C++: Accept test changes.

MathiasVP · MathiasVP · commit 24bdc34f275d · 2026-05-22T13:57:48.000+01:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-134/SAMATE/UncontrolledFormatString.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-134/SAMATE/UncontrolledFormatString.expected
@@ -1,7 +1,11 @@
 edges
+| char_connect_socket_w32_vsnprintf_01_bad.c:40:30:40:33 | *data | char_connect_socket_w32_vsnprintf_01_bad.c:47:32:47:35 | *data | provenance |  |
 | char_connect_socket_w32_vsnprintf_01_bad.c:94:46:94:69 | recv output argument | char_connect_socket_w32_vsnprintf_01_bad.c:100:13:100:60 | ... = ... | provenance |  |
 | char_connect_socket_w32_vsnprintf_01_bad.c:94:46:94:69 | recv output argument | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | *data | provenance |  |
+| char_connect_socket_w32_vsnprintf_01_bad.c:94:46:94:69 | recv output argument | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | *data | provenance |  |
+| char_connect_socket_w32_vsnprintf_01_bad.c:100:13:100:60 | ... = ... | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | *data | provenance |  |
 | char_connect_socket_w32_vsnprintf_01_bad.c:100:13:100:60 | ... = ... | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | *data | provenance |  |
+| char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | *data | char_connect_socket_w32_vsnprintf_01_bad.c:40:30:40:33 | *data | provenance |  |
 | char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | char_console_fprintf_01_bad.c:37:21:37:43 | ... = ... | provenance |  |
 | char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | char_console_fprintf_01_bad.c:44:17:44:37 | ... = ... | provenance |  |
 | char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | char_console_fprintf_01_bad.c:49:21:49:24 | *data | provenance |  |
@@ -10,9 +14,12 @@ edges
 | char_environment_fprintf_01_bad.c:27:30:27:35 | *call to getenv | char_environment_fprintf_01_bad.c:27:30:27:35 | *call to getenv | provenance |  |
 | char_environment_fprintf_01_bad.c:27:30:27:35 | *call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | *data | provenance | TaintFunction |
 nodes
+| char_connect_socket_w32_vsnprintf_01_bad.c:40:30:40:33 | *data | semmle.label | *data |
+| char_connect_socket_w32_vsnprintf_01_bad.c:47:32:47:35 | *data | semmle.label | *data |
 | char_connect_socket_w32_vsnprintf_01_bad.c:94:46:94:69 | recv output argument | semmle.label | recv output argument |
 | char_connect_socket_w32_vsnprintf_01_bad.c:100:13:100:60 | ... = ... | semmle.label | ... = ... |
 | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | *data | semmle.label | *data |
+| char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | *data | semmle.label | *data |
 | char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | semmle.label | fgets output argument |
 | char_console_fprintf_01_bad.c:37:21:37:43 | ... = ... | semmle.label | ... = ... |
 | char_console_fprintf_01_bad.c:44:17:44:37 | ... = ... | semmle.label | ... = ... |
@@ -22,6 +29,7 @@ nodes
 | char_environment_fprintf_01_bad.c:36:21:36:24 | *data | semmle.label | *data |
 subpaths
 #select
+| char_connect_socket_w32_vsnprintf_01_bad.c:47:32:47:35 | *data | char_connect_socket_w32_vsnprintf_01_bad.c:94:46:94:69 | recv output argument | char_connect_socket_w32_vsnprintf_01_bad.c:47:32:47:35 | *data | The value of this argument may come from $@ and is being used as a formatting argument to vsnprintf. | char_connect_socket_w32_vsnprintf_01_bad.c:94:46:94:69 | recv output argument | buffer read by recv |
 | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | *data | char_connect_socket_w32_vsnprintf_01_bad.c:94:46:94:69 | recv output argument | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | *data | The value of this argument may come from $@ and is being used as a formatting argument to badVaSink. | char_connect_socket_w32_vsnprintf_01_bad.c:94:46:94:69 | recv output argument | buffer read by recv |
 | char_console_fprintf_01_bad.c:49:21:49:24 | *data | char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | char_console_fprintf_01_bad.c:49:21:49:24 | *data | The value of this argument may come from $@ and is being used as a formatting argument to fprintf. | char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | string read by fgets |
