C++: Add test cases.

geoffw0 · geoffw0 · commit 8198b96eb217 · 2020-10-20T15:33:57.000+01:00
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.expected b/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.expected
@@ -18,3 +18,4 @@
 | test.cpp:87:12:87:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | test.cpp:92:12:92:18 | ++ ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | test.cpp:109:12:109:24 | new[] | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| test.cpp:129:20:129:26 | access to array | The format string argument to sprintf should be constant to prevent security issues and other potential errors. |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/test.cpp
@@ -2,7 +2,7 @@ extern "C" int printf(const char *fmt, ...);
 extern "C" int sprintf(char *buf, const char *fmt, ...);
 extern "C" char *gettext (const char *);
 
-
+#define MYSPRINTF sprintf
 
 bool gettext_debug = false;
 
@@ -122,12 +122,12 @@ int main(int argc, char **argv) {
   //
   printf(const_wash("Hello, World\n")); // GOOD
 
+  {
+	char buffer[1024];
 
-
-
-
-
-
+	MYSPRINTF(buffer, "constant"); // GOOD
+	MYSPRINTF(buffer, argv[0]); // BAD
+  }
 }
 
 const char *simple_func(const char *str) {
