57:25:57:32 | *fileName | provenance |  |
+| zlibTest.cpp:58:29:58:36 | *fileName | zlibTest.cpp:58:22:58:27 | call to gzopen | provenance | Config |
+| zlibTest.cpp:71:26:71:30 | *input | zlibTest.cpp:77:45:77:59 | *input | provenance |  |
+| zlibTest.cpp:80:33:80:36 | **argv | zlibTest.cpp:81:19:81:25 | *access to array | provenance |  |
+| zlibTest.cpp:80:33:80:36 | **argv | zlibTest.cpp:82:18:82:24 | *access to array | provenance |  |
+| zlibTest.cpp:80:33:80:36 | **argv | zlibTest.cpp:83:19:83:25 | *access to array | provenance |  |
+| zlibTest.cpp:80:33:80:36 | **argv | zlibTest.cpp:84:18:84:24 | *access to array | provenance |  |
+| zlibTest.cpp:80:33:80:36 | **argv | zlibTest.cpp:85:19:85:25 | *access to array | provenance |  |
+| zlibTest.cpp:81:19:81:25 | *access to array | zlibTest.cpp:47:26:47:33 | *fileName | provenance |  |
+| zlibTest.cpp:81:19:81:25 | *access to array | zlibTest.cpp:81:19:81:25 | UnsafeGzfread output argument | provenance |  |
+| zlibTest.cpp:81:19:81:25 | UnsafeGzfread output argument | zlibTest.cpp:82:18:82:24 | *access to array | provenance |  |
+| zlibTest.cpp:81:19:81:25 | UnsafeGzfread output argument | zlibTest.cpp:83:19:83:25 | *access to array | provenance |  |
+| zlibTest.cpp:81:19:81:25 | UnsafeGzfread output argument | zlibTest.cpp:84:18:84:24 | *access to array | provenance |  |
+| zlibTest.cpp:81:19:81:25 | UnsafeGzfread output argument | zlibTest.cpp:85:19:85:25 | *access to array | provenance |  |
+| zlibTest.cpp:82:18:82:24 | *access to array | zlibTest.cpp:57:25:57:32 | *fileName | provenance |  |
+| zlibTest.cpp:82:18:82:24 | *access to array | zlibTest.cpp:82:18:82:24 | UnsafeGzgets output argument | provenance |  |
+| zlibTest.cpp:82:18:82:24 | UnsafeGzgets output argument | zlibTest.cpp:83:19:83:25 | *access to array | provenance |  |
+| zlibTest.cpp:82:18:82:24 | UnsafeGzgets output argument | zlibTest.cpp:84:18:84:24 | *access to array | provenance |  |
+| zlibTest.cpp:82:18:82:24 | UnsafeGzgets output argument | zlibTest.cpp:85:19:85:25 | *access to array | provenance |  |
+| zlibTest.cpp:83:19:83:25 | *access to array | zlibTest.cpp:16:26:16:30 | *input | provenance |  |
+| zlibTest.cpp:83:19:83:25 | *access to array | zlibTest.cpp:83:19:83:25 | UnsafeInflate output argument | provenance |  |
+| zlibTest.cpp:83:19:83:25 | UnsafeInflate output argument | zlibTest.cpp:84:18:84:24 | *access to array | provenance |  |
+| zlibTest.cpp:83:19:83:25 | UnsafeInflate output argument | zlibTest.cpp:85:19:85:25 | *access to array | provenance |  |
+| zlibTest.cpp:84:18:84:24 | *access to array | zlibTest.cpp:37:25:37:32 | *fileName | provenance |  |
+| zlibTest.cpp:84:18:84:24 | *access to array | zlibTest.cpp:84:18:84:24 | UnsafeGzread output argument | provenance |  |
+| zlibTest.cpp:84:18:84:24 | UnsafeGzread output argument | zlibTest.cpp:85:19:85:25 | *access to array | provenance |  |
+| zlibTest.cpp:85:19:85:25 | *access to array | zlibTest.cpp:71:26:71:30 | *input | provenance |  |
 nodes
 | brotliTest.cpp:26:41:26:44 | **argv | semmle.label | **argv |
 | brotliTest.cpp:26:41:26:44 | **argv | semmle.label | **argv |
@@ -116,50 +116,50 @@ nodes
 | minizipTest.cpp:58:30:58:39 | **zip_reader | semmle.label | **zip_reader |
 | minizipTest.cpp:58:30:58:39 | *zip_reader | semmle.label | *zip_reader |
 | minizipTest.cpp:67:13:67:19 | *access to array | semmle.label | *access to array |
-| zlibTest.cpp:52:25:52:25 | *a | semmle.label | *a |
-| zlibTest.cpp:52:25:52:25 | *a | semmle.label | *a |
-| zlibTest.cpp:63:25:63:35 | *a | semmle.label | *a |
-| zlibTest.cpp:69:17:69:26 | & ... | semmle.label | & ... |
-| zlibTest.cpp:70:13:70:22 | & ... | semmle.label | & ... |
-| zlibTest.cpp:93:24:93:31 | *fileName | semmle.label | *fileName |
-| zlibTest.cpp:93:24:93:31 | *fileName | semmle.label | *fileName |
-| zlibTest.cpp:94:22:94:27 | call to gzopen | semmle.label | call to gzopen |
-| zlibTest.cpp:94:22:94:27 | call to gzopen | semmle.label | call to gzopen |
-| zlibTest.cpp:94:29:94:36 | *fileName | semmle.label | *fileName |
-| zlibTest.cpp:101:32:101:38 | inFileZ | semmle.label | inFileZ |
-| zlibTest.cpp:114:25:114:32 | *fileName | semmle.label | *fileName |
-| zlibTest.cpp:114:25:114:32 | *fileName | semmle.label | *fileName |
-| zlibTest.cpp:115:22:115:27 | call to gzopen | semmle.label | call to gzopen |
-| zlibTest.cpp:115:22:115:27 | call to gzopen | semmle.label | call to gzopen |
-| zlibTest.cpp:115:29:115:36 | *fileName | semmle.label | *fileName |
-| zlibTest.cpp:121:38:121:44 | inFileZ | semmle.label | inFileZ |
-| zlibTest.cpp:131:24:131:31 | *fileName | semmle.label | *fileName |
-| zlibTest.cpp:131:24:131:31 | *fileName | semmle.label | *fileName |
-| zlibTest.cpp:132:22:132:27 | call to gzopen | semmle.label | call to gzopen |
-| zlibTest.cpp:132:22:132:27 | call to gzopen | semmle.label | call to gzopen |
-| zlibTest.cpp:132:29:132:36 | *fileName | semmle.label | *fileName |
-| zlibTest.cpp:139:25:139:31 | inFileZ | semmle.label | inFileZ |
-| zlibTest.cpp:156:41:156:45 | *input | semmle.label | *input |
-| zlibTest.cpp:163:29:163:43 | *input | semmle.label | *input |
-| zlibTest.cpp:168:33:168:36 | **argv | semmle.label | **argv |
-| zlibTest.cpp:169:19:169:25 | *access to array | semmle.label | *access to array |
-| zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument | semmle.label | UnsafeGzfread output argument |
-| zlibTest.cpp:170:18:170:24 | *access to array | semmle.label | *access to array |
-| zlibTest.cpp:170:18:170:24 | UnsafeGzgets output argument | semmle.label | UnsafeGzgets output argument |
-| zlibTest.cpp:171:19:171:25 | *access to array | semmle.label | *access to array |
-| zlibTest.cpp:171:19:171:25 | UnsafeInflate output argument | semmle.label | UnsafeInflate output argument |
-| zlibTest.cpp:172:18:172:24 | *access to array | semmle.label | *access to array |
-| zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument | semmle.label | UnsafeGzread output argument |
-| zlibTest.cpp:174:19:174:66 | *access to array | semmle.label | *access to array |
+| zlibTest.cpp:16:26:16:30 | *input | semmle.label | *input |
+| zlibTest.cpp:16:26:16:30 | *input | semmle.label | *input |
+| zlibTest.cpp:20:25:20:39 | *input | semmle.label | *input |
+| zlibTest.cpp:24:17:24:26 | & ... | semmle.label | & ... |
+| zlibTest.cpp:25:13:25:22 | & ... | semmle.label | & ... |
+| zlibTest.cpp:37:25:37:32 | *fileName | semmle.label | *fileName |
+| zlibTest.cpp:37:25:37:32 | *fileName | semmle.label | *fileName |
+| zlibTest.cpp:38:22:38:27 | call to gzopen | semmle.label | call to gzopen |
+| zlibTest.cpp:38:22:38:27 | call to gzopen | semmle.label | call to gzopen |
+| zlibTest.cpp:38:29:38:36 | *fileName | semmle.label | *fileName |
+| zlibTest.cpp:41:20:41:26 | inFileZ | semmle.label | inFileZ |
+| zlibTest.cpp:47:26:47:33 | *fileName | semmle.label | *fileName |
+| zlibTest.cpp:47:26:47:33 | *fileName | semmle.label | *fileName |
+| zlibTest.cpp:48:22:48:27 | call to gzopen | semmle.label | call to gzopen |
+| zlibTest.cpp:48:22:48:27 | call to gzopen | semmle.label | call to gzopen |
+| zlibTest.cpp:48:29:48:36 | *fileName | semmle.label | *fileName |
+| zlibTest.cpp:51:38:51:44 | inFileZ | semmle.label | inFileZ |
+| zlibTest.cpp:57:25:57:32 | *fileName | semmle.label | *fileName |
+| zlibTest.cpp:57:25:57:32 | *fileName | semmle.label | *fileName |
+| zlibTest.cpp:58:22:58:27 | call to gzopen | semmle.label | call to gzopen |
+| zlibTest.cpp:58:22:58:27 | call to gzopen | semmle.label | call to gzopen |
+| zlibTest.cpp:58:29:58:36 | *fileName | semmle.label | *fileName |
+| zlibTest.cpp:62:25:62:31 | inFileZ | semmle.label | inFileZ |
+| zlibTest.cpp:71:26:71:30 | *input | semmle.label | *input |
+| zlibTest.cpp:77:45:77:59 | *input | semmle.label | *input |
+| zlibTest.cpp:80:33:80:36 | **argv | semmle.label | **argv |
+| zlibTest.cpp:81:19:81:25 | *access to array | semmle.label | *access to array |
+| zlibTest.cpp:81:19:81:25 | UnsafeGzfread output argument | semmle.label | UnsafeGzfread output argument |
+| zlibTest.cpp:82:18:82:24 | *access to array | semmle.label | *access to array |
+| zlibTest.cpp:82:18:82:24 | UnsafeGzgets output argument | semmle.label | UnsafeGzgets output argument |
+| zlibTest.cpp:83:19:83:25 | *access to array | semmle.label | *access to array |
+| zlibTest.cpp:83:19:83:25 | UnsafeInflate output argument | semmle.label | UnsafeInflate output argument |
+| zlibTest.cpp:84:18:84:24 | *access to array | semmle.label | *access to array |
+| zlibTest.cpp:84:18:84:24 | UnsafeGzread output argument | semmle.label | UnsafeGzread output argument |
+| zlibTest.cpp:85:19:85:25 | *access to array | semmle.label | *access to array |
 subpaths
 | libarchiveTests.cpp:92:23:92:23 | *a | libarchiveTests.cpp:49:38:49:39 | *ar | libarchiveTests.cpp:49:38:49:39 | *ar | libarchiveTests.cpp:92:23:92:23 | copy_data output argument |
 | main.cpp:8:23:8:26 | **argv | brotliTest.cpp:26:41:26:44 | **argv | brotliTest.cpp:26:41:26:44 | **argv | main.cpp:8:23:8:26 | brotli_test output argument |
 | main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:107:45:107:48 | **argv | libarchiveTests.cpp:107:45:107:48 | **argv | main.cpp:9:27:9:30 | libarchive_test output argument |
 | main.cpp:10:24:10:27 | **argv | minizipTest.cpp:34:42:34:45 | **argv | minizipTest.cpp:34:42:34:45 | **argv | main.cpp:10:24:10:27 | minizip_test output argument |
-| zlibTest.cpp:169:19:169:25 | *access to array | zlibTest.cpp:114:25:114:32 | *fileName | zlibTest.cpp:114:25:114:32 | *fileName | zlibTest.cpp:169:19:169:25 | UnsafeGzfread output argument |
-| zlibTest.cpp:170:18:170:24 | *access to array | zlibTest.cpp:131:24:131:31 | *fileName | zlibTest.cpp:131:24:131:31 | *fileName | zlibTest.cpp:170:18:170:24 | UnsafeGzgets output argument |
-| zlibTest.cpp:171:19:171:25 | *access to array | zlibTest.cpp:52:25:52:25 | *a | zlibTest.cpp:52:25:52:25 | *a | zlibTest.cpp:171:19:171:25 | UnsafeInflate output argument |
-| zlibTest.cpp:172:18:172:24 | *access to array | zlibTest.cpp:93:24:93:31 | *fileName | zlibTest.cpp:93:24:93:31 | *fileName | zlibTest.cpp:172:18:172:24 | UnsafeGzread output argument |
+| zlibTest.cpp:81:19:81:25 | *access to array | zlibTest.cpp:47:26:47:33 | *fileName | zlibTest.cpp:47:26:47:33 | *fileName | zlibTest.cpp:81:19:81:25 | UnsafeGzfread output argument |
+| zlibTest.cpp:82:18:82:24 | *access to array | zlibTest.cpp:57:25:57:32 | *fileName | zlibTest.cpp:57:25:57:32 | *fileName | zlibTest.cpp:82:18:82:24 | UnsafeGzgets output argument |
+| zlibTest.cpp:83:19:83:25 | *access to array | zlibTest.cpp:16:26:16:30 | *input | zlibTest.cpp:16:26:16:30 | *input | zlibTest.cpp:83:19:83:25 | UnsafeInflate output argument |
+| zlibTest.cpp:84:18:84:24 | *access to array | zlibTest.cpp:37:25:37:32 | *fileName | zlibTest.cpp:37:25:37:32 | *fileName | zlibTest.cpp:84:18:84:24 | UnsafeGzread output argument |
 #select
 | brotliTest.cpp:28:42:28:60 | *access to array | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:28:42:28:60 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | brotliTest.cpp:34:35:34:40 | *input2 | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:34:35:34:40 | *input2 | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
@@ -168,8 +168,8 @@ subpaths
 | minizipTest.cpp:58:30:58:39 | **zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:58:30:58:39 | **zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | minizipTest.cpp:58:30:58:39 | *zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:58:30:58:39 | *zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | minizipTest.cpp:67:13:67:19 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:67:13:67:19 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| zlibTest.cpp:70:13:70:22 | & ... | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:70:13:70:22 | & ... | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| zlibTest.cpp:101:32:101:38 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:101:32:101:38 | inFileZ | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| zlibTest.cpp:121:38:121:44 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:121:38:121:44 | inFileZ | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| zlibTest.cpp:139:25:139:31 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:139:25:139:31 | inFileZ | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| zlibTest.cpp:163:29:163:43 | *input | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:163:29:163:43 | *input | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| zlibTest.cpp:25:13:25:22 | & ... | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:25:13:25:22 | & ... | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| zlibTest.cpp:41:20:41:26 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:41:20:41:26 | inFileZ | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| zlibTest.cpp:51:38:51:44 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:51:38:51:44 | inFileZ | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| zlibTest.cpp:62:25:62:31 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:62:25:62:31 | inFileZ | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| zlibTest.cpp:77:45:77:59 | *input | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:77:45:77:59 | *input | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zlibTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zlibTest.cpp
index 697500f139b5..7643a607407b 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zlibTest.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/zlibTest.cpp
@@ -1,138 +1,61 @@
-#define Z_NULL  0
-#  define FAR
-typedef unsigned char Byte;
-typedef Byte FAR Bytef;
+typedef unsigned char Bytef;
+typedef unsigned long uLong;
+typedef uLong uLongf;
 typedef unsigned int uInt;
-#define Z_BEST_COMPRESSION       9
-#define Z_FINISH        4
-#define Z_NO_FLUSH      0
 