 | char_environment_fprintf_01_bad.c:36:21:36:24 | *data | char_environment_fprintf_01_bad.c:27:30:27:35 | *call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | *data | The value of this argument may come from $@ and is being used as a formatting argument to fprintf. | char_environment_fprintf_01_bad.c:27:30:27:35 | *call to getenv | an environment variable |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/funcs/funcsLocal.c b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/funcs/funcsLocal.c
@@ -107,22 +107,22 @@ void test() {
 	va_list args = 0;
 	_locale_t locale = 0;
 	fread(fmt, sizeof(char), 1024, f);
-	vprintf(fmt, args); // MISSING: BAD
-	_vprintf_l(fmt, locale, args); // MISSING: BAD
-	vfprintf(f, fmt, args); // MISSING: BAD
-	_vfprintf_l(f, fmt, locale, args); // MISSING: BAD
-	vsnprintf(out, 1024, fmt, args); // MISSING: BAD
-	_vsnprintf(out, 1024, fmt, args); // MISSING: BAD
-	_vsnprintf_l(out, 1024, fmt, locale, args); // MISSING: BAD
-	vsnprintf_s(out, 1024, 1024, fmt, args); // MISSING: BAD
-	_vsnprintf_s(out, 1024, 1024, fmt, args); // MISSING: BAD
-	_vsnprintf_s_l(out, 1024, 1024, fmt, locale, args); // MISSING: BAD
-	vsprintf(out, fmt, args); // MISSING: BAD
-	_vsprintf_l(out, fmt, locale, args); // MISSING: BAD
-	_vsprintf_p(out, 1024, fmt, args); // MISSING: BAD
-	_vsprintf_p_l(out, 1024, fmt, locale, args); // MISSING: BAD
-	vsprintf_s(out, 1024, fmt, args); // MISSING: BAD
-	_vsprintf_s_l(out, 1024, fmt, locale, args); // MISSING: BAD
-	_vscprintf_p(fmt, args); // MISSING: BAD
-	_vscprintf_p_l(fmt, locale, args); // MISSING: BAD
+	vprintf(fmt, args); // BAD
+	_vprintf_l(fmt, locale, args); // BAD
+	vfprintf(f, fmt, args); // BAD
+	_vfprintf_l(f, fmt, locale, args); // BAD
+	vsnprintf(out, 1024, fmt, args); // BAD
+	_vsnprintf(out, 1024, fmt, args); // BAD
+	_vsnprintf_l(out, 1024, fmt, locale, args); // BAD
+	vsnprintf_s(out, 1024, 1024, fmt, args); // BAD
+	_vsnprintf_s(out, 1024, 1024, fmt, args); // BAD
+	_vsnprintf_s_l(out, 1024, 1024, fmt, locale, args); // BAD
+	vsprintf(out, fmt, args); // BAD
+	_vsprintf_l(out, fmt, locale, args); // BAD
+	_vsprintf_p(out, 1024, fmt, args); // BAD
+	_vsprintf_p_l(out, 1024, fmt, locale, args); // BAD
+	vsprintf_s(out, 1024, fmt, args); // BAD
+	_vsprintf_s_l(out, 1024, fmt, locale, args); // BAD
+	_vscprintf_p(fmt, args); // BAD
+	_vscprintf_p_l(fmt, locale, args); // BAD
 }
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/funcs/funcsLocal.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/funcs/funcsLocal.expected
@@ -11,6 +11,24 @@ edges
 | funcsLocal.c:52:2:52:16 | *... = ... | funcsLocal.c:53:9:53:11 | ** ... | provenance |  |
 | funcsLocal.c:52:8:52:11 | *call to gets | funcsLocal.c:52:2:52:16 | *... = ... | provenance |  |
 | funcsLocal.c:57:2:57:14 | ... = ... | funcsLocal.c:58:9:58:10 | *e1 | provenance |  |
+| funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:110:10:110:12 | *fmt | provenance |  |
+| funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:111:13:111:15 | *fmt | provenance |  |
+| funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:112:14:112:16 | *fmt | provenance |  |
+| funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:113:17:113:19 | *fmt | provenance |  |
+| funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:114:23:114:25 | *fmt | provenance |  |
+| funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:115:24:115:26 | *fmt | provenance |  |
+| funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:116:26:116:28 | *fmt | provenance |  |
+| funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:117:31:117:33 | *fmt | provenance |  |
+| funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:118:32:118:34 | *fmt | provenance |  |
+| funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:119:34:119:36 | *fmt | provenance |  |
+| funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:120:16:120:18 | *fmt | provenance |  |
+| funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:121:19:121:21 | *fmt | provenance |  |
+| funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:122:25:122:27 | *fmt | provenance |  |
+| funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:123:27:123:29 | *fmt | provenance |  |
+| funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:124:24:124:26 | *fmt | provenance |  |
+| funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:125:27:125:29 | *fmt | provenance |  |
+| funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:126:15:126:17 | *fmt | provenance |  |
+| funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:127:17:127:19 | *fmt | provenance |  |
 nodes
