C++: Cleanup minizip test

jketema · jketema · commit 0f98e292ed75 · 2024-09-04T11:19:22.000+02:00
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.expected
@@ -25,17 +25,17 @@ edges
 | main.cpp:9:27:9:30 | libarchive_test output argument | main.cpp:10:24:10:27 | **argv | provenance |  |
 | main.cpp:9:27:9:30 | libarchive_test output argument | main.cpp:11:21:11:24 | **argv | provenance |  |
 | main.cpp:10:24:10:27 | **argv | main.cpp:10:24:10:27 | minizip_test output argument | provenance |  |
-| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:34:42:34:45 | **argv | provenance |  |
+| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:12:42:12:45 | **argv | provenance |  |
 | main.cpp:10:24:10:27 | minizip_test output argument | main.cpp:11:21:11:24 | **argv | provenance |  |
 | main.cpp:11:21:11:24 | **argv | zlibTest.cpp:80:33:80:36 | **argv | provenance |  |
-| minizipTest.cpp:34:42:34:45 | **argv | minizipTest.cpp:34:42:34:45 | **argv | provenance |  |
-| minizipTest.cpp:34:42:34:45 | **argv | minizipTest.cpp:40:52:40:67 | *access to array | provenance |  |
-| minizipTest.cpp:34:42:34:45 | **argv | minizipTest.cpp:52:41:52:47 | *access to array | provenance |  |
-| minizipTest.cpp:34:42:34:45 | **argv | minizipTest.cpp:67:13:67:19 | *access to array | provenance |  |
-| minizipTest.cpp:52:29:52:38 | **zip_reader | minizipTest.cpp:58:30:58:39 | **zip_reader | provenance |  |
-| minizipTest.cpp:52:29:52:38 | *zip_reader | minizipTest.cpp:58:30:58:39 | *zip_reader | provenance |  |
-| minizipTest.cpp:52:41:52:47 | *access to array | minizipTest.cpp:52:29:52:38 | **zip_reader | provenance | Config |
-| minizipTest.cpp:52:41:52:47 | *access to array | minizipTest.cpp:52:29:52:38 | *zip_reader | provenance | Config |
+| minizipTest.cpp:12:42:12:45 | **argv | minizipTest.cpp:12:42:12:45 | **argv | provenance |  |
+| minizipTest.cpp:12:42:12:45 | **argv | minizipTest.cpp:17:52:17:67 | *access to array | provenance |  |
+| minizipTest.cpp:12:42:12:45 | **argv | minizipTest.cpp:24:41:24:47 | *access to array | provenance |  |
+| minizipTest.cpp:12:42:12:45 | **argv | minizipTest.cpp:28:13:28:19 | *access to array | provenance |  |
+| minizipTest.cpp:24:29:24:38 | **zip_reader | minizipTest.cpp:26:30:26:39 | **zip_reader | provenance |  |
+| minizipTest.cpp:24:29:24:38 | *zip_reader | minizipTest.cpp:26:30:26:39 | *zip_reader | provenance |  |
+| minizipTest.cpp:24:41:24:47 | *access to array | minizipTest.cpp:24:29:24:38 | **zip_reader | provenance | Config |
+| minizipTest.cpp:24:41:24:47 | *access to array | minizipTest.cpp:24:29:24:38 | *zip_reader | provenance | Config |
 | zlibTest.cpp:16:26:16:30 | *input | zlibTest.cpp:20:25:20:39 | *input | provenance |  |
 | zlibTest.cpp:20:25:20:39 | *input | zlibTest.cpp:16:26:16:30 | *input | provenance |  |
 | zlibTest.cpp:20:25:20:39 | *input | zlibTest.cpp:24:17:24:26 | & ... | provenance | Config |
@@ -103,15 +103,15 @@ nodes
 | main.cpp:10:24:10:27 | **argv | semmle.label | **argv |
 | main.cpp:10:24:10:27 | minizip_test output argument | semmle.label | minizip_test output argument |
 | main.cpp:11:21:11:24 | **argv | semmle.label | **argv |
-| minizipTest.cpp:34:42:34:45 | **argv | semmle.label | **argv |
-| minizipTest.cpp:34:42:34:45 | **argv | semmle.label | **argv |
-| minizipTest.cpp:40:52:40:67 | *access to array | semmle.label | *access to array |
-| minizipTest.cpp:52:29:52:38 | **zip_reader | semmle.label | **zip_reader |
-| minizipTest.cpp:52:29:52:38 | *zip_reader | semmle.label | *zip_reader |
-| minizipTest.cpp:52:41:52:47 | *access to array | semmle.label | *access to array |
-| minizipTest.cpp:58:30:58:39 | **zip_reader | semmle.label | **zip_reader |
-| minizipTest.cpp:58:30:58:39 | *zip_reader | semmle.label | *zip_reader |
-| minizipTest.cpp:67:13:67:19 | *access to array | semmle.label | *access to array |
+| minizipTest.cpp:12:42:12:45 | **argv | semmle.label | **argv |
+| minizipTest.cpp:12:42:12:45 | **argv | semmle.label | **argv |
+| minizipTest.cpp:17:52:17:67 | *access to array | semmle.label | *access to array |
+| minizipTest.cpp:24:29:24:38 | **zip_reader | semmle.label | **zip_reader |
+| minizipTest.cpp:24:29:24:38 | *zip_reader | semmle.label | *zip_reader |
+| minizipTest.cpp:24:41:24:47 | *access to array | semmle.label | *access to array |