-
-typedef struct {
-    int *zalloc;
-    int *zfree;
+struct z_stream {
     Bytef *next_in;
     Bytef *next_out;
-    int *opaque;
     uInt avail_out;
-    uInt avail_in;
-} z_stream;
-
-
-void deflateInit(z_stream *defstream, int i);
-
-void deflate(z_stream *defstream, int i);
-
-void deflateEnd(z_stream *defstream);
+};
 
 void inflateInit(z_stream *infstream);
-
 void inflate(z_stream *infstream, int i);
-
 void inflateEnd(z_stream *infstream);
 
-namespace std {
-    template<class charT>
-    struct char_traits;
-
-    template<class charT, class traits = char_traits<charT> >
-    class basic_ostream {
-    public:
-        typedef charT char_type;
-    };
-
-    template<class charT, class traits>
-    basic_ostream<charT, traits> &operator<<(basic_ostream<charT, traits> &, const charT *);
-
-    typedef basic_ostream<char> ostream;
-
-    extern ostream cout;
-}
-
-int UnsafeInflate(char *a) {
-    // placeholder for the Uncompressed (inflated) version of "a"
-    char c[1024000];
+void UnsafeInflate(char *input) {
+    unsigned char output[1024];
 
     z_stream infstream;
-    infstream.zalloc = Z_NULL;
-    infstream.zfree = Z_NULL;
-    infstream.opaque = Z_NULL;
-    // setup "b" as the input and "c" as the compressed output
-    // TOTHINK: Here we can add additional step from Right operand to z_stream variable access
-    infstream.avail_in = (uInt) (1000); // size of input
-    infstream.next_in = (Bytef *) a; // input char array
-    infstream.avail_out = (uInt) sizeof(c); // size of output
-    infstream.next_out = (Bytef *) c; // output char array
-
-    // uLong  total_out; /* total number of bytes output so far */
-    // the actual DE-compression work.
-    inflateInit(&infstream);
-    inflate(&infstream, Z_NO_FLUSH); // BAD
-    inflateEnd(&infstream);
+    infstream.next_in = (Bytef *) input; // input char array
+    infstream.avail_out = sizeof(output); // size of output
+    infstream.next_out = output; // output char array
 
-
-    return 0;
+    inflateInit(&infstream);
+    inflate(&infstream, 0); // BAD
 }
 
 
-typedef struct {
-} gzFile;
+struct gzFile {
+};
 
 gzFile gzopen(char *str, const char *rb);
-
-
-void exit(int i);
-
 unsigned int gzread(gzFile gz_file, unsigned char *str, int i);
+bool gzfread(char *str, int i, int i1, gzFile gz_file);
+char *gzgets(gzFile gz_file, char *buffer, int i);
 
-void gzclose(gzFile gz_file);
-
-std::ostream operator<<(const std::ostream &lhs, unsigned char rhs);
-
-
-int UnsafeGzread(char *fileName) {
+void UnsafeGzread(char *fileName) {
     gzFile inFileZ = gzopen(fileName, "rb");
-    if (&inFileZ == nullptr) {
-        exit(0);
-    }
     unsigned char unzipBuffer[8192];
-    unsigned int unzippedBytes;
     while (true) {
-        unzippedBytes = gzread(inFileZ, unzipBuffer, 8192); // BAD
-        if (unzippedBytes > 0) {
-            std::cout << unzippedBytes;
-        } else {
+        if (gzread(inFileZ, unzipBuffer, 8192) <= 0) { // BAD
             break;
         }
     }
-    gzclose(inFileZ);
-    return 0;
 }
 
-bool gzfread(char *str, int i, int i1, gzFile gz_file);
-
-int UnsafeGzfread(char *fileName) {
+void UnsafeGzfread(char *fileName) {
     gzFile inFileZ = gzopen(fileName, "rb");
-    if (&inFileZ == nullptr) {
-        exit(0);
-    }
     while (true) {
         char buffer[1000];
         if (!gzfread(buffer, 999, 1, inFileZ)) { // BAD
             break;
         }
     }
-    gzclose(inFileZ);
-    return 0;
 }
 
-char *gzgets(gzFile gz_file, char *buffer, int i);
-
-int UnsafeGzgets(char *fileName) {
+void UnsafeGzgets(char *fileName) {
     gzFile inFileZ = gzopen(fileName, "rb");
-    if (&inFileZ == nullptr) {
-        exit(0);
-    }
     char *buffer = new char[4000000000];
     char *result;
     while (true) {
@@ -141,28 +64,17 @@ int UnsafeGzgets(char *fileName) {
             break;
         }
     }
-    return 0;
 }
 
-typedef unsigned long uLong;
-typedef long unsigned int size_t;
-typedef uLong uLongf;
-typedef unsigned char Bytef;
-#define Z_OK            0
-
-int uncompress(Bytef *dest, uLongf *destLen,
-               const Bytef *source, uLong sourceLen);
+int uncompress(Bytef *dest, uLongf *destLen, const Bytef *source, uLong sourceLen);
 
-bool InflateString(const unsigned char *input, const unsigned char *output, size_t output_length) {
-    uLong source_length;
-    source_length = (uLong) 500;
-    uLong destination_length;
-    destination_length = (uLong) output_length;
+void InflateString(char *input) {
+    unsigned char output[1024];
 
-    int result = uncompress((Bytef *) output, &destination_length,
-                            (Bytef *) input, source_length); // BAD
+    uLong source_length = 500;
+    uLong destination_length = sizeof(output);
 
-    return result == Z_OK;
+    uncompress(output, &destination_length, (Bytef *) input, source_length); // BAD
 }
 
 void zlib_test(int argc, char **argv) {
@@ -170,6 +82,5 @@ void zlib_test(int argc, char **argv) {
     UnsafeGzgets(argv[2]);
     UnsafeInflate(argv[2]);
     UnsafeGzread(argv[2]);
-    const unsigned char *output;
-    InflateString(reinterpret_cast<const unsigned char *>(argv[1]), output, 1024 * 1024 * 1024);
+    InflateString(argv[2]);
 }

From 09f6576e6b0a2c2f15fab044842332f0ef37de69 Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Wed, 4 Sep 2024 11:04:21 +0200
Subject: [PATCH 07/17] C++: Simplify libarchive test

---
 .../DecompressionBombs.expected               |  48 ++++----
 .../DecompressionBombs/libarchiveTests.cpp    | 109 ++++--------------
 2 files changed, 43 insertions(+), 114 deletions(-)

diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
index 75b842c270aa..d260d7e0b36c 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
@@ -2,17 +2,15 @@ edges
 | brotliTest.cpp:26:41:26:44 | **argv | brotliTest.cpp:26:41:26:44 | **argv | provenance |  |
 | brotliTest.cpp:26:41:26:44 | **argv | brotliTest.cpp:28:42:28:60 | *access to array | provenance |  |
 | brotliTest.cpp:26:41:26:44 | **argv | brotliTest.cpp:34:35:34:40 | *input2 | provenance | TaintFunction |
-| libarchiveTests.cpp:49:38:49:39 | *ar | libarchiveTests.cpp:49:38:49:39 | *ar | provenance |  |
-| libarchiveTests.cpp:49:38:49:39 | *ar | libarchiveTests.cpp:56:33:56:34 | *ar | provenance |  |
-| libarchiveTests.cpp:68:33:68:40 | *filename | libarchiveTests.cpp:86:40:86:47 | *filename | provenance |  |
-| libarchiveTests.cpp:86:37:86:37 | *a | libarchiveTests.cpp:92:23:92:23 | *a | provenance |  |
-| libarchiveTests.cpp:86:40:86:47 | *filename | libarchiveTests.cpp:86:37:86:37 | *a | provenance | Config |
-| libarchiveTests.cpp:92:23:92:23 | *a | libarchiveTests.cpp:49:38:49:39 | *ar | provenance |  |
-| libarchiveTests.cpp:92:23:92:23 | *a | libarchiveTests.cpp:92:23:92:23 | copy_data output argument | provenance |  |
-| libarchiveTests.cpp:92:23:92:23 | copy_data output argument | libarchiveTests.cpp:92:23:92:23 | *a | provenance |  |
-| libarchiveTests.cpp:107:45:107:48 | **argv | libarchiveTests.cpp:107:45:107:48 | **argv | provenance |  |
-| libarchiveTests.cpp:107:45:107:48 | **argv | libarchiveTests.cpp:108:13:108:19 | *access to array | provenance |  |
-| libarchiveTests.cpp:108:13:108:19 | *access to array | libarchiveTests.cpp:68:33:68:40 | *filename | provenance |  |
+| libarchiveTests.cpp:16:31:16:32 | *ar | libarchiveTests.cpp:16:31:16:32 | *ar | provenance |  |
+| libarchiveTests.cpp:16:31:16:32 | *ar | libarchiveTests.cpp:22:41:22:42 | *ar | provenance |  |
+| libarchiveTests.cpp:30:45:30:48 | **argv | libarchiveTests.cpp:30:45:30:48 | **argv | provenance |  |
+| libarchiveTests.cpp:30:45:30:48 | **argv | libarchiveTests.cpp:34:35:34:41 | *access to array | provenance |  |
+| libarchiveTests.cpp:34:32:34:32 | *a | libarchiveTests.cpp:38:27:38:27 | *a | provenance |  |
+| libarchiveTests.cpp:34:35:34:41 | *access to array | libarchiveTests.cpp:34:32:34:32 | *a | provenance | Config |
+| libarchiveTests.cpp:38:27:38:27 | *a | libarchiveTests.cpp:16:31:16:32 | *ar | provenance |  |
+| libarchiveTests.cpp:38:27:38:27 | *a | libarchiveTests.cpp:38:27:38:27 | read_data output argument | provenance |  |
+| libarchiveTests.cpp:38:27:38:27 | read_data output argument | libarchiveTests.cpp:38:27:38:27 | *a | provenance |  |
 | main.cpp:7:33:7:36 | **argv | main.cpp:8:23:8:26 | **argv | provenance |  |
 | main.cpp:7:33:7:36 | **argv | main.cpp:9:27:9:30 | **argv | provenance |  |
 | main.cpp:7:33:7:36 | **argv | main.cpp:10:24:10:27 | **argv | provenance |  |
@@ -22,7 +20,7 @@ edges
 | main.cpp:8:23:8:26 | brotli_test output argument | main.cpp:9:27:9:30 | **argv | provenance |  |
 | main.cpp:8:23:8:26 | brotli_test output argument | main.cpp:10:24:10:27 | **argv | provenance |  |
 | main.cpp:8:23:8:26 | brotli_test output argument | main.cpp:11:21:11:24 | **argv | provenance |  |
-| main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:107:45:107:48 | **argv | provenance |  |
+| main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:30:45:30:48 | **argv | provenance |  |
 | main.cpp:9:27:9:30 | **argv | main.cpp:9:27:9:30 | libarchive_test output argument | provenance |  |
 | main.cpp:9:27:9:30 | libarchive_test output argument | main.cpp:10:24:10:27 | **argv | provenance |  |
 | main.cpp:9:27:9:30 | libarchive_test output argument | main.cpp:11:21:11:24 | **argv | provenance |  |
@@ -88,17 +86,15 @@ nodes
 | brotliTest.cpp:26:41:26:44 | **argv | semmle.label | **argv |
 | brotliTest.cpp:28:42:28:60 | *access to array | semmle.label | *access to array |
 | brotliTest.cpp:34:35:34:40 | *input2 | semmle.label | *input2 |
-| libarchiveTests.cpp:49:38:49:39 | *ar | semmle.label | *ar |
-| libarchiveTests.cpp:49:38:49:39 | *ar | semmle.label | *ar |
-| libarchiveTests.cpp:56:33:56:34 | *ar | semmle.label | *ar |
-| libarchiveTests.cpp:68:33:68:40 | *filename | semmle.label | *filename |
-| libarchiveTests.cpp:86:37:86:37 | *a | semmle.label | *a |
-| libarchiveTests.cpp:86:40:86:47 | *filename | semmle.label | *filename |
-| libarchiveTests.cpp:92:23:92:23 | *a | semmle.label | *a |
-| libarchiveTests.cpp:92:23:92:23 | copy_data output argument | semmle.label | copy_data output argument |
-| libarchiveTests.cpp:107:45:107:48 | **argv | semmle.label | **argv |
-| libarchiveTests.cpp:107:45:107:48 | **argv | semmle.label | **argv |
-| libarchiveTests.cpp:108:13:108:19 | *access to array | semmle.label | *access to array |
+| libarchiveTests.cpp:16:31:16:32 | *ar | semmle.label | *ar |
+| libarchiveTests.cpp:16:31:16:32 | *ar | semmle.label | *ar |
+| libarchiveTests.cpp:22:41:22:42 | *ar | semmle.label | *ar |
+| libarchiveTests.cpp:30:45:30:48 | **argv | semmle.label | **argv |
+| libarchiveTests.cpp:30:45:30:48 | **argv | semmle.label | **argv |
+| libarchiveTests.cpp:34:32:34:32 | *a | semmle.label | *a |
+| libarchiveTests.cpp:34:35:34:41 | *access to array | semmle.label | *access to array |
+| libarchiveTests.cpp:38:27:38:27 | *a | semmle.label | *a |
+| libarchiveTests.cpp:38:27:38:27 | read_data output argument | semmle.label | read_data output argument |
 | main.cpp:7:33:7:36 | **argv | semmle.label | **argv |
 | main.cpp:8:23:8:26 | **argv | semmle.label | **argv |
 | main.cpp:8:23:8:26 | brotli_test output argument | semmle.label | brotli_test output argument |
@@ -152,9 +148,9 @@ nodes
 | zlibTest.cpp:84:18:84:24 | UnsafeGzread output argument | semmle.label | UnsafeGzread output argument |
 | zlibTest.cpp:85:19:85:25 | *access to array | semmle.label | *access to array |
 subpaths
-| libarchiveTests.cpp:92:23:92:23 | *a | libarchiveTests.cpp:49:38:49:39 | *ar | libarchiveTests.cpp:49:38:49:39 | *ar | libarchiveTests.cpp:92:23:92:23 | copy_data output argument |
+| libarchiveTests.cpp:38:27:38:27 | *a | libarchiveTests.cpp:16:31:16:32 | *ar | libarchiveTests.cpp:16:31:16:32 | *ar | libarchiveTests.cpp:38:27:38:27 | read_data output argument |
 | main.cpp:8:23:8:26 | **argv | brotliTest.cpp:26:41:26:44 | **argv | brotliTest.cpp:26:41:26:44 | **argv | main.cpp:8:23:8:26 | brotli_test output argument |
-| main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:107:45:107:48 | **argv | libarchiveTests.cpp:107:45:107:48 | **argv | main.cpp:9:27:9:30 | libarchive_test output argument |
+| main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:30:45:30:48 | **argv | libarchiveTests.cpp:30:45:30:48 | **argv | main.cpp:9:27:9:30 | libarchive_test output argument |
 | main.cpp:10:24:10:27 | **argv | minizipTest.cpp:34:42:34:45 | **argv | minizipTest.cpp:34:42:34:45 | **argv | main.cpp:10:24:10:27 | minizip_test output argument |
 | zlibTest.cpp:81:19:81:25 | *access to array | zlibTest.cpp:47:26:47:33 | *fileName | zlibTest.cpp:47:26:47:33 | *fileName | zlibTest.cpp:81:19:81:25 | UnsafeGzfread output argument |
 | zlibTest.cpp:82:18:82:24 | *access to array | zlibTest.cpp:57:25:57:32 | *fileName | zlibTest.cpp:57:25:57:32 | *fileName | zlibTest.cpp:82:18:82:24 | UnsafeGzgets output argument |
@@ -163,7 +159,7 @@ subpaths
 #select
 | brotliTest.cpp:28:42:28:60 | *access to array | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:28:42:28:60 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | brotliTest.cpp:34:35:34:40 | *input2 | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:34:35:34:40 | *input2 | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| libarchiveTests.cpp:56:33:56:34 | *ar | main.cpp:7:33:7:36 | **argv | libarchiveTests.cpp:56:33:56:34 | *ar | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| libarchiveTests.cpp:22:41:22:42 | *ar | main.cpp:7:33:7:36 | **argv | libarchiveTests.cpp:22:41:22:42 | *ar | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | minizipTest.cpp:40:52:40:67 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:40:52:40:67 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | minizipTest.cpp:58:30:58:39 | **zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:58:30:58:39 | **zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | minizipTest.cpp:58:30:58:39 | *zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:58:30:58:39 | *zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp
index 70ff6cef17f7..5988c9d0fc5e 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp
@@ -1,109 +1,42 @@
-#define    ARCHIVE_EXTRACT_TIME            (0x0004)
-#define    ARCHIVE_EXTRACT_PERM            (0x0002)
-#define    ARCHIVE_EXTRACT_ACL                (0x0020)
-#define    ARCHIVE_EXTRACT_FFLAGS            (0x0040)
-#define    ARCHIVE_EOF      1    /* Found end of archive. */
-#define    ARCHIVE_OK      0    /* Operation was successful. */
-#define    ARCHIVE_WARN    (-20)    /* Partial success. */
-
-
-int archive_read_next_header(struct archive *a, struct archive_entry **entry);
-
-struct archive *archive_read_new();
-
-archive *archive_write_disk_new();
-
-void archive_read_support_format_all(archive *pArchive);
-
-void archive_read_support_filter_all(archive *pArchive);
-
-void archive_write_disk_set_options(archive *pArchive, int flags);
-
-void archive_write_disk_set_standard_lookup(archive *pArchive);
-
-int archive_read_open_filename(archive *pArchive, const char *filename, int i);
+#define    ARCHIVE_EOF     1
+#define    ARCHIVE_OK      0
+#define    ARCHIVE_WARN    (-20)
 
+struct archive;
 struct archive_entry;
-
-int archive_write_header(archive *pArchive, archive_entry *entry);
-
-int archive_entry_size(archive_entry *pEntry);
-
 typedef int size_t;
 typedef int la_int64_t;
 
+archive *archive_read_new();
+int archive_read_open_filename(archive *pArchive, const char *filename, int i);
+int archive_read_next_header(archive *a, archive_entry **entry);
+int archive_entry_size(archive_entry *pEntry);
 int archive_read_data_block(archive *pArchive, const void **pVoid, size_t *pInt, la_int64_t *pInt1);
 
-int archive_write_data_block(archive *pArchive, const void *pVoid, size_t size, la_int64_t offset);
-
-int archive_write_finish_entry(archive *pArchive);
-
-void archive_read_close(archive *pArchive);
-
-void archive_read_free(archive *pArchive);
-
-void archive_write_close(archive *pArchive);
-
-void archive_write_free(archive *pArchive);
-
-static int copy_data(struct archive *ar, struct archive *aw) {
-    int r;
-    const void *buff;
-    size_t size;
-    la_int64_t offset;
-
+static int read_data(archive *ar) {
     for (;;) {
-        archive_read_data_block(ar, &buff, &size, &offset); // BAD
+        const void *buff;
+        size_t size;
+        la_int64_t offset;
+
+        int r = archive_read_data_block(ar, &buff, &size, &offset); // BAD
         if (r == ARCHIVE_EOF)
-            return (ARCHIVE_OK);
+            return ARCHIVE_OK;
         if (r < ARCHIVE_OK)
-            return (r);
-        archive_write_data_block(aw, buff, size, offset);
-        if (r < ARCHIVE_OK) {
-            return (r);
-        }
+            return r;
     }
 }
 
-static void extract(const char *filename) {
-    struct archive *a;
-    struct archive *ext;
-    struct archive_entry *entry;
-    int flags;
-    int r;
-    /* Select which attributes we want to restore. */
-    flags = ARCHIVE_EXTRACT_TIME;
-    flags |= ARCHIVE_EXTRACT_PERM;
-    flags |= ARCHIVE_EXTRACT_ACL;
-    flags |= ARCHIVE_EXTRACT_FFLAGS;
+void libarchive_test(int argc, const char **argv) {
+    archive *a = archive_read_new();
+    archive_entry *entry;
 
-    a = archive_read_new();
-    archive_read_support_format_all(a);
-    archive_read_support_filter_all(a);
-    ext = archive_write_disk_new();
-    archive_write_disk_set_options(ext, flags);
-    archive_write_disk_set_standard_lookup(ext);
-    if ((archive_read_open_filename(a, filename, 10240)))
-        return;
+    archive_read_open_filename(a, argv[1], 10240);
     for (;;) {
         archive_read_next_header(a, &entry);
-        archive_write_header(ext, entry);
         if (archive_entry_size(entry) > 0) {
-            copy_data(a, ext);
-            if (r < ARCHIVE_WARN)
+            if (read_data(a) < ARCHIVE_WARN)
                 break;
         }
-        archive_write_finish_entry(ext);
-        if (r < ARCHIVE_WARN)
-            break;
     }
-    archive_read_close(a);
-    archive_read_free(a);
-    archive_write_close(ext);
-    archive_write_free(ext);
-}
-
-
-void libarchive_test(int argc, const char **argv) {
-    extract(argv[1]);
 }

