Skip to content

Commit 09f6576

Browse files
jketemajketema
committed
C++: Simplify libarchive test
1 parent 078e635 commit 09f6576

File tree

2 files changed

+43
-114
lines changed

2 files changed

+43
-114
lines changed

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected

Lines changed: 22 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -2,17 +2,15 @@ edges
22
| brotliTest.cpp:26:41:26:44 | **argv | brotliTest.cpp:26:41:26:44 | **argv | provenance | |
33
| brotliTest.cpp:26:41:26:44 | **argv | brotliTest.cpp:28:42:28:60 | *access to array | provenance | |
44
| brotliTest.cpp:26:41:26:44 | **argv | brotliTest.cpp:34:35:34:40 | *input2 | provenance | TaintFunction |
5-
| libarchiveTests.cpp:49:38:49:39 | *ar | libarchiveTests.cpp:49:38:49:39 | *ar | provenance | |
6-
| libarchiveTests.cpp:49:38:49:39 | *ar | libarchiveTests.cpp:56:33:56:34 | *ar | provenance | |
7-
| libarchiveTests.cpp:68:33:68:40 | *filename | libarchiveTests.cpp:86:40:86:47 | *filename | provenance | |
8-
| libarchiveTests.cpp:86:37:86:37 | *a | libarchiveTests.cpp:92:23:92:23 | *a | provenance | |
9-
| libarchiveTests.cpp:86:40:86:47 | *filename | libarchiveTests.cpp:86:37:86:37 | *a | provenance | Config |
10-
| libarchiveTests.cpp:92:23:92:23 | *a | libarchiveTests.cpp:49:38:49:39 | *ar | provenance | |
11-
| libarchiveTests.cpp:92:23:92:23 | *a | libarchiveTests.cpp:92:23:92:23 | copy_data output argument | provenance | |
12-
| libarchiveTests.cpp:92:23:92:23 | copy_data output argument | libarchiveTests.cpp:92:23:92:23 | *a | provenance | |
13-
| libarchiveTests.cpp:107:45:107:48 | **argv | libarchiveTests.cpp:107:45:107:48 | **argv | provenance | |
14-
| libarchiveTests.cpp:107:45:107:48 | **argv | libarchiveTests.cpp:108:13:108:19 | *access to array | provenance | |
15-
| libarchiveTests.cpp:108:13:108:19 | *access to array | libarchiveTests.cpp:68:33:68:40 | *filename | provenance | |
5+
| libarchiveTests.cpp:16:31:16:32 | *ar | libarchiveTests.cpp:16:31:16:32 | *ar | provenance | |
6+
| libarchiveTests.cpp:16:31:16:32 | *ar | libarchiveTests.cpp:22:41:22:42 | *ar | provenance | |
7+
| libarchiveTests.cpp:30:45:30:48 | **argv | libarchiveTests.cpp:30:45:30:48 | **argv | provenance | |
8+
| libarchiveTests.cpp:30:45:30:48 | **argv | libarchiveTests.cpp:34:35:34:41 | *access to array | provenance | |
9+
| libarchiveTests.cpp:34:32:34:32 | *a | libarchiveTests.cpp:38:27:38:27 | *a | provenance | |
10+
| libarchiveTests.cpp:34:35:34:41 | *access to array | libarchiveTests.cpp:34:32:34:32 | *a | provenance | Config |
11+
| libarchiveTests.cpp:38:27:38:27 | *a | libarchiveTests.cpp:16:31:16:32 | *ar | provenance | |
12+
| libarchiveTests.cpp:38:27:38:27 | *a | libarchiveTests.cpp:38:27:38:27 | read_data output argument | provenance | |
13+
| libarchiveTests.cpp:38:27:38:27 | read_data output argument | libarchiveTests.cpp:38:27:38:27 | *a | provenance | |
1614
| main.cpp:7:33:7:36 | **argv | main.cpp:8:23:8:26 | **argv | provenance | |
1715
| main.cpp:7:33:7:36 | **argv | main.cpp:9:27:9:30 | **argv | provenance | |
1816
| main.cpp:7:33:7:36 | **argv | main.cpp:10:24:10:27 | **argv | provenance | |
@@ -22,7 +20,7 @@ edges
2220
| main.cpp:8:23:8:26 | brotli_test output argument | main.cpp:9:27:9:30 | **argv | provenance | |
2321
| main.cpp:8:23:8:26 | brotli_test output argument | main.cpp:10:24:10:27 | **argv | provenance | |
2422
| main.cpp:8:23:8:26 | brotli_test output argument | main.cpp:11:21:11:24 | **argv | provenance | |
25-
| main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:107:45:107:48 | **argv | provenance | |
23+
| main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:30:45:30:48 | **argv | provenance | |
2624
| main.cpp:9:27:9:30 | **argv | main.cpp:9:27:9:30 | libarchive_test output argument | provenance | |
2725
| main.cpp:9:27:9:30 | libarchive_test output argument | main.cpp:10:24:10:27 | **argv | provenance | |
2826
| main.cpp:9:27:9:30 | libarchive_test output argument | main.cpp:11:21:11:24 | **argv | provenance | |
@@ -88,17 +86,15 @@ nodes
8886
| brotliTest.cpp:26:41:26:44 | **argv | semmle.label | **argv |
8987
| brotliTest.cpp:28:42:28:60 | *access to array | semmle.label | *access to array |
9088
| brotliTest.cpp:34:35:34:40 | *input2 | semmle.label | *input2 |
91-
| libarchiveTests.cpp:49:38:49:39 | *ar | semmle.label | *ar |
92-
| libarchiveTests.cpp:49:38:49:39 | *ar | semmle.label | *ar |
93-
| libarchiveTests.cpp:56:33:56:34 | *ar | semmle.label | *ar |
94-