+| minizipTest.cpp:26:30:26:39 | **zip_reader | semmle.label | **zip_reader |
+| minizipTest.cpp:26:30:26:39 | *zip_reader | semmle.label | *zip_reader |
+| minizipTest.cpp:28:13:28:19 | *access to array | semmle.label | *access to array |
 | zlibTest.cpp:16:26:16:30 | *input | semmle.label | *input |
 | zlibTest.cpp:16:26:16:30 | *input | semmle.label | *input |
 | zlibTest.cpp:20:25:20:39 | *input | semmle.label | *input |
@@ -151,7 +151,7 @@ subpaths
 | libarchiveTests.cpp:38:27:38:27 | *a | libarchiveTests.cpp:16:31:16:32 | *ar | libarchiveTests.cpp:16:31:16:32 | *ar | libarchiveTests.cpp:38:27:38:27 | read_data output argument |
 | main.cpp:8:23:8:26 | **argv | brotliTest.cpp:26:41:26:44 | **argv | brotliTest.cpp:26:41:26:44 | **argv | main.cpp:8:23:8:26 | brotli_test output argument |
 | main.cpp:9:27:9:30 | **argv | libarchiveTests.cpp:30:45:30:48 | **argv | libarchiveTests.cpp:30:45:30:48 | **argv | main.cpp:9:27:9:30 | libarchive_test output argument |
-| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:34:42:34:45 | **argv | minizipTest.cpp:34:42:34:45 | **argv | main.cpp:10:24:10:27 | minizip_test output argument |
+| main.cpp:10:24:10:27 | **argv | minizipTest.cpp:12:42:12:45 | **argv | minizipTest.cpp:12:42:12:45 | **argv | main.cpp:10:24:10:27 | minizip_test output argument |
 | zlibTest.cpp:81:19:81:25 | *access to array | zlibTest.cpp:47:26:47:33 | *fileName | zlibTest.cpp:47:26:47:33 | *fileName | zlibTest.cpp:81:19:81:25 | UnsafeGzfread output argument |
 | zlibTest.cpp:82:18:82:24 | *access to array | zlibTest.cpp:57:25:57:32 | *fileName | zlibTest.cpp:57:25:57:32 | *fileName | zlibTest.cpp:82:18:82:24 | UnsafeGzgets output argument |
 | zlibTest.cpp:83:19:83:25 | *access to array | zlibTest.cpp:16:26:16:30 | *input | zlibTest.cpp:16:26:16:30 | *input | zlibTest.cpp:83:19:83:25 | UnsafeInflate output argument |
@@ -160,10 +160,10 @@ subpaths
 | brotliTest.cpp:28:42:28:60 | *access to array | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:28:42:28:60 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | brotliTest.cpp:34:35:34:40 | *input2 | main.cpp:7:33:7:36 | **argv | brotliTest.cpp:34:35:34:40 | *input2 | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | libarchiveTests.cpp:22:41:22:42 | *ar | main.cpp:7:33:7:36 | **argv | libarchiveTests.cpp:22:41:22:42 | *ar | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| minizipTest.cpp:40:52:40:67 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:40:52:40:67 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| minizipTest.cpp:58:30:58:39 | **zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:58:30:58:39 | **zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| minizipTest.cpp:58:30:58:39 | *zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:58:30:58:39 | *zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
-| minizipTest.cpp:67:13:67:19 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:67:13:67:19 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| minizipTest.cpp:17:52:17:67 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:17:52:17:67 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| minizipTest.cpp:26:30:26:39 | **zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:26:30:26:39 | **zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| minizipTest.cpp:26:30:26:39 | *zip_reader | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:26:30:26:39 | *zip_reader | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
+| minizipTest.cpp:28:13:28:19 | *access to array | main.cpp:7:33:7:36 | **argv | minizipTest.cpp:28:13:28:19 | *access to array | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | zlibTest.cpp:25:13:25:22 | & ... | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:25:13:25:22 | & ... | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | zlibTest.cpp:41:20:41:26 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:41:20:41:26 | inFileZ | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
 | zlibTest.cpp:51:38:51:44 | inFileZ | main.cpp:7:33:7:36 | **argv | zlibTest.cpp:51:38:51:44 | inFileZ | This Decompression output $@. | main.cpp:7:33:7:36 | **argv | is not limited |
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/minizipTest.cpp
@@ -1,68 +1,29 @@
 typedef signed int int32_t;
 