From 0f98e292ed75e37701cfe38fc9215025591ac90b Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Wed, 4 Sep 2024 11:19:22 +0200
Subject: [PATCH 08/17] C++: Cleanup minizip test

---
 .../DecompressionBombs.expected               | 46 ++++++++--------
 .../DecompressionBombs/minizipTest.cpp        | 55 +++----------------
 2 files changed, 31 insertions(+), 70 deletions(-)

diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
index d260d7e0b36c..c58726e19a60 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
@@ -25,17 +25,17 @@ edges
 | main.cpp:9:27:9:30 | libarchive_test output argument | main.cpp:10:24:10:27 | **argv | provenance |  |
 | main.cpp:9:27:9:30 | libarchive_test output argument | main.cpp:11:21:11:24 | **argv | provenance |  |
 | main.cpp:10:24:10:27 | **argv | main.cpp:10:24:10:27 | minizip_test output argument | provenance |  |
-| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:34:42:34:45 | **argv | provenance |  |
+| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:12:42:12:45 | **argv | provenance |  |
 | main.cpp:10:24:10:27 | minizip_test output argument | main.cpp:11:21:11:24 | **argv | provenance |  |
 | main.cpp:11:21:11:24 | **argv | zlibTest.cpp:80:33:80:36 | **argv | provenance |  |
-| minizipTest.cpp:34:42:34:45 | **argv | minizipTest.cpp:34:42:34:45 | **argv | provenance |  |
-| minizipTest.cpp:34:42:34:45 | **argv | minizipTest.cpp:40:52:40:67 | *access to array | provenance |  |
-| minizipTest.cpp:34:42:34:45 | **argv | minizipTest.cpp:52:41:52:47 | *access to array | provenance |  |
-| minizipTest.cpp:34:42:34:45 | **argv | minizipTest.cpp:67:13:67:19 | *access to array | provenance |  |
-| minizipTest.cpp:52:29:52:38 | **zip_reader | minizipTest.cpp:58:30:58:39 | **zip_reader | provenance |  |
-| minizipTest.cpp:52:29:52:38 | *zip_reader | minizipTest.cpp:58:30:58:39 | *zip_reader | provenance |  |
-| minizipTest.cpp:52:41:52:47 | *access to array | minizipTest.cpp:52:29:52:38 | **zip_reader | provenance | Config |
-| minizipTest.cpp:52:41:52:47 | *access to array | minizipTest.cpp:52:29:52:38 | *zip_reader | provenance | Config |
+| minizipTest.cpp:12:42:12:45 | **argv | minizipTest.cpp:12:42:12:45 | **argv | provenance |  |
+| minizipTest.cpp:12:42:12:45 | **argv | minizipTest.cpp:17:52:17:67 | *access to array | provenance |  |
+| minizipTest.cpp:12:42:12:45 | **argv | minizipTest.cpp:24:41:24:47 | *access to array | provenance |  |
+| minizipTest.cpp:12:42:12:45 | **argv | minizipTest.cpp:28:13:28:19 | *access to array | provenance |  |
+| minizipTest.cpp:24:29:24:38 | **zip_reader | minizipTest.cpp:26:30:26:39 | **zip_reader | provenance |  |
+| minizipTest.cpp:24:29:24:38 | *zip_reader | minizipTest.cpp:26:30:26:39 | *zip_reader | provenance |  |
+| minizipTest.cpp:24:41:24:47 | *access to array | minizipTest.cpp:24:29:24:38 | **zip_reader | provenance | Config |
+| minizipTest.cpp:24:41:24:47 | *access to array | minizipTest.cpp:24:29:24:38 | *zip_reader | provenance | Config |
 | zlibTest.cpp:16:26:16:30 | *input | zlibTest.cpp:20:25:20:39 | *input | provenance |  |
 | zlibTest.cpp:20:25:20:39 | *input | zlibTest.cpp:16:26:16:30 | *input | provenance |  |
 | zlibTest.cpp:20:25:20:39 | *input | zlibTest.cpp:24:17:24:26 | & ... | provenance | Config |
@@ -103,15 +103,15 @@ nodes
 | main.cpp:10:24:10:27 | **argv | semmle.label | **argv |
 | main.cpp:10:24:10:27 | minizip_test output argument | semmle.label | minizip_test output argument |
 | main.cpp:11:21:11:24 | **argv | semmle.label | **argv |
-| minizipTest.cpp:34:42:34:45 | **argv | semmle.label | **argv |
-| minizipTest.cpp:34:42:34:45 | **argv | semmle.label | **argv |
-| minizipTest.cpp:40:52:40:67 | *access to array | semmle.label | *access to array |
-| minizipTest.cpp:52:29:52:38 | **zip_reader | semmle.label | **zip_reader |
-| minizipTest.cpp:52:29:52:38 | *zip_reader | semmle.label | *zip_reader |
-| minizipTest.cpp:52:41:52:47 | *access to array | semmle.label | *access to array |
-| minizipTest.cpp:58:30:58:39 | **zip_reader | semmle.label | **zip_reader |
-| minizipTest.cpp:58:30:58:39 | *zip_reader | semmle.label | *zip_reader |
-| minizipTest.cpp:67:13:67:19 | *access to array | semmle.label | *access to array |
+| minizipTest.cpp:12:42:12:45 | **argv | semmle.label | **argv |
+| minizipTest.cpp:12:42:12:45 | **argv | semmle.label | **argv |
+| minizipTest.cpp:17:52:17:67 | *access to array | semmle.label | *access to array |
+| minizipTest.cpp:24:29:24:38 | **zip_reader | semmle.label | **zip_reader |
+| minizipTest.cpp:24:29:24:38 | *zip_reader | semmle.label | *zip_reader |
+| minizipTest.cpp:24:41:24:47 | *access to array | semmle.label | *access to array |
+| minizipTest.cpp:26:30:26:39 | **zip_reader | semmle.label | **zip_reader |
+| minizipTest.cpp:26:30:26:39 | *zip_reader | semmle.label | *zip_reader |
+| minizipTest.cpp:28:13:28:19 | *access to array | semmle.label | *access to array |
 | zlibTest.cpp:16:26:16:30 | *input | semmle.label | *input |
 | zlibTest.cpp:16:26:16:30 | *input | semmle.label | *input |
 | zlibTest.cpp:20:25:20:39 | *input | semmle.label | *input |
@@ -151,7 +151,7 @@ subpaths
 | libarchiveTests.cpp:38:27:38:27 | *a | libarchiveTests.cpp:16:31:16:32 | *ar | libarchiveTests.cpp:16:31:16:32 | *ar | libarchiveTests.cpp:38:27:38:27 | read_data output argument |
 | main.cpp:8:23:8:26 | **argv | brotliTest.cpp:26:41:26:44 | **argv | brotliTest.cpp:26:41:26:44 | **argv | main.cpp:8:23:8:26 | brotli_test output argument |
 | main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:30:45:30:48 | **argv | libarchiveTests.cpp:30:45:30:48 | **argv | main.cpp:9:27:9:30 | libarchive_test output argument |
-| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:34:42:34:45 | **argv | minizipTest.cpp:34:42:34:45 | **argv | main.cpp:10:24:10:27 | minizip_test output argument |
+| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:12:42:12:45 | **argv | minizipTest.cpp:12:42:12:45 | **argv | main.cpp:10:24:10:27 | minizip_test output argument |
 | zlibTest.cpp:81:19:81:25 | *access to array | zlibTest.cpp:47:26:47:33 | *fileName | zlibTest.cpp:47:26:47:33 | *fileName | zlibTest.cpp:81:19:81:25 | UnsafeGzfread output argument |
 | zlibTest.cpp:82:18:82:24 | *access to array | zlibTest.cpp:57:25:57:32 | *fileName | zlibTest.cpp:57:25:57:32 | *fileName | zlibTest.cpp:82:18:82:24 | UnsafeGzgets output argument |
 | zlibTest.cpp:83:19:83:25 | *access to array | zlibTest.cpp:16:26:16:30 | *input | zlibTest.cpp:16:26:16:30 | *input | zlibTest.cpp:83:19:83:25 | UnsafeInflate output argument |
@@ -160,10 +160,10 @@ subpaths
 | brotliTest.cpp:28:42:28:60 | *access to array | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:28:42:28:60 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | brotliTest.cpp:34:35:34:40 | *input2 | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:34:35:34:40 | *input2 | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | libarchiveTests.cpp:22:41:22:42 | *ar | main.cpp:7:33:7:36 | **argv | libarchiveTests.cpp:22:41:22:42 | *ar | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| minizipTest.cpp:40:52:40:67 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:40:52:40:67 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| minizipTest.cpp:58:30:58:39 | **zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:58:30:58:39 | **zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| minizipTest.cpp:58:30:58:39 | *zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:58:30:58:39 | *zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| minizipTest.cpp:67:13:67:19 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:67:13:67:19 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| minizipTest.cpp:17:52:17:67 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:17:52:17:67 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| minizipTest.cpp:26:30:26:39 | **zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:26:30:26:39 | **zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| minizipTest.cpp:26:30:26:39 | *zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:26:30:26:39 | *zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| minizipTest.cpp:28:13:28:19 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:28:13:28:19 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | zlibTest.cpp:25:13:25:22 | & ... | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:25:13:25:22 | & ... | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | zlibTest.cpp:41:20:41:26 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:41:20:41:26 | inFileZ | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | zlibTest.cpp:51:38:51:44 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:51:38:51:44 | inFileZ | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp
index f89e8698108d..636f579feea7 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp
@@ -1,68 +1,29 @@
 typedef signed int int32_t;
 
-void *mz_stream_os_create();
-
-int32_t mz_zip_reader_open_file(void *handle, const char *path);
-
-int32_t mz_zip_reader_open_file_in_memory(void *handle, const char *path);
-
 void *mz_zip_reader_create();
-
+int32_t mz_zip_reader_open_file(void *handle, const char *path);
 int32_t mz_zip_reader_goto_first_entry(void *pVoid);
-
-int32_t mz_stream_os_open(void *pVoid, const char *path, int write);
-
-void mz_stream_os_close(void *pVoid);
-
-void mz_stream_os_delete(void **pVoid);
-
-void mz_zip_reader_close(void *pVoid);
-
-void mz_zip_reader_delete(void **pVoid);
-
 int32_t mz_zip_reader_entry_save(void *pVoid, int stream, int write);
-
-
+int32_t mz_zip_entry_read(void *pVoid, void *buf, int32_t i);
 void UnzOpen(const char *string);
 
-int32_t mz_zip_entry_read(void *pVoid, void *buf, int32_t i);
-
-void *mz_zip_create() {
-    return nullptr;
-}
+void *mz_zip_create();
 
 void minizip_test(int argc, const char **argv) {
     void *zip_handle = mz_zip_create();
     int32_t bytes_read;
-    int32_t err;
     char buf[4096];
-    do {
+    while(true) {
         bytes_read = mz_zip_entry_read(zip_handle, (char *) argv[1], sizeof(buf)); // BAD
-        if (bytes_read < 0) {
-            err = bytes_read;
+        if (bytes_read <= 0) {
+            break;
         }
-        // Do something with buf bytes
-    } while (err == 1 && bytes_read > 0);
-
-
-    const char *entry_path = "c:\\entry.dat";
+    }
 
     void *zip_reader = mz_zip_reader_create();
-
     mz_zip_reader_open_file(zip_reader, argv[1]);
     mz_zip_reader_goto_first_entry(zip_reader);
-    void *entry_stream = mz_stream_os_create();
-    mz_stream_os_open(entry_stream, entry_path, 1);
-    int file_stream;
-    int mz_stream_os_write;
-    mz_zip_reader_entry_save(zip_reader, file_stream, mz_stream_os_write); // BAD
-    // the above sink is same as "mz_zip_reader_entry_save", "mz_zip_reader_entry_read", "mz_zip_reader_entry_save_process",
-    // "mz_zip_reader_entry_save_file", "mz_zip_reader_entry_save_buffer", "mz_zip_reader_save_all" and "mz_zip_entry_read" functions
-    mz_stream_os_close(entry_stream);
-    mz_stream_os_delete(&entry_stream);
-    mz_zip_reader_close(zip_reader);
-    mz_zip_reader_delete(&zip_reader);
-
+    mz_zip_reader_entry_save(zip_reader, 0, 0); // BAD
 
     UnzOpen(argv[3]); // BAD
 }

From c048401ca746a3b6d51148656edda32a9e9df85c Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Wed, 4 Sep 2024 11:40:32 +0200
Subject: [PATCH 09/17] C++: Clean up Brotli test

---
 .../DecompressionBombs.expected               | 24 ++++++-----
 .../CWE-409/DecompressionBombs/brotliTest.cpp | 43 +++++++------------
 2 files changed, 29 insertions(+), 38 deletions(-)

diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
index c58726e19a60..40f9d704981f 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
@@ -1,7 +1,8 @@
 edges
-| brotliTest.cpp:26:41:26:44 | **argv | brotliTest.cpp:26:41:26:44 | **argv | provenance |  |
-| brotliTest.cpp:26:41:26:44 | **argv | brotliTest.cpp:28:42:28:60 | *access to array | provenance |  |
-| brotliTest.cpp:26:41:26:44 | **argv | brotliTest.cpp:34:35:34:40 | *input2 | provenance | TaintFunction |
+| brotliTest.cpp:15:41:15:44 | **argv | brotliTest.cpp:15:41:15:44 | **argv | provenance |  |
+| brotliTest.cpp:15:41:15:44 | **argv | brotliTest.cpp:18:35:18:53 | *access to array | provenance |  |
+| brotliTest.cpp:15:41:15:44 | **argv | brotliTest.cpp:21:30:21:52 | *access to array | provenance |  |
+| brotliTest.cpp:21:30:21:52 | *access to array | brotliTest.cpp:24:51:24:58 | **& ... | provenance |  |
 | libarchiveTests.cpp:16:31:16:32 | *ar | libarchiveTests.cpp:16:31:16:32 | *ar | provenance |  |
 | libarchiveTests.cpp:16:31:16:32 | *ar | libarchiveTests.cpp:22:41:22:42 | *ar | provenance |  |
 | libarchiveTests.cpp:30:45:30:48 | **argv | libarchiveTests.cpp:30:45:30:48 | **argv | provenance |  |
@@ -15,7 +16,7 @@ edges
 | main.cpp:7:33:7:36 | **argv | main.cpp:9:27:9:30 | **argv | provenance |  |
 | main.cpp:7:33:7:36 | **argv | main.cpp:10:24:10:27 | **argv | provenance |  |
 | main.cpp:7:33:7:36 | **argv | main.cpp:11:21:11:24 | **argv | provenance |  |
-| main.cpp:8:23:8:26 | **argv | brotliTest.cpp:26:41:26:44 | **argv | provenance |  |
+| main.cpp:8:23:8:26 | **argv | brotliTest.cpp:15:41:15:44 | **argv | provenance |  |
 | main.cpp:8:23:8:26 | **argv | main.cpp:8:23:8:26 | brotli_test output argument | provenance |  |
 | main.cpp:8:23:8:26 | brotli_test output argument | main.cpp:9:27:9:30 | **argv | provenance |  |
 | main.cpp:8:23:8:26 | brotli_test output argument | main.cpp:10:24:10:27 | **argv | provenance |  |
@@ -82,10 +83,11 @@ edges
 | zlibTest.cpp:84:18:84:24 | UnsafeGzread output argument | zlibTest.cpp:85:19:85:25 | *access to array | provenance |  |
 | zlibTest.cpp:85:19:85:25 | *access to array | zlibTest.cpp:71:26:71:30 | *input | provenance |  |
 nodes
-| brotliTest.cpp:26:41:26:44 | **argv | semmle.label | **argv |
-| brotliTest.cpp:26:41:26:44 | **argv | semmle.label | **argv |
-| brotliTest.cpp:28:42:28:60 | *access to array | semmle.label | *access to array |
-| brotliTest.cpp:34:35:34:40 | *input2 | semmle.label | *input2 |
+| brotliTest.cpp:15:41:15:44 | **argv | semmle.label | **argv |
+| brotliTest.cpp:15:41:15:44 | **argv | semmle.label | **argv |
+| brotliTest.cpp:18:35:18:53 | *access to array | semmle.label | *access to array |
+| brotliTest.cpp:21:30:21:52 | *access to array | semmle.label | *access to array |
+| brotliTest.cpp:24:51:24:58 | **& ... | semmle.label | **& ... |
 | libarchiveTests.cpp:16:31:16:32 | *ar | semmle.label | *ar |
 | libarchiveTests.cpp:16:31:16:32 | *ar | semmle.label | *ar |
 | libarchiveTests.cpp:22:41:22:42 | *ar | semmle.label | *ar |
@@ -149,7 +151,7 @@ nodes
 | zlibTest.cpp:85:19:85:25 | *access to array | semmle.label | *access to array |
 subpaths
 | libarchiveTests.cpp:38:27:38:27 | *a | libarchiveTests.cpp:16:31:16:32 | *ar | libarchiveTests.cpp:16:31:16:32 | *ar | libarchiveTests.cpp:38:27:38:27 | read_data output argument |
-| main.cpp:8:23:8:26 | **argv | brotliTest.cpp:26:41:26:44 | **argv | brotliTest.cpp:26:41:26:44 | **argv | main.cpp:8:23:8:26 | brotli_test output argument |
+| main.cpp:8:23:8:26 | **argv | brotliTest.cpp:15:41:15:44 | **argv | brotliTest.cpp:15:41:15:44 | **argv | main.cpp:8:23:8:26 | brotli_test output argument |
 | main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:30:45:30:48 | **argv | libarchiveTests.cpp:30:45:30:48 | **argv | main.cpp:9:27:9:30 | libarchive_test output argument |
 | main.cpp:10:24:10:27 | **argv | minizipTest.cpp:12:42:12:45 | **argv | minizipTest.cpp:12:42:12:45 | **argv | main.cpp:10:24:10:27 | minizip_test output argument |
 | zlibTest.cpp:81:19:81:25 | *access to array | zlibTest.cpp:47:26:47:33 | *fileName | zlibTest.cpp:47:26:47:33 | *fileName | zlibTest.cpp:81:19:81:25 | UnsafeGzfread output argument |
@@ -157,8 +159,8 @@ subpaths
 | zlibTest.cpp:83:19:83:25 | *access to array | zlibTest.cpp:16:26:16:30 | *input | zlibTest.cpp:16:26:16:30 | *input | zlibTest.cpp:83:19:83:25 | UnsafeInflate output argument |
 | zlibTest.cpp:84:18:84:24 | *access to array | zlibTest.cpp:37:25:37:32 | *fileName | zlibTest.cpp:37:25:37:32 | *fileName | zlibTest.cpp:84:18:84:24 | UnsafeGzread output argument |
 #select
-| brotliTest.cpp:28:42:28:60 | *access to array | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:28:42:28:60 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| brotliTest.cpp:34:35:34:40 | *input2 | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:34:35:34:40 | *input2 | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| brotliTest.cpp:18:35:18:53 | *access to array | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:18:35:18:53 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| brotliTest.cpp:24:51:24:58 | **& ... | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:24:51:24:58 | **& ... | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | libarchiveTests.cpp:22:41:22:42 | *ar | main.cpp:7:33:7:36 | **argv | libarchiveTests.cpp:22:41:22:42 | *ar | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | minizipTest.cpp:17:52:17:67 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:17:52:17:67 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | minizipTest.cpp:26:30:26:39 | **zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:26:30:26:39 | **zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp
index ec802ae326ec..902749434736 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/brotliTest.cpp
@@ -1,37 +1,26 @@
 typedef long unsigned int size_t;
 typedef unsigned char uint8_t;
-typedef enum {
-} BrotliDecoderResult;
 
-BrotliDecoderResult BrotliDecoderDecompress(
-        size_t encoded_size,
-        const uint8_t encoded_buffer[],
-        size_t *decoded_size,
-        uint8_t decoded_buffer[]) { return static_cast<BrotliDecoderResult>(0); };
-
-void strncpy(char *string, const char *string1, int i);
+enum BrotliDecoderResult {};
+struct BrotliDecoderState;
 
-typedef struct BrotliDecoderStateStruct BrotliDecoderState;
+BrotliDecoderResult BrotliDecoderDecompress(
+        size_t encoded_size, const uint8_t encoded_buffer[],
+        size_t *decoded_size, uint8_t decoded_buffer[]);
 
 BrotliDecoderResult BrotliDecoderDecompressStream(
         BrotliDecoderState *state, size_t *available_in, const uint8_t **next_in,
-        size_t *available_out, uint8_t **next_out, size_t *total_out) { return static_cast<BrotliDecoderResult>(0); };
-
-namespace std {
-    void strncpy(char *string, const char *string1, int i) {
-
-    }
-}
+        size_t *available_out, uint8_t **next_out, size_t *total_out);
 
 void brotli_test(int argc, const char **argv) {
-    uint8_t *output = nullptr;
-    BrotliDecoderDecompress(1024 * 1024, (uint8_t *) argv[2], // BAD
-                            reinterpret_cast<size_t *>(1024 * 1024 * 1024), output);
-    uint8_t **output2 = nullptr;
-    const uint8_t **input2 = nullptr;
-    std::strncpy(reinterpret_cast<char *>(input2), argv[2], 32);
-    BrotliDecoderDecompressStream(0, reinterpret_cast<size_t *>(1024 * 1024),
-                                  input2, reinterpret_cast<size_t *>(1024 * 1024 * 1024), // BAD
-                                  output2,
-                                  reinterpret_cast<size_t *>(1024 * 1024 * 1024));
+    uint8_t output[1024];
+    size_t output_size = sizeof(output);
+    BrotliDecoderDecompress(1024, (uint8_t *) argv[2], &output_size, output); // BAD
+
+    size_t input_size = 1024;
+    const uint8_t *input_p = (const uint8_t*)argv[2];
+    uint8_t *output_p = output;
+    size_t out_size;
+    BrotliDecoderDecompressStream(0, &input_size, &input_p, &output_size, // BAD
+                                  &output_p, &out_size);
 }

From 084dbc4e122f299c37c8aeb8595d50c88edd380c Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Wed, 4 Sep 2024 11:48:42 +0200
Subject: [PATCH 10/17] C++: Rename qhelp file to match ql file

---
 .../CWE-409/{DecompressionBomb.qhelp => DecompressionBombs.qhelp} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename cpp/ql/src/experimental/Security/CWE/CWE-409/{DecompressionBomb.qhelp => DecompressionBombs.qhelp} (100%)

diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBomb.qhelp b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.qhelp
similarity index 100%
rename from cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBomb.qhelp
rename to cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.qhelp

From 65fafbf4df9c67ad61d0b906a668766e1fca0f8e Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Wed, 4 Sep 2024 11:57:10 +0200
Subject: [PATCH 11/17] C++: Fix QL-for-QL warnings

---
 cpp/ql/src/experimental/Security/CWE/CWE-409/Brotli.qll  | 5 ++---
 .../src/experimental/Security/CWE/CWE-409/LibArchive.qll | 1 -
 cpp/ql/src/experimental/Security/CWE/CWE-409/MiniZip.qll | 1 -
 cpp/ql/src/experimental/Security/CWE/CWE-409/ZSTD.qll    | 9 ++++-----
 .../src/experimental/Security/CWE/CWE-409/ZlibGzopen.qll | 1 -
 .../experimental/Security/CWE/CWE-409/ZlibInflator.qll   | 1 -
 .../experimental/Security/CWE/CWE-409/ZlibUncompress.qll | 1 -
 7 files changed, 6 insertions(+), 13 deletions(-)

diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/Brotli.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/Brotli.qll
index f6d06ef13354..9dcea044a5a9 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/Brotli.qll
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/Brotli.qll
@@ -3,14 +3,13 @@
  */
 
 import cpp
-import semmle.code.cpp.ir.dataflow.TaintTracking
 import DecompressionBomb
 
