C++: Add a couple more test cases that have been discussed.

Author: geoffw0

cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected

@@ -1020,6 +1020,8 @@
 | string.cpp:393:28:393:32 | call to begin | string.cpp:405:8:405:9 | i2 |  |
 | string.cpp:393:28:393:32 | call to begin | string.cpp:408:8:408:9 | i2 |  |
 | string.cpp:393:28:393:32 | call to begin | string.cpp:410:8:410:9 | i2 |  |
+| string.cpp:393:28:393:32 | call to begin | string.cpp:417:9:417:10 | i2 |  |
+| string.cpp:393:28:393:32 | call to begin | string.cpp:420:9:420:10 | i2 |  |
 | string.cpp:396:10:396:11 | i2 | string.cpp:396:12:396:12 | call to operator+ | TAINT |
 | string.cpp:396:10:396:11 | ref arg i2 | string.cpp:397:10:397:11 | i2 |  |
 | string.cpp:396:10:396:11 | ref arg i2 | string.cpp:398:8:398:9 | i2 |  |
@@ -1028,6 +1030,8 @@
 | string.cpp:396:10:396:11 | ref arg i2 | string.cpp:405:8:405:9 | i2 |  |
 | string.cpp:396:10:396:11 | ref arg i2 | string.cpp:408:8:408:9 | i2 |  |
 | string.cpp:396:10:396:11 | ref arg i2 | string.cpp:410:8:410:9 | i2 |  |
+| string.cpp:396:10:396:11 | ref arg i2 | string.cpp:417:9:417:10 | i2 |  |
+| string.cpp:396:10:396:11 | ref arg i2 | string.cpp:420:9:420:10 | i2 |  |
 | string.cpp:396:12:396:12 | call to operator+ | string.cpp:396:8:396:8 | call to operator* | TAINT |
 | string.cpp:397:10:397:11 | i2 | string.cpp:397:12:397:12 | call to operator- | TAINT |
 | string.cpp:397:10:397:11 | ref arg i2 | string.cpp:398:8:398:9 | i2 |  |
@@ -1036,6 +1040,8 @@
 | string.cpp:397:10:397:11 | ref arg i2 | string.cpp:405:8:405:9 | i2 |  |
 | string.cpp:397:10:397:11 | ref arg i2 | string.cpp:408:8:408:9 | i2 |  |
 | string.cpp:397:10:397:11 | ref arg i2 | string.cpp:410:8:410:9 | i2 |  |
+| string.cpp:397:10:397:11 | ref arg i2 | string.cpp:417:9:417:10 | i2 |  |
+| string.cpp:397:10:397:11 | ref arg i2 | string.cpp:420:9:420:10 | i2 |  |
 | string.cpp:397:12:397:12 | call to operator- | string.cpp:397:8:397:8 | call to operator* | TAINT |
 | string.cpp:398:8:398:9 | i2 | string.cpp:398:3:398:9 | ... = ... |  |
 | string.cpp:398:8:398:9 | i2 | string.cpp:399:12:399:13 | i3 |  |
@@ -1074,6 +1080,20 @@
 | string.cpp:414:5:414:6 | i9 | string.cpp:414:3:414:3 | call to operator-- |  |
 | string.cpp:414:5:414:6 | ref arg i9 | string.cpp:415:9:415:10 | i9 |  |
 | string.cpp:415:9:415:10 | i9 | string.cpp:415:8:415:8 | call to operator* | TAINT |
+| string.cpp:417:9:417:10 | i2 | string.cpp:417:3:417:10 | ... = ... |  |
+| string.cpp:417:9:417:10 | i2 | string.cpp:418:10:418:12 | i10 |  |
+| string.cpp:417:9:417:10 | i2 | string.cpp:419:8:419:10 | i10 |  |
+| string.cpp:418:10:418:12 | i10 | string.cpp:418:13:418:13 | call to operator++ |  |
+| string.cpp:418:10:418:12 | ref arg i10 | string.cpp:419:8:419:10 | i10 |  |
+| string.cpp:418:13:418:13 | call to operator++ | string.cpp:418:8:418:8 | call to operator* | TAINT |
+| string.cpp:419:8:419:10 | i10 | string.cpp:419:8:419:10 | call to iterator |  |
+| string.cpp:420:9:420:10 | i2 | string.cpp:420:3:420:10 | ... = ... |  |
+| string.cpp:420:9:420:10 | i2 | string.cpp:421:10:421:12 | i11 |  |
+| string.cpp:420:9:420:10 | i2 | string.cpp:422:8:422:10 | i11 |  |
+| string.cpp:421:10:421:12 | i11 | string.cpp:421:13:421:13 | call to operator-- |  |
+| string.cpp:421:10:421:12 | ref arg i11 | string.cpp:422:8:422:10 | i11 |  |
+| string.cpp:421:13:421:13 | call to operator-- | string.cpp:421:8:421:8 | call to operator* | TAINT |
+| string.cpp:422:8:422:10 | i11 | string.cpp:422:8:422:10 | call to iterator |  |
 | string.cpp:428:17:428:20 | aa | string.cpp:428:17:428:21 | call to basic_string | TAINT |
 | string.cpp:428:17:428:21 | call to basic_string | string.cpp:433:7:433:8 | s1 |  |
 | string.cpp:428:17:428:21 | call to basic_string | string.cpp:434:7:434:8 | s1 |  |