-void *mz_stream_os_create();
-
-int32_t mz_zip_reader_open_file(void *handle, const char *path);
-
-int32_t mz_zip_reader_open_file_in_memory(void *handle, const char *path);
-
 void *mz_zip_reader_create();
-
+int32_t mz_zip_reader_open_file(void *handle, const char *path);
 int32_t mz_zip_reader_goto_first_entry(void *pVoid);
-
-int32_t mz_stream_os_open(void *pVoid, const char *path, int write);
-
-void mz_stream_os_close(void *pVoid);
-
-void mz_stream_os_delete(void **pVoid);
-
-void mz_zip_reader_close(void *pVoid);
-
-void mz_zip_reader_delete(void **pVoid);
-
 int32_t mz_zip_reader_entry_save(void *pVoid, int stream, int write);
-
-
+int32_t mz_zip_entry_read(void *pVoid, void *buf, int32_t i);
 void UnzOpen(const char *string);
 
-int32_t mz_zip_entry_read(void *pVoid, void *buf, int32_t i);
-
-void *mz_zip_create() {
-    return nullptr;
-}
+void *mz_zip_create();
 
 void minizip_test(int argc, const char **argv) {
     void *zip_handle = mz_zip_create();
     int32_t bytes_read;
-    int32_t err;
     char buf[4096];
-    do {
+    while(true) {
         bytes_read = mz_zip_entry_read(zip_handle, (char *) argv[1], sizeof(buf)); // BAD
-        if (bytes_read < 0) {
-            err = bytes_read;
+        if (bytes_read <= 0) {
+            break;
         }
-        // Do something with buf bytes
-    } while (err == 1 && bytes_read > 0);
-
-
-    const char *entry_path = "c:\\entry.dat";
+    }
 
     void *zip_reader = mz_zip_reader_create();
-
     mz_zip_reader_open_file(zip_reader, argv[1]);
     mz_zip_reader_goto_first_entry(zip_reader);
-    void *entry_stream = mz_stream_os_create();
-    mz_stream_os_open(entry_stream, entry_path, 1);
-    int file_stream;
-    int mz_stream_os_write;
-    mz_zip_reader_entry_save(zip_reader, file_stream, mz_stream_os_write); // BAD
-    // the above sink is same as "mz_zip_reader_entry_save", "mz_zip_reader_entry_read", "mz_zip_reader_entry_save_process",
-    // "mz_zip_reader_entry_save_file", "mz_zip_reader_entry_save_buffer", "mz_zip_reader_save_all" and "mz_zip_entry_read" functions
-    mz_stream_os_close(entry_stream);
-    mz_stream_os_delete(&entry_stream);
-    mz_zip_reader_close(zip_reader);
-    mz_zip_reader_delete(&zip_reader);
-
+    mz_zip_reader_entry_save(zip_reader, 0, 0); // BAD
 
     UnzOpen(argv[3]); // BAD
 }