 /**
  * The `BrotliDecoderDecompress` function is used in flow sink. * Ref: https://www.brotli.org/decode.html#af68
  */
 class BrotliDecoderDecompressFunction extends DecompressionFunction {
-  BrotliDecoderDecompressFunction() { this.hasGlobalName(["BrotliDecoderDecompress"]) }
+  BrotliDecoderDecompressFunction() { this.hasGlobalName("BrotliDecoderDecompress") }
 
   override int getArchiveParameterIndex() { result = 1 }
 }
@@ -19,7 +18,7 @@ class BrotliDecoderDecompressFunction extends DecompressionFunction {
  * The `BrotliDecoderDecompressStream` function is used in flow sink. * Ref: https://www.brotli.org/decode.html#a234
  */
 class BrotliDecoderDecompressStreamFunction extends DecompressionFunction {
-  BrotliDecoderDecompressStreamFunction() { this.hasGlobalName(["BrotliDecoderDecompressStream"]) }
+  BrotliDecoderDecompressStreamFunction() { this.hasGlobalName("BrotliDecoderDecompressStream") }
 
   override int getArchiveParameterIndex() { result = 2 }
 }
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll
index f5e39ca26755..00ff667b3876 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll
@@ -3,7 +3,6 @@
  */
 
 import cpp
-import semmle.code.cpp.ir.dataflow.TaintTracking
 import DecompressionBomb
 
 /**
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/MiniZip.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/MiniZip.qll
index a0365778c210..ac90ffced539 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/MiniZip.qll
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/MiniZip.qll
@@ -3,7 +3,6 @@
  */
 
 import cpp
-import semmle.code.cpp.ir.dataflow.TaintTracking
 import DecompressionBomb
 
 /**
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/ZSTD.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZSTD.qll
index 2683f03f7c2c..dbdb729dd8cf 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/ZSTD.qll
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZSTD.qll
@@ -3,14 +3,13 @@
  */
 
 import cpp
-import semmle.code.cpp.ir.dataflow.TaintTracking
 import DecompressionBomb
 
 /**
  * The `ZSTD_decompress`  function is used in flow sink.
  */
 class ZstdDecompressFunction extends DecompressionFunction {
-  ZstdDecompressFunction() { this.hasGlobalName(["ZSTD_decompress"]) }
+  ZstdDecompressFunction() { this.hasGlobalName("ZSTD_decompress") }
 
   override int getArchiveParameterIndex() { result = 2 }
 }
@@ -19,7 +18,7 @@ class ZstdDecompressFunction extends DecompressionFunction {
  * The `ZSTD_decompressDCtx` function is used in flow sink.
  */
 class ZstdDecompressDctxFunction extends DecompressionFunction {
-  ZstdDecompressDctxFunction() { this.hasGlobalName(["ZSTD_decompressDCtx"]) }
+  ZstdDecompressDctxFunction() { this.hasGlobalName("ZSTD_decompressDCtx") }
 
   override int getArchiveParameterIndex() { result = 3 }
 }
@@ -28,7 +27,7 @@ class ZstdDecompressDctxFunction extends DecompressionFunction {
  * The `ZSTD_decompressStream` function is used in flow sink.
  */
 class ZstdDecompressStreamFunction extends DecompressionFunction {
-  ZstdDecompressStreamFunction() { this.hasGlobalName(["ZSTD_decompressStream"]) }
+  ZstdDecompressStreamFunction() { this.hasGlobalName("ZSTD_decompressStream") }
 
   override int getArchiveParameterIndex() { result = 2 }
 }
@@ -37,7 +36,7 @@ class ZstdDecompressStreamFunction extends DecompressionFunction {
  * The `ZSTD_decompress_usingDDict` function is used in flow sink.
  */
 class ZstdDecompressUsingDdictFunction extends DecompressionFunction {
-  ZstdDecompressUsingDdictFunction() { this.hasGlobalName(["ZSTD_decompress_usingDDict"]) }
+  ZstdDecompressUsingDdictFunction() { this.hasGlobalName("ZSTD_decompress_usingDDict") }
 
   override int getArchiveParameterIndex() { result = 3 }
 }
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibGzopen.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibGzopen.qll
index 851500b2cee4..e8ea7e7fc8c8 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibGzopen.qll
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibGzopen.qll
@@ -3,7 +3,6 @@
  */
 
 import cpp
-import semmle.code.cpp.ir.dataflow.TaintTracking
 import DecompressionBomb
 
 /**
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibInflator.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibInflator.qll
index 6a5d4b8f1eca..c82d29fa7f00 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibInflator.qll
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibInflator.qll
@@ -3,7 +3,6 @@
  */
 
 import cpp
-import semmle.code.cpp.ir.dataflow.TaintTracking
 import DecompressionBomb
 
 /**
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibUncompress.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibUncompress.qll
index 656bd98655d5..1617b8e30681 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibUncompress.qll
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibUncompress.qll
@@ -3,7 +3,6 @@
  */
 
 import cpp
-import semmle.code.cpp.ir.dataflow.TaintTracking
 import DecompressionBomb
 
 /**

From 8d22d147b8131536a4f93f6521310a52018ce825 Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Wed, 4 Sep 2024 13:16:56 +0200
Subject: [PATCH 12/17] C++: Clean up QLDoc

---
 cpp/ql/src/experimental/Security/CWE/CWE-409/Brotli.qll     | 6 ++++--
 .../experimental/Security/CWE/CWE-409/DecompressionBombs.ql | 4 +---
 cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll | 2 +-
 cpp/ql/src/experimental/Security/CWE/CWE-409/MiniZip.qll    | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/Brotli.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/Brotli.qll
index 9dcea044a5a9..5b2c2d6cfc93 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/Brotli.qll
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/Brotli.qll
@@ -6,7 +6,8 @@ import cpp
 import DecompressionBomb
 
 /**
- * The `BrotliDecoderDecompress` function is used in flow sink. * Ref: https://www.brotli.org/decode.html#af68
+ * The `BrotliDecoderDecompress` function is used in flow sink.
+ * See https://www.brotli.org/decode.html.
  */
 class BrotliDecoderDecompressFunction extends DecompressionFunction {
   BrotliDecoderDecompressFunction() { this.hasGlobalName("BrotliDecoderDecompress") }
@@ -15,7 +16,8 @@ class BrotliDecoderDecompressFunction extends DecompressionFunction {
 }
 
 /**
- * The `BrotliDecoderDecompressStream` function is used in flow sink. * Ref: https://www.brotli.org/decode.html#a234
+ * The `BrotliDecoderDecompressStream` function is used in flow sink.
+ * See https://www.brotli.org/decode.html.
  */
 class BrotliDecoderDecompressStreamFunction extends DecompressionFunction {
   BrotliDecoderDecompressStreamFunction() { this.hasGlobalName("BrotliDecoderDecompressStream") }
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql
index cdc868360250..b54652f10446 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql
@@ -3,16 +3,14 @@
  * @description User-controlled data that flows into decompression library APIs without checking the compression rate is dangerous
  * @kind path-problem
  * @problem.severity error
- * @security-severity 7.8
  * @precision high
- * @id cpp/data-decompression
+ * @id cpp/data-decompression-bomb
  * @tags security
  *       experimental
  *       external/cwe/cwe-409
  */
 
 import cpp
-import semmle.code.cpp.ir.dataflow.TaintTracking
 import semmle.code.cpp.security.FlowSources
 import DecompressionBomb
 
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll
index 00ff667b3876..7ea1a9fdb665 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll
@@ -7,7 +7,7 @@ import DecompressionBomb
 
 /**
  * The `archive_read_data*` functions are used in flow sink.
- * [Examples](https://github.com/libarchive/libarchive/wiki/Examples)
+ * See https://github.com/libarchive/libarchive/wiki/Examples.
  */
 class Archive_read_data_block extends DecompressionFunction {
   Archive_read_data_block() {
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/MiniZip.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/MiniZip.qll
index ac90ffced539..27c6b230aa88 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/MiniZip.qll
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/MiniZip.qll
@@ -7,7 +7,7 @@ import DecompressionBomb
 
 /**
  * The `mz_zip_entry` function is used in flow sink.
- * [docuemnt](https://github.com/zlib-ng/minizip-ng/blob/master/doc/mz_zip.md)
+ * See https://github.com/zlib-ng/minizip-ng/blob/master/doc/mz_zip.md.
  */
 class Mz_zip_entry extends DecompressionFunction {
   Mz_zip_entry() { this.hasGlobalName("mz_zip_entry_read") }
@@ -17,7 +17,7 @@ class Mz_zip_entry extends DecompressionFunction {
 
 /**
  * The `mz_zip_reader_entry_*` and `mz_zip_reader_save_all` functions are used in flow sink.
- * [docuemnt](https://github.com/zlib-ng/minizip-ng/blob/master/doc/mz_zip_rw.md)
+ * See https://github.com/zlib-ng/minizip-ng/blob/master/doc/mz_zip_rw.md.
  */
 class Mz_zip_reader_entry extends DecompressionFunction {
   Mz_zip_reader_entry() {

From 8fe0d0a045dc1660d529a445f70231afee5ea4ab Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Wed, 4 Sep 2024 13:18:41 +0200
Subject: [PATCH 13/17] C++: Improve query output

---
 .../CWE/CWE-409/DecompressionBombs.ql         | 20 +++++++++-------
 .../DecompressionBombs.expected               | 24 +++++++++----------
 2 files changed, 23 insertions(+), 21 deletions(-)

diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql
index b54652f10446..c90aec08307e 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql
@@ -14,14 +14,16 @@ import cpp
 import semmle.code.cpp.security.FlowSources
 import DecompressionBomb
 
+predicate isSink(FunctionCall fc, DataFlow::Node sink) {
+  exists(DecompressionFunction f | fc.getTarget() = f |
+    fc.getArgument(f.getArchiveParameterIndex()) = [sink.asExpr(), sink.asIndirectExpr()]
+  )
+}
+
 module DecompressionTaintConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof FlowSource }
 
-  predicate isSink(DataFlow::Node sink) {
-    exists(FunctionCall fc, DecompressionFunction f | fc.getTarget() = f |
-      fc.getArgument(f.getArchiveParameterIndex()) = [sink.asExpr(), sink.asIndirectExpr()]
-    )
-  }
+  predicate isSink(DataFlow::Node sink) { isSink(_, sink) }
 
   predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
     any(DecompressionFlowStep f).isAdditionalFlowStep(node1, node2) or
@@ -33,7 +35,7 @@ module DecompressionTaint = TaintTracking::Global<DecompressionTaintConfig>;
 