 | funcsLocal.c:16:8:16:9 | fread output argument | semmle.label | fread output argument |
 | funcsLocal.c:17:9:17:10 | *i1 | semmle.label | *i1 |
@@ -31,6 +49,25 @@ nodes
 | funcsLocal.c:53:9:53:11 | ** ... | semmle.label | ** ... |
 | funcsLocal.c:57:2:57:14 | ... = ... | semmle.label | ... = ... |
 | funcsLocal.c:58:9:58:10 | *e1 | semmle.label | *e1 |
+| funcsLocal.c:109:8:109:10 | fread output argument | semmle.label | fread output argument |
+| funcsLocal.c:110:10:110:12 | *fmt | semmle.label | *fmt |
+| funcsLocal.c:111:13:111:15 | *fmt | semmle.label | *fmt |
+| funcsLocal.c:112:14:112:16 | *fmt | semmle.label | *fmt |
+| funcsLocal.c:113:17:113:19 | *fmt | semmle.label | *fmt |
+| funcsLocal.c:114:23:114:25 | *fmt | semmle.label | *fmt |
+| funcsLocal.c:115:24:115:26 | *fmt | semmle.label | *fmt |
+| funcsLocal.c:116:26:116:28 | *fmt | semmle.label | *fmt |
+| funcsLocal.c:117:31:117:33 | *fmt | semmle.label | *fmt |
+| funcsLocal.c:118:32:118:34 | *fmt | semmle.label | *fmt |
+| funcsLocal.c:119:34:119:36 | *fmt | semmle.label | *fmt |
+| funcsLocal.c:120:16:120:18 | *fmt | semmle.label | *fmt |
+| funcsLocal.c:121:19:121:21 | *fmt | semmle.label | *fmt |
+| funcsLocal.c:122:25:122:27 | *fmt | semmle.label | *fmt |
+| funcsLocal.c:123:27:123:29 | *fmt | semmle.label | *fmt |
+| funcsLocal.c:124:24:124:26 | *fmt | semmle.label | *fmt |
+| funcsLocal.c:125:27:125:29 | *fmt | semmle.label | *fmt |
+| funcsLocal.c:126:15:126:17 | *fmt | semmle.label | *fmt |
+| funcsLocal.c:127:17:127:19 | *fmt | semmle.label | *fmt |
 subpaths
 #select
 | funcsLocal.c:17:9:17:10 | *i1 | funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:17:9:17:10 | *i1 | The value of this argument may come from $@ and is being used as a formatting argument to printf. | funcsLocal.c:16:8:16:9 | fread output argument | string read by fread |
@@ -41,3 +78,21 @@ subpaths
 | funcsLocal.c:47:9:47:11 | ** ... | funcsLocal.c:46:7:46:9 | gets output argument | funcsLocal.c:47:9:47:11 | ** ... | The value of this argument may come from $@ and is being used as a formatting argument to printf. | funcsLocal.c:46:7:46:9 | gets output argument | string read by gets |
 | funcsLocal.c:53:9:53:11 | ** ... | funcsLocal.c:52:8:52:11 | *call to gets | funcsLocal.c:53:9:53:11 | ** ... | The value of this argument may come from $@ and is being used as a formatting argument to printf. | funcsLocal.c:52:8:52:11 | *call to gets | string read by gets |
 | funcsLocal.c:58:9:58:10 | *e1 | funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:58:9:58:10 | *e1 | The value of this argument may come from $@ and is being used as a formatting argument to printf. | funcsLocal.c:16:8:16:9 | fread output argument | string read by fread |
+| funcsLocal.c:110:10:110:12 | *fmt | funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:110:10:110:12 | *fmt | The value of this argument may come from $@ and is being used as a formatting argument to vprintf. | funcsLocal.c:109:8:109:10 | fread output argument | string read by fread |
+| funcsLocal.c:111:13:111:15 | *fmt | funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:111:13:111:15 | *fmt | The value of this argument may come from $@ and is being used as a formatting argument to _vprintf_l. | funcsLocal.c:109:8:109:10 | fread output argument | string read by fread |
+| funcsLocal.c:112:14:112:16 | *fmt | funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:112:14:112:16 | *fmt | The value of this argument may come from $@ and is being used as a formatting argument to vfprintf. | funcsLocal.c:109:8:109:10 | fread output argument | string read by fread |
+| funcsLocal.c:113:17:113:19 | *fmt | funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:113:17:113:19 | *fmt | The value of this argument may come from $@ and is being used as a formatting argument to _vfprintf_l. | funcsLocal.c:109:8:109:10 | fread output argument | string read by fread |
+| funcsLocal.c:114:23:114:25 | *fmt | funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:114:23:114:25 | *fmt | The value of this argument may come from $@ and is being used as a formatting argument to vsnprintf. | funcsLocal.c:109:8:109:10 | fread output argument | string read by fread |
+| funcsLocal.c:115:24:115:26 | *fmt | funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:115:24:115:26 | *fmt | The value of this argument may come from $@ and is being used as a formatting argument to _vsnprintf. | funcsLocal.c:109:8:109:10 | fread output argument | string read by fