C++: Fix test annotations. Also exclude static locals from the query and add a testcase for this.

Author: MathiasVP

cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql

@@ -32,7 +32,8 @@ where
   forall(Expr escape | variableAddressEscapesTree(v.getAnAccess(), escape) |
     call.getArgument(0) = escape.getUnconverted()
   ) and
-  // `v` is a stack-allocated array or a struct.
+  // `v` is a stack-allocated array or a struct, and `v` is not static.
+  not v.isStatic() and
   (
     v.getUnspecifiedType() instanceof ArrayType and call.getArgument(0) = v.getAnAccess()
     or

cpp/ql/test/query-tests/Security/CWE/CWE-014/test.c

@@ -59,9 +59,9 @@ int func1d() {
 	memset(pw1d, 0, PW_SIZE); // GOOD
 	return 0;
 }
-// x86-64 gcc 9.2: not deleted
-// x86-64 clang 9.0.0: not deleted
-// x64 msvc v19.14 (WINE): not deleted
+// x86-64 gcc 9.2: deleted
+// x86-64 clang 9.0.0: deleted
+// x64 msvc v19.14 (WINE): deleted
 char *func2(void) {  
 	char pw2[PW_SIZE];
 	use_pw(pw2);
@@ -129,9 +129,9 @@ int func8(void) {
 	return pw1a[4];
 }
 
-// x86-64 gcc 9.2: not deleted
-// x86-64 clang 9.0.0: not deleted
-// x64 msvc v19.14 (WINE): not deleted
+// x86-64 gcc 9.2: deleted
+// x86-64 clang 9.0.0: deleted
+// x64 msvc v19.14 (WINE): deleted
 char *func9(void) {
 	char pw1[PW_SIZE];
 	use_pw(pw1);

cpp/ql/test/query-tests/Security/CWE/CWE-014/test.cpp

@@ -277,7 +277,7 @@ bool nobadFunc2_1_0(unsigned char ch){
 
 void nobadFunc2_1_2(){
 	unsigned char buff1[PW_SIZE];
-	memset(buff1, 0, PW_SIZE); // GOOD
+	memset(buff1, 0, PW_SIZE); // BAD [NOT DETECTED]
 	buff1[2] = 5;
 }
 
@@ -364,3 +364,11 @@ void nobadFunc4_6(){
 	unsigned char * buff1 = globalBuff2->buff2;
 	memset(buff1, 0, PW_SIZE); // GOOD
 }
+
+extern void use_byte(unsigned char);
+
+void test_static_func() {
+	static unsigned char buffer[PW_SIZE] = {0};
+	use_byte(buffer[0]);
+	memset(buffer, 42, sizeof(buffer)); // GOOD
+}