cpp/ql/test/library-tests/dataflow/taint-tests/string.cpp

@@ -391,7 +391,7 @@ void test_string_iterators() {
 		string::iterator i1 = s1.begin();
 
 		string::iterator i2 = s2.begin();
-		string::iterator i3, i4, i5, i6, i7, i8, i9;
+		string::iterator i3, i4, i5, i6, i7, i8, i9, i10, i11;
 
 		sink(*(i2+1)); //tainted
 		sink(*(i2-1)); // tainted
@@ -414,12 +414,12 @@ void test_string_iterators() {
 		--i9;
 		sink(*i9); // tainted
 
-
-
-
-
-
-
+		i10 = i2;
+		sink(*(i10++)); // tainted
+		sink(i10); // tainted
+		i11 = i2;
+		sink(*(i11--)); // tainted
+		sink(i11); // tainted
 	}
 }
 

cpp/ql/test/library-tests/dataflow/taint-tests/taint.expected

@@ -133,6 +133,10 @@
 | string.cpp:409:8:409:8 | call to operator* | string.cpp:389:18:389:23 | call to source |
 | string.cpp:411:8:411:8 | call to operator* | string.cpp:389:18:389:23 | call to source |
 | string.cpp:415:8:415:8 | call to operator* | string.cpp:389:18:389:23 | call to source |
+| string.cpp:418:8:418:8 | call to operator* | string.cpp:389:18:389:23 | call to source |
+| string.cpp:419:8:419:10 | call to iterator | string.cpp:389:18:389:23 | call to source |
+| string.cpp:421:8:421:8 | call to operator* | string.cpp:389:18:389:23 | call to source |
+| string.cpp:422:8:422:10 | call to iterator | string.cpp:389:18:389:23 | call to source |
 | string.cpp:436:10:436:15 | call to insert | string.cpp:431:14:431:19 | call to source |
 | string.cpp:437:7:437:8 | s2 | string.cpp:431:14:431:19 | call to source |
 | string.cpp:449:10:449:15 | call to insert | string.cpp:449:32:449:46 | call to source |

cpp/ql/test/library-tests/dataflow/taint-tests/test_diff.expected

@@ -60,6 +60,10 @@
 | string.cpp:409:8:409:8 | string.cpp:389:18:389:23 | AST only |
 | string.cpp:411:8:411:8 | string.cpp:389:18:389:23 | AST only |
 | string.cpp:415:8:415:11 | string.cpp:389:18:389:23 | IR only |
+| string.cpp:418:8:418:8 | string.cpp:389:18:389:23 | AST only |
+| string.cpp:419:8:419:10 | string.cpp:389:18:389:23 | AST only |
+| string.cpp:421:8:421:8 | string.cpp:389:18:389:23 | AST only |
+| string.cpp:422:8:422:10 | string.cpp:389:18:389:23 | AST only |
 | string.cpp:436:10:436:15 | string.cpp:431:14:431:19 | AST only |
 | string.cpp:449:10:449:15 | string.cpp:449:32:449:46 | AST only |
 | string.cpp:462:10:462:15 | string.cpp:457:18:457:23 | AST only |