 import DecompressionTaint::PathGraph
 
-from DecompressionTaint::PathNode source, DecompressionTaint::PathNode sink
-where DecompressionTaint::flowPath(source, sink)
-select sink.getNode(), source, sink, "This Decompression output $@.", source.getNode(),
-  "is not limited"
+from DecompressionTaint::PathNode source, DecompressionTaint::PathNode sink, FunctionCall fc
+where DecompressionTaint::flowPath(source, sink) and isSink(fc, sink.getNode())
+select sink.getNode(), source, sink, "The decompression output of $@ is not limited", fc,
+  fc.getTarget().getName()
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
index 40f9d704981f..d7be5cf40688 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
@@ -159,15 +159,15 @@ subpaths
 | zlibTest.cpp:83:19:83:25 | *access to array | zlibTest.cpp:16:26:16:30 | *input | zlibTest.cpp:16:26:16:30 | *input | zlibTest.cpp:83:19:83:25 | UnsafeInflate output argument |
 | zlibTest.cpp:84:18:84:24 | *access to array | zlibTest.cpp:37:25:37:32 | *fileName | zlibTest.cpp:37:25:37:32 | *fileName | zlibTest.cpp:84:18:84:24 | UnsafeGzread output argument |
 #select
-| brotliTest.cpp:18:35:18:53 | *access to array | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:18:35:18:53 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| brotliTest.cpp:24:51:24:58 | **& ... | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:24:51:24:58 | **& ... | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| libarchiveTests.cpp:22:41:22:42 | *ar | main.cpp:7:33:7:36 | **argv | libarchiveTests.cpp:22:41:22:42 | *ar | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| minizipTest.cpp:17:52:17:67 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:17:52:17:67 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| minizipTest.cpp:26:30:26:39 | **zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:26:30:26:39 | **zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| minizipTest.cpp:26:30:26:39 | *zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:26:30:26:39 | *zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| minizipTest.cpp:28:13:28:19 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:28:13:28:19 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| zlibTest.cpp:25:13:25:22 | & ... | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:25:13:25:22 | & ... | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| zlibTest.cpp:41:20:41:26 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:41:20:41:26 | inFileZ | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| zlibTest.cpp:51:38:51:44 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:51:38:51:44 | inFileZ | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| zlibTest.cpp:62:25:62:31 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:62:25:62:31 | inFileZ | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| zlibTest.cpp:77:45:77:59 | *input | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:77:45:77:59 | *input | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| brotliTest.cpp:18:35:18:53 | *access to array | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:18:35:18:53 | *access to array | The decompression output of $@ is not limited | brotliTest.cpp:18:5:18:27 | call to BrotliDecoderDecompress | BrotliDecoderDecompress |
+| brotliTest.cpp:24:51:24:58 | **& ... | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:24:51:24:58 | **& ... | The decompression output of $@ is not limited | brotliTest.cpp:24:5:24:33 | call to BrotliDecoderDecompressStream | BrotliDecoderDecompressStream |
+| libarchiveTests.cpp:22:41:22:42 | *ar | main.cpp:7:33:7:36 | **argv | libarchiveTests.cpp:22:41:22:42 | *ar | The decompression output of $@ is not limited | libarchiveTests.cpp:22:17:22:39 | call to archive_read_data_block | archive_read_data_block |
+| minizipTest.cpp:17:52:17:67 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:17:52:17:67 | *access to array | The decompression output of $@ is not limited | minizipTest.cpp:17:22:17:38 | call to mz_zip_entry_read | mz_zip_entry_read |
+| minizipTest.cpp:26:30:26:39 | **zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:26:30:26:39 | **zip_reader | The decompression output of $@ is not limited | minizipTest.cpp:26:5:26:28 | call to mz_zip_reader_entry_save | mz_zip_reader_entry_save |
+| minizipTest.cpp:26:30:26:39 | *zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:26:30:26:39 | *zip_reader | The decompression output of $@ is not limited | minizipTest.cpp:26:5:26:28 | call to mz_zip_reader_entry_save | mz_zip_reader_entry_save |
+| minizipTest.cpp:28:13:28:19 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:28:13:28:19 | *access to array | The decompression output of $@ is not limited | minizipTest.cpp:28:5:28:11 | call to UnzOpen | UnzOpen |
+| zlibTest.cpp:25:13:25:22 | & ... | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:25:13:25:22 | & ... | The decompression output of $@ is not limited | zlibTest.cpp:25:5:25:11 | call to inflate | inflate |
+| zlibTest.cpp:41:20:41:26 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:41:20:41:26 | inFileZ | The decompression output of $@ is not limited | zlibTest.cpp:41:13:41:18 | call to gzread | gzread |
+| zlibTest.cpp:51:38:51:44 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:51:38:51:44 | inFileZ | The decompression output of $@ is not limited | zlibTest.cpp:51:14:51:20 | call to gzfread | gzfread |
+| zlibTest.cpp:62:25:62:31 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:62:25:62:31 | inFileZ | The decompression output of $@ is not limited | zlibTest.cpp:62:18:62:23 | call to gzgets | gzgets |
+| zlibTest.cpp:77:45:77:59 | *input | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:77:45:77:59 | *input | The decompression output of $@ is not limited | zlibTest.cpp:77:5:77:14 | call to uncompress | uncompress |

From 2369b18ca65a4c8f3f808855368421d71c1bb02b Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Wed, 4 Sep 2024 13:43:03 +0200
Subject: [PATCH 14/17] C++: Make additional flow steps more uniform

---
 .../CWE/CWE-409/DecompressionBomb.qll         |  5 +++-
 .../CWE/CWE-409/DecompressionBombs.ql         |  3 +--
 .../Security/CWE/CWE-409/LibArchive.qll       |  6 ++---
 .../Security/CWE/CWE-409/MiniZip.qll          | 10 +++----
 .../Security/CWE/CWE-409/ZSTD.qll             | 12 ++++-----
 .../Security/CWE/CWE-409/ZlibGzopen.qll       | 12 ++++-----
 .../Security/CWE/CWE-409/ZlibInflator.qll     | 27 +++++++++++--------
 7 files changed, 41 insertions(+), 34 deletions(-)

diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBomb.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBomb.qll
index e330e244c381..73698d793140 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBomb.qll
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBomb.qll
@@ -18,6 +18,9 @@ abstract class DecompressionFunction extends Function {
 /**
  * The Decompression Flow Steps, extend this class to define new decompression sinks.
  */
-abstract class DecompressionFlowStep extends Function {
+abstract class DecompressionFlowStep extends string {
+  bindingset[this]
+  DecompressionFlowStep() { any() }
+
   abstract predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2);
 }
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql
index c90aec08307e..0bee27755529 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql
@@ -26,8 +26,7 @@ module DecompressionTaintConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { isSink(_, sink) }
 
   predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    any(DecompressionFlowStep f).isAdditionalFlowStep(node1, node2) or
-    nextInAdditionalFlowStep(node1, node2)
+    any(DecompressionFlowStep s).isAdditionalFlowStep(node1, node2)
   }
 }
 
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll
index 7ea1a9fdb665..aa1d835b70dc 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll
@@ -20,11 +20,11 @@ class Archive_read_data_block extends DecompressionFunction {
 /**
  * The `archive_read_open_filename` function as a flow step.
  */
-class ReadOpenFunction extends DecompressionFlowStep {
-  ReadOpenFunction() { this.hasGlobalName("archive_read_open_filename") }
+class ReadOpenFunctionStep extends DecompressionFlowStep {
+  ReadOpenFunctionStep() { this = "ReadOpenFunction"}
 
   override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    exists(FunctionCall fc | fc.getTarget() = this |
+    exists(FunctionCall fc | fc.getTarget().hasGlobalName("archive_read_open_filename") |
       node1.asIndirectExpr() = fc.getArgument(1) and
       node2.asIndirectExpr() = fc.getArgument(0)
     )
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/MiniZip.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/MiniZip.qll
index 27c6b230aa88..b7cb9df013a4 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/MiniZip.qll
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/MiniZip.qll
@@ -42,13 +42,13 @@ class UnzOpenFunction extends DecompressionFunction {
 /**
  * The `mz_zip_reader_open_file` and `mz_zip_reader_open_file_in_memory` functions as a flow step.
  */
-class ReaderOpenFunction extends DecompressionFlowStep {
-  ReaderOpenFunction() {
-    this.hasGlobalName(["mz_zip_reader_open_file_in_memory", "mz_zip_reader_open_file"])
-  }
+class ReaderOpenFunctionStep extends DecompressionFlowStep {
+  ReaderOpenFunctionStep() { this = "ReaderOpenFunctionStep" }
 
   override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    exists(FunctionCall fc | fc.getTarget() = this |
+    exists(FunctionCall fc |
+      fc.getTarget().hasGlobalName(["mz_zip_reader_open_file_in_memory", "mz_zip_reader_open_file"])
+    |
       node1.asIndirectExpr() = fc.getArgument(1) and
       node2.asIndirectExpr() = fc.getArgument(0)
     )
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/ZSTD.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZSTD.qll
index dbdb729dd8cf..e39ad4ee8a0e 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/ZSTD.qll
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZSTD.qll
@@ -44,11 +44,11 @@ class ZstdDecompressUsingDdictFunction extends DecompressionFunction {
 /**
  * The `fopen_orDie` function as a flow step.
  */
-class FopenOrDieFunction extends DecompressionFlowStep {
-  FopenOrDieFunction() { this.hasGlobalName("fopen_orDie") }
+class FopenOrDieFunctionStep extends DecompressionFlowStep {
+  FopenOrDieFunctionStep() { this = "FopenOrDieFunctionStep" }
 
   override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    exists(FunctionCall fc | fc.getTarget() = this |
+    exists(FunctionCall fc | fc.getTarget().hasGlobalName("fopen_orDie") |
       node1.asIndirectExpr() = fc.getArgument(0) and
       node2.asExpr() = fc
     )
@@ -58,11 +58,11 @@ class FopenOrDieFunction extends DecompressionFlowStep {
 /**
  * The `fread_orDie` function as a flow step.
  */
-class FreadOrDieFunction extends DecompressionFlowStep {
-  FreadOrDieFunction() { this.hasGlobalName("fread_orDie") }
+class FreadOrDieFunctionStep extends DecompressionFlowStep {
+  FreadOrDieFunctionStep() { this = "FreadOrDieFunctionStep" }
 
   override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    exists(FunctionCall fc | fc.getTarget() = this |
+    exists(FunctionCall fc | fc.getTarget().hasGlobalName("fread_orDie") |
       node1.asIndirectExpr() = fc.getArgument(2) and
       node2.asIndirectExpr() = fc.getArgument(0)
     )
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibGzopen.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibGzopen.qll
index e8ea7e7fc8c8..172f8e7a7b69 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibGzopen.qll
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibGzopen.qll
@@ -43,11 +43,11 @@ class GzReadFunction extends DecompressionFunction {
  *
  * `gzdopen(int fd, const char *mode)`
  */
-class GzdopenFunction extends DecompressionFlowStep {
-  GzdopenFunction() { this.hasGlobalName("gzdopen") }
+class GzdopenFunctionStep extends DecompressionFlowStep {
+  GzdopenFunctionStep() { this = "GzdopenFunctionStep" }
 
   override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    exists(FunctionCall fc | fc.getTarget() = this |
+    exists(FunctionCall fc | fc.getTarget().hasGlobalName("gzdopen") |
       node1.asExpr() = fc.getArgument(0) and
       node2.asExpr() = fc
     )
@@ -59,11 +59,11 @@ class GzdopenFunction extends DecompressionFlowStep {
  *
  * `gzopen(const char *path, const char *mode)`
  */
-class GzopenFunction extends DecompressionFlowStep {
-  GzopenFunction() { this.hasGlobalName("gzopen") }
+class GzopenFunctionStep extends DecompressionFlowStep {
+  GzopenFunctionStep() { this = "GzopenFunctionStep" }
 
   override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    exists(FunctionCall fc | fc.getTarget() = this |
+    exists(FunctionCall fc | fc.getTarget().hasGlobalName("gzopen") |
       node1.asIndirectExpr() = fc.getArgument(0) and
       node2.asExpr() = fc
     )
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibInflator.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibInflator.qll
index c82d29fa7f00..6c3cb6062c59 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibInflator.qll
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/ZlibInflator.qll
@@ -19,16 +19,21 @@ class InflateFunction extends DecompressionFunction {
 }
 
 /**
- * The `next_in` member of a `z_stream` variable is used in flow steps.
+ * The `next_in` member of a `z_stream` variable is used in a flow steps.
  */
-predicate nextInAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-  exists(Variable nextInVar, VariableAccess zStreamAccess |
-    nextInVar.getDeclaringType().hasName("z_stream") and
-    nextInVar.hasName("next_in") and
-    zStreamAccess.getType().hasName("z_stream")
-  |
-    nextInVar.getAnAccess().getQualifier().(VariableAccess).getTarget() = zStreamAccess.getTarget() and
-    node1.asIndirectExpr() = nextInVar.getAnAssignedValue() and
-    node2.asExpr() = zStreamAccess
-  )
+class NextInMemberStep extends DecompressionFlowStep {
+  NextInMemberStep() { this = "NextInMemberStep" }
+
+  override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
+    exists(Variable nextInVar, VariableAccess zStreamAccess |
+      nextInVar.getDeclaringType().hasName("z_stream") and
+      nextInVar.hasName("next_in") and
+      zStreamAccess.getType().hasName("z_stream")
+    |
+      nextInVar.getAnAccess().getQualifier().(VariableAccess).getTarget() =
+        zStreamAccess.getTarget() and
+      node1.asIndirectExpr() = nextInVar.getAnAssignedValue() and
+      node2.asExpr() = zStreamAccess
+    )
+  }
 }

From 92c6170a7634b82f47464f87c12ba9cf02196f99 Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Wed, 4 Sep 2024 14:06:12 +0200
Subject: [PATCH 15/17] C++: Simplify QLhelp

