C++: Test for StmtExpr data flow

jbj · jbj · commit a2de057c26eb · 2019-03-05T14:34:19.000+01:00
diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp
@@ -491,3 +491,20 @@ void intArraySourceCaller2() {
   sink(local); // tainted
   sink(*local); // clean
 }
+
+///////////////////////////////////////////////////////////////////////////////
+
+void throughStmtExpr(int source1, int clean1) {
+  sink( ({ source1; }) ); // tainted (FALSE NEGATIVE)
+  sink( ({ clean1; }) ); // clean
+
+  int local = ({
+    int tmp;
+    if (clean1)
+      tmp = source1;
+    else
+      tmp = clean1;
+    tmp;
+  });
+  sink(local); // tainted (FALSE NEGATIVE)
+}
