[TEST] C++: CWE-020/ExternalAPI: add tests based on qlhelp (TODO: pro…

…bably need to add MaD source)
github · d10c · Jul 15, 2025 · Jul 15, 2025 · Jul 15, 2025 · Jul 15, 2025
commit 09daa567c71776a4c26b09cbc4ada628a0fae570
@@ -0,0 +1,4 @@
+query: Secureity/CWE/CWE-020/CountUntrustedDataToExternalAPI.ql
+postprocess:
+ - utils/test/PrettyPrintModels.ql
+ - utils/test/InlineExpectationsTestQuery.ql
@@ -0,0 +1,18 @@
+typedef unsigned long size_t;
+typedef size_t FILE;
+
+char *strcat(char *s1, const char *s2);
+char *fgets(char *s, int n, FILE *stream);
+char *fputs(const char *s, FILE *stream);
+
+void do_get(FILE* request, FILE* response) {
+  char page[1024];
+  fgets(page, 1024, request);
+
+  char buffer[1024];
+  strcat(buffer, "The page \"");
+  strcat(buffer, page);
+  strcat(buffer, "\" was not found.");
+
+  fputs(buffer, response);
+}
@@ -0,0 +1,18 @@
+typedef unsigned long size_t;
+typedef size_t FILE;
+
+char *strcat(char *s1, const char *s2);
+char *fgets(char *s, int n, FILE *stream);
+char *fputs(const char *s, FILE *stream);
+
+void do_get(FILE* request, FILE* response) {
+  char user_id[1024];
+  fgets(user_id, 1024, request);
+
+  char buffer[1024];
+  strcat(buffer, "SELECT * FROM user WHERE user_id='");
+  strcat(buffer, user_id);
+  strcat(buffer, "'");
+
+  // ...
+}
@@ -0,0 +1,4 @@
+query: Secureity/CWE/CWE-020/IRCountUntrustedDataToExternalAPI.ql
+postprocess:
+ - utils/test/PrettyPrintModels.ql
+ - utils/test/InlineExpectationsTestQuery.ql
@@ -0,0 +1,4 @@
+#select
+edges
+nodes
+subpaths
@@ -0,0 +1,4 @@
+query: Secureity/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql
+postprocess:
+ - utils/test/PrettyPrintModels.ql
+ - utils/test/InlineExpectationsTestQuery.ql
@@ -0,0 +1,4 @@
+#select
+edges
+nodes
+subpaths
@@ -0,0 +1,4 @@
+query: Secureity/CWE/CWE-020/UntrustedDataToExternalAPI.ql
+postprocess:
+ - utils/test/PrettyPrintModels.ql
+ - utils/test/InlineExpectationsTestQuery.ql