C++: Add test cases.

geoffw0 · geoffw0 · commit 2acbdecfdb3e · 2020-04-16T11:11:58.000+01:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ComparisonWithWiderType/ComparisonWithWiderType.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ComparisonWithWiderType/ComparisonWithWiderType.expected
@@ -2,3 +2,17 @@
 | test.c:9:14:9:18 | ... > ... | Comparison between $@ of type char and $@ of wider type int. | test.c:8:7:8:7 | c | c | test.c:7:17:7:17 | x | x |
 | test.c:14:14:14:18 | ... < ... | Comparison between $@ of type short and $@ of wider type int. | test.c:13:8:13:8 | s | s | test.c:12:17:12:17 | x | x |
 | test.c:65:14:65:18 | ... < ... | Comparison between $@ of type short and $@ of wider type int. | test.c:64:8:64:8 | s | s | test.c:63:17:63:17 | x | x |
+| test.c:87:14:87:18 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:83:16:83:16 | c | c | test.c:84:15:84:15 | x | x |
+| test.c:91:14:91:23 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type int. | test.c:83:16:83:16 | c | c | test.c:91:18:91:23 | 65280 | 65280 |
+| test.c:93:14:93:25 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type int. | test.c:83:16:83:16 | c | c | test.c:93:18:93:25 | 16711680 | 16711680 |
+| test.c:95:14:95:27 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:83:16:83:16 | c | c | test.c:95:18:95:27 | 4278190080 | 4278190080 |
+| test.c:97:14:97:27 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:83:16:83:16 | c | c | test.c:97:19:97:26 | ... & ... | ... & ... |
+| test.c:99:14:99:29 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:83:16:83:16 | c | c | test.c:99:19:99:28 | ... & ... | ... & ... |
+| test.c:101:14:101:31 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:83:16:83:16 | c | c | test.c:101:19:101:30 | ... & ... | ... & ... |
+| test.c:103:14:103:33 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:83:16:83:16 | c | c | test.c:103:19:103:32 | ... & ... | ... & ... |
+| test.c:105:14:105:25 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:83:16:83:16 | c | c | test.c:105:19:105:24 | ... >> ... | ... >> ... |
+| test.c:107:14:107:26 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:83:16:83:16 | c | c | test.c:107:19:107:25 | ... >> ... | ... >> ... |
+| test.c:109:14:109:26 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:83:16:83:16 | c | c | test.c:109:19:109:25 | ... >> ... | ... >> ... |
+| test.c:111:14:111:36 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:83:16:83:16 | c | c | test.c:111:19:111:35 | ... >> ... | ... >> ... |
+| test.c:113:14:113:39 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:83:16:83:16 | c | c | test.c:113:19:113:38 | ... >> ... | ... >> ... |
+| test.c:115:14:115:41 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:83:16:83:16 | c | c | test.c:115:19:115:40 | ... >> ... | ... >> ... |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ComparisonWithWiderType/test.c b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ComparisonWithWiderType/test.c
@@ -75,4 +75,42 @@ extern const int const256;
 void test11() {
 	short s;
 	for(s = 0; s < const256; ++s) {}
-}
+}
+
+unsigned int get_a_uint();
+
+void test12() {
+	unsigned char c;
+	unsigned int x;
+
+	x = get_a_uint();
+	for (c = 0; c < x; c++) {} // BAD
+	x = get_a_uint();
+	for (c = 0; c < 0xFF; c++) {} // GOOD
+	x = get_a_uint();
+	for (c = 0; c < 0xFF00; c++) {} // BAD
+	x = get_a_uint();
+	for (c = 0; c < 0xFF0000; c++) {} // BAD
+	x = get_a_uint();
+	for (c = 0; c < 0xFF000000; c++) {} // BAD
+	x = get_a_uint();
+	for (c = 0; c < (x & 0xFF); c++) {} // GOOD [FALSE POSITIVE]
+	x = get_a_uint();
+	for (c = 0; c < (x & 0xFF00); c++) {} // BAD
+	x = get_a_uint();
+	for (c = 0; c < (x & 0xFF0000); c++) {} // BAD
+	x = get_a_uint();
+	for (c = 0; c < (x & 0xFF000000); c++) {} // BAD
+	x = get_a_uint();
+	for (c = 0; c < (x >> 8); c++) {} // BAD
+	x = get_a_uint();
+	for (c = 0; c < (x >> 16); c++) {} // BAD
+	x = get_a_uint();
+	for (c = 0; c < (x >> 24); c++) {} // GOOD (assuming 32-bit ints) [FALSE POSITIVE]
+	x = get_a_uint();
+	for (c = 0; c < ((x & 0xFF00) >> 8); c++) {} // GOOD [FALSE POSITIVE]
+	x = get_a_uint();
+	for (c = 0; c < ((x & 0xFF0000) >> 16); c++) {} // GOOD [FALSE POSITIVE]
+	x = get_a_uint();
+	for (c = 0; c < ((x & 0xFF000000) >> 24); c++) {} // GOOD [FALSE POSITIVE]
+}