One good and one bad example suffices to get the point across, and makes the
help more readable. The examples also do not have to be complete.
---
 .../CWE/CWE-409/DecompressionBombs.qhelp      |  12 +-
 .../Security/CWE/CWE-409/example_bad.cpp      | 126 +-----------------
 .../Security/CWE/CWE-409/example_good.cpp     |  77 ++---------
 3 files changed, 23 insertions(+), 192 deletions(-)

diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.qhelp b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.qhelp
index cdadabbf207c..c263f4db625f 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.qhelp
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.qhelp
@@ -3,8 +3,8 @@
   "qhelp.dtd">
 <qhelp>
 <overview>
-<p>Extracting Compressed files with any compression algorithm like gzip can cause to denial of service attacks.</p>
-<p>Attackers can compress a huge file which created by repeated similiar byte and convert it to a small compressed file.</p>
+<p>Extracting Compressed files with any compression algorithm like gzip can cause denial of service attacks.</p>
+<p>Attackers can compress a huge file consisting of repeated similiar bytes into a small compressed file.</p>
 </overview>
 <recommendation>
 
@@ -14,12 +14,12 @@
 <example>
 
 <p>
-Reading uncompressed Gzip file within a loop and check for a threshold size in each cycle.
+Reading an uncompressed Gzip file within a loop and check for a threshold size in each cycle.
 </p>
 <sample src="example_good.cpp"/>
 
 <p>
-An Unsafe Approach can be this example which we don't check for uncompressed size.
+The following example is unsafe, as we do not check the uncompressed size.
 </p>
 <sample src="example_bad.cpp" />
 
@@ -28,11 +28,11 @@ An Unsafe Approach can be this example which we don't check for uncompressed siz
 <references>
 
 <li>
-<a href="https://zlib.net/manual.html">Zlib Documentation</a>
+<a href="https://zlib.net/manual.html">Zlib documentation</a>
 </li>
 
 <li>
-<a href="https://www.bamsoftware.com/hacks/zipbomb/">A great research to gain more impact by this kind of attacks</a>
+<a href="https://www.bamsoftware.com/hacks/zipbomb/">An explanation of the attack</a>
 </li>
 
 </references>
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/example_bad.cpp b/cpp/ql/src/experimental/Security/CWE/CWE-409/example_bad.cpp
index af5138173869..eaf2fe22817a 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/example_bad.cpp
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/example_bad.cpp
@@ -1,129 +1,15 @@
-#include <iostream>
-#include <vector>
 #include "zlib.h"
-#include <cstdio>
-#include <cstring>
 
-int UnsafeInflate(int argc, char *argv[]) {
-    // original string len = 36
-    char a[50] = "Hello Hello Hello Hello Hello Hello!";
-    // placeholder for the compressed (deflated) version of "a"
-    char b[50];
-    // placeholder for the Uncompressed (inflated) version of "b"
-    char c[50];
-    printf("Uncompressed size is: %lu\n", strlen(a));
-    printf("Uncompressed string is: %s\n", a);
-    printf("\n----------\n\n");
-
-    // STEP 1.
-    // zlib struct
-    z_stream defstream;
-    defstream.zalloc = Z_NULL;
-    defstream.zfree = Z_NULL;
-    defstream.opaque = Z_NULL;
-    // setup "a" as the input and "b" as the compressed output
-    defstream.avail_in = (uInt) strlen(a) + 1; // size of input, string + terminator
-    defstream.next_in = (Bytef *) a; // input char array
-    defstream.avail_out = (uInt) sizeof(b); // size of output
-    defstream.next_out = (Bytef *) b; // output char array
-
-    // the actual compression work.
-    deflateInit(&defstream, Z_BEST_COMPRESSION);
-    deflate(&defstream, Z_FINISH);
-    deflateEnd(&defstream);
-
-    // This is one way of getting the size of the output
-    printf("Compressed size is: %lu\n", strlen(b));
-    printf("Compressed string is: %s\n", b);
-    printf("\n----------\n\n");
-    // STEP 2.
-    // inflate b into c
-    // zlib struct
-    z_stream infstream;
-    infstream.zalloc = Z_NULL;
-    infstream.zfree = Z_NULL;
-    infstream.opaque = Z_NULL;
-    // setup "b" as the input and "c" as the compressed output
-    // TOTHINK: Here we can add additional step from Right operand to z_stream variable access
-    infstream.avail_in = (uInt) ((char *) defstream.next_out - b); // size of input
-    infstream.next_in = (Bytef *) b; // input char array
-    infstream.avail_out = (uInt) sizeof(c); // size of output
-    infstream.next_out = (Bytef *) c; // output char array
-
-    // uLong  total_out; /* total number of bytes output so far */
-    // the actual DE-compression work.
-    inflateInit(&infstream);
-    std::cout << infstream.total_out << std::endl;
-    inflate(&infstream, Z_NO_FLUSH);
-    std::cout << infstream.total_out << std::endl;
-    inflateEnd(&infstream);
-
-    printf("Uncompressed size is: %lu\n", strlen(c));
-    printf("Uncompressed string is: %s\n", c);
-    return 0;
-}
-
-int UnsafeGzread() {
-    std::cout << "enter compressed file name!\n" << std::endl;
-    char fileName[100];
-    std::cin >> fileName;
-    gzFile inFileZ = gzopen(fileName, "rb");
-    if (inFileZ == nullptr) {
-        printf("Error: Failed to gzopen %s\n", fileName);
-        exit(0);
-    }
-    unsigned char unzipBuffer[8192];
+void UnsafeGzread(gzFile inFileZ) {
+    const int BUFFER_SIZE = 8192;
+    unsigned char unzipBuffer[BUFFER_SIZE];
     unsigned int unzippedBytes;
-    std::vector<unsigned char> unzippedData;
     while (true) {
-        unzippedBytes = gzread(inFileZ, unzipBuffer, 8192);
-        if (unzippedBytes > 0) {
-            unzippedData.insert(unzippedData.end(), unzipBuffer, unzipBuffer + unzippedBytes);
-        } else {
+        unzippedBytes = gzread(inFileZ, unzipBuffer, BUFFER_SIZE);
+        if (unzippedBytes <= 0) {
             break;
         }
-    }
-    for (auto &&i: unzippedData)
-        std::cout << i;
-    gzclose(inFileZ);
-    return 0;
-}
 
-int UnsafeGzfread() {
-    std::cout << "enter compressed file name!\n" << std::endl;
-    char fileName[100];
-    std::cin >> fileName;
-    gzFile inFileZ = gzopen(fileName, "rb");
-    if (inFileZ == nullptr) {
-        printf("Error: Failed to gzopen %s\n", fileName);
-        exit(0);
-    }
-    while (true) {
-        char buffer[1000];
-        if (!gzfread(buffer, 999, 1, inFileZ)) {
-            break;
-        }
-    }
-    gzclose(inFileZ);
-    return 0;
-}
-
-int UnsafeGzgets() {
-    std::cout << "enter compressed file name!\n" << std::endl;
-    char fileName[100];
-    std::cin >> fileName;
-    gzFile inFileZ = gzopen(fileName, "rb");
-    if (inFileZ == nullptr) {
-        printf("Error: Failed to gzopen %s\n", fileName);
-        exit(0);
-    }
-    char *buffer = new char[4000000000];
-    char *result = gzgets(inFileZ, buffer, 1000000000);
-    while (true) {
-        result = gzgets(inFileZ, buffer, 1000000000);
-        if (result == nullptr) {
-            break;
-        }
+        // process buffer
     }
-    return 0;
 }
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/example_good.cpp b/cpp/ql/src/experimental/Security/CWE/CWE-409/example_good.cpp
index 7ad34658367c..f28ed41026d5 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/example_good.cpp
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/example_good.cpp
@@ -1,78 +1,23 @@
-#include <iostream>
-#include <vector>
 #include "zlib.h"
-#include <cstdio>
-#include <cstring>
 
-int SafeGzread() {
-    std::cout << "enter compressed file name!\n" << std::endl;
-    char fileName[100];
-    std::cin >> fileName;
-    gzFile inFileZ = gzopen(fileName, "rb");
-    if (inFileZ == nullptr) {
-        printf("Error: Failed to gzopen %s\n", fileName);
-        exit(0);
-    }
-    unsigned char unzipBuffer[8192];
+void SafeGzread(gzFile inFileZ) {
+    const int MAX_READ = 1024 * 1024 * 4;
+    const int BUFFER_SIZE = 8192;
+    unsigned char unzipBuffer[BUFFER_SIZE];
     unsigned int unzippedBytes;
-    uint totalRead = 0;
-    std::vector<unsigned char> unzippedData;
+    unsigned int totalRead = 0;
     while (true) {
-        unzippedBytes = gzread(inFileZ, unzipBuffer, 8192);
+        unzippedBytes = gzread(inFileZ, unzipBuffer, BUFFER_SIZE);
         totalRead += unzippedBytes;
-        if (unzippedBytes > 0) {
-            unzippedData.insert(unzippedData.end(), unzipBuffer, unzipBuffer + unzippedBytes);
-            if (totalRead > 1024 * 1024 * 4) {
-                std::cout << "Bombs!" << totalRead;
-                exit(1);
-            } else {
-                std::cout << "not Bomb yet!!" << totalRead << std::endl;
-            }
-        } else {
+        if (unzippedBytes <= 0) {
             break;
         }
-    }
-
-    for (auto &&i: unzippedData)
-        std::cout << i;
-    gzclose(inFileZ);
 
-    return 0;
-}
-
-int SafeGzread2() {
-    std::cout << "enter compressed file name!\n" << std::endl;
-    char fileName[100];
-    std::cin >> fileName;
-    gzFile inFileZ = gzopen(fileName, "rb");
-    if (inFileZ == nullptr) {
-        printf("Error: Failed to gzopen %s\n", fileName);
-        exit(0);
-    }
-    const int BUFFER_SIZE = 8192;
-    unsigned char unzipBuffer[BUFFER_SIZE];
-    unsigned int unzippedBytes;
-    uint totalRead = 0;
-    std::vector<unsigned char> unzippedData;
-    while (true) {
-        unzippedBytes = gzread(inFileZ, unzipBuffer, BUFFER_SIZE);
-        totalRead += BUFFER_SIZE;
-        if (unzippedBytes > 0) {
-            unzippedData.insert(unzippedData.end(), unzipBuffer, unzipBuffer + unzippedBytes);
-            if (totalRead > 1024 * 1024 * 4) {
-                std::cout << "Bombs!" << totalRead;
-                exit(1);
-            } else {
-                std::cout << "not Bomb yet!!" << totalRead << std::endl;
-            }
-        } else {
+        if (totalRead > MAX_READ) {
+            // Possible decompression bomb, stop processing.
             break;
+        } else {
+            // process buffer
         }
     }
-
-    for (auto &&i: unzippedData)
-        std::cout << i;
-    gzclose(inFileZ);
-
-    return 0;
 }

From 238895e677b8cb72e41329860410c83599ae879c Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Wed, 4 Sep 2024 14:10:24 +0200
Subject: [PATCH 16/17] C++: Fix formatting

---
 cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll b/cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll
index aa1d835b70dc..b14e02e1e82e 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/LibArchive.qll
@@ -21,7 +21,7 @@ class Archive_read_data_block extends DecompressionFunction {
  * The `archive_read_open_filename` function as a flow step.
  */
 class ReadOpenFunctionStep extends DecompressionFlowStep {
-  ReadOpenFunctionStep() { this = "ReadOpenFunction"}
+  ReadOpenFunctionStep() { this = "ReadOpenFunction" }
 
   override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
     exists(FunctionCall fc | fc.getTarget().hasGlobalName("archive_read_open_filename") |

From 9b905d5e84adcffff125a3e6989dbe0d8075e40d Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Wed, 4 Sep 2024 14:13:43 +0200
Subject: [PATCH 17/17] C++: Set precision to low

There are no barriers, so the query as is will flag up any use of the
identified functions.
---
 .../src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql
index 0bee27755529..bfa11e65b067 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql
@@ -3,7 +3,7 @@
  * @description User-controlled data that flows into decompression library APIs without checking the compression rate is dangerous
  * @kind path-problem
  * @problem.severity error
- * @precision high
+ * @precision low
  * @id cpp/data-decompression-bomb
  * @tags security
  *       experimental