| libarchiveTests.cpp:68:33:68:40 | *filename | semmle.label | *filename |
95-
| libarchiveTests.cpp:86:37:86:37 | *a | semmle.label | *a |
96-
| libarchiveTests.cpp:86:40:86:47 | *filename | semmle.label | *filename |
97-
| libarchiveTests.cpp:92:23:92:23 | *a | semmle.label | *a |
98-
| libarchiveTests.cpp:92:23:92:23 | copy_data output argument | semmle.label | copy_data output argument |
99-
| libarchiveTests.cpp:107:45:107:48 | **argv | semmle.label | **argv |
100-
| libarchiveTests.cpp:107:45:107:48 | **argv | semmle.label | **argv |
101-
| libarchiveTests.cpp:108:13:108:19 | *access to array | semmle.label | *access to array |
89+
| libarchiveTests.cpp:16:31:16:32 | *ar | semmle.label | *ar |
90+
| libarchiveTests.cpp:16:31:16:32 | *ar | semmle.label | *ar |
91+
| libarchiveTests.cpp:22:41:22:42 | *ar | semmle.label | *ar |
92+
| libarchiveTests.cpp:30:45:30:48 | **argv | semmle.label | **argv |
93+
| libarchiveTests.cpp:30:45:30:48 | **argv | semmle.label | **argv |
94+
| libarchiveTests.cpp:34:32:34:32 | *a | semmle.label | *a |
95+
| libarchiveTests.cpp:34:35:34:41 | *access to array | semmle.label | *access to array |
96+
| libarchiveTests.cpp:38:27:38:27 | *a | semmle.label | *a |
97+
| libarchiveTests.cpp:38:27:38:27 | read_data output argument | semmle.label | read_data output argument |
10298
| main.cpp:7:33:7:36 | **argv | semmle.label | **argv |
10399
| main.cpp:8:23:8:26 | **argv | semmle.label | **argv |
104100
| main.cpp:8:23:8:26 | brotli_test output argument | semmle.label | brotli_test output argument |
@@ -152,9 +148,9 @@ nodes
152148
| zlibTest.cpp:84:18:84:24 | UnsafeGzread output argument | semmle.label | UnsafeGzread output argument |
153149
| zlibTest.cpp:85:19:85:25 | *access to array | semmle.label | *access to array |
154150
subpaths
155-
| libarchiveTests.cpp:92:23:92:23 | *a | libarchiveTests.cpp:49:38:49:39 | *ar | libarchiveTests.cpp:49:38:49:39 | *ar | libarchiveTests.cpp:92:23:92:23 | copy_data output argument |
151+
| libarchiveTests.cpp:38:27:38:27 | *a | libarchiveTests.cpp:16:31:16:32 | *ar | libarchiveTests.cpp:16:31:16:32 | *ar | libarchiveTests.cpp:38:27:38:27 | read_data output argument |
156152
| main.cpp:8:23:8:26 | **argv | brotliTest.cpp:26:41:26:44 | **argv | brotliTest.cpp:26:41:26:44 | **argv | main.cpp:8:23:8:26 | brotli_test output argument |
157-
| main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:107:45:107:48 | **argv | libarchiveTests.cpp:107:45:107:48 | **argv | main.cpp:9:27:9:30 | libarchive_test output argument |
153+
| main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:30:45:30:48 | **argv | libarchiveTests.cpp:30:45:30:48 | **argv | main.cpp:9:27:9:30 | libarchive_test output argument |
158154
| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:34:42:34:45 | **argv | minizipTest.cpp:34:42:34:45 | **argv | main.cpp:10:24:10:27 | minizip_test output argument |
159155
| zlibTest.cpp:81:19:81:25 | *access to array | zlibTest.cpp:47:26:47:33 | *fileName | zlibTest.cpp:47:26:47:33 | *fileName | zlibTest.cpp:81:19:81:25 | UnsafeGzfread output argument |
160156
| zlibTest.cpp:82:18:82:24 | *access to array | zlibTest.cpp:57:25:57:32 | *fileName | zlibTest.cpp:57:25:57:32 | *fileName | zlibTest.cpp:82:18:82:24 | UnsafeGzgets output argument |
@@ -163,7 +159,7 @@ subpaths
163159
#select
164160
| brotliTest.cpp:28:42:28:60 | *access to array | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:28:42:28:60 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
165161
| brotliTest.cpp:34:35:34:40 | *input2 | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:34:35:34:40 | *input2 | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
166-
| libarchiveTests.cpp:56:33:56:34 | *ar | main.cpp:7:33:7:36 | **argv | libarchiveTests.cpp:56:33:56:34 | *ar | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
162+
| libarchiveTests.cpp:22:41:22:42 | *ar | main.cpp:7:33:7:36 | **argv | libarchiveTests.cpp:22:41:22:42 | *ar | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
167163
| minizipTest.cpp:40:52:40:67 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:40:52:40:67 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
168164
| minizipTest.cpp:58:30:58:39 | **zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:58:30:58:39 | **zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
169165
| minizipTest.cpp:58:30:58:39 | *zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:58:30:58:39 | *zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/libarchiveTests.cpp

Lines changed: 21 additions & 88 deletions
Original file line numberDiff line numberDiff line change
@@ -1,109 +1,42 @@
1-
#define ARCHIVE_EXTRACT_TIME (0x0004)
2-
#define ARCHIVE_EXTRACT_PERM (0x0002)
3-
#define ARCHIVE_EXTRACT_ACL (0x0020)
4-
#define ARCHIVE_EXTRACT_FFLAGS (0x0040)
5-
#define ARCHIVE_EOF 1 /* Found end of archive. */
6-
#define ARCHIVE_OK 0 /* Operation was successful. */
7-
#define ARCHIVE_WARN (-20) /* Partial success. */
8-
9-
10-
int archive_read_next_header(struct archive *a, struct archive_entry **entry);
11-
12-
struct archive *archive_read_new();
13-
14-
archive *archive_write_disk_new();
15-
16-
void archive_read_support_format_all(archive *pArchive);
17-
18-
void archive_read_support_filter_all(archive *pArchive);
19-
20-
void archive_write_disk_set_options(archive *pArchive, int flags);
21-
22-
void archive_write_disk_set_standard_lookup(archive *pArchive);
23-
24-
int archive_read_open_filename(archive *pArchive, const char *filename, int i);
1+
#define ARCHIVE_EOF 1
2+
#define ARCHIVE_OK 0
3+
#define ARCHIVE_WARN (-20)
254

5+
struct archive;
266
struct archive_entry;
27-
28-
int archive_write_header(archive *pArchive, archive_entry *entry);
29-
30-
int archive_entry_size(archive_entry *pEntry);
31-
327
typedef int size_t;
338
typedef int la_int64_t;
349

10+
archive *archive_read_new();
11+
int archive_read_open_filename(archive *pArchive, const char *filename, int i);
12+
int archive_read_next_header(archive *a, archive_entry **entry);
13+
int archive_entry_size(archive_entry *pEntry);
3514
int archive_read_data_block(archive *pArchive, const void **pVoid, size_t *pInt, la_int64_t *pInt1);
3615

37-
int archive_write_data_block(archive *pArchive, const void *pVoid, size_t size, la_int64_t offset);
38-
39-
int archive_write_finish_entry(archive *pArchive);
40-
41-
void archive_read_close(archive *pArchive);
42-
43-
void archive_read_free(archive *pArchive);
44-
45-
void archive_write_close(archive *pArchive);
46-
47-
void archive_write_free(archive *pArchive);
48-
49-
static int copy_data(struct archive *ar, struct archive *aw) {
50-
int r;
51-
const void *buff;
52-
size_t size;
53-
la_int64_t offset;
54-
16+
static int read_data(archive *ar) {
5517
for (;;) {
56-
archive_read_data_block(ar, &buff, &size, &offset); // BAD
18+
const void *buff;
19+
size_t size;
20+
la_int64_t offset;
21+
22+
int r = archive_read_data_block(ar, &buff, &size, &offset); // BAD
5723
if (r == ARCHIVE_EOF)
58-
return (ARCHIVE_OK);
24+
return ARCHIVE_OK;
5925
if (r < ARCHIVE_OK)
60-
return (r);
61-
archive_write_data_block(aw, buff, size, offset);
62-
if (r < ARCHIVE_OK) {
63-
return (r);
64-
}
26+
return r;
6527
}
6628
}
6729

68-
static void extract(const char *filename) {
69-
struct archive *a;
70-
struct archive *ext;
71-
struct archive_entry *entry;
72-
int flags;
73-
int r;
74-
/* Select which attributes we want to restore. */
75-
flags = ARCHIVE_EXTRACT_TIME;
76-
flags |= ARCHIVE_EXTRACT_PERM;
77-
flags |= ARCHIVE_EXTRACT_ACL;
78-
flags |= ARCHIVE_EXTRACT_FFLAGS;
30+
void libarchive_test(int argc, const char **argv) {
31+
archive *a = archive_read_new();
32+
archive_entry *entry;
7933

80-
a = archive_read_new();
81-
archive_read_support_format_all(a);
82-
archive_read_support_filter_all(a);
83-
ext = archive_write_disk_new();
84-
archive_write_disk_set_options(ext, flags);
85-
archive_write_disk_set_standard_lookup(ext);
86-
if ((archive_read_open_filename(a, filename, 10240)))
87-
return;
34+
archive_read_open_filename(a, argv[1], 10240);
8835
for (;;) {
8936
archive_read_next_header(a, &entry);
90-
archive_write_header(ext, entry);
9137
if (archive_entry_size(entry) > 0) {
92-
copy_data(a, ext);
93-
if (r < ARCHIVE_WARN)
38+
if (read_data(a) < ARCHIVE_WARN)
9439
break;
9540
}
96-
archive_write_finish_entry(ext);
97-
if (r < ARCHIVE_WARN)
98-
break;
9941
}
100-
archive_read_close(a);
101-
archive_read_free(a);
102-
archive_write_close(ext);
103-
archive_write_free(ext);
104-
}
105-
106-
107-
void libarchive_test(int argc, const char **argv) {
108-
extract(argv[1]);
10942
}

0 commit comments

Comments
 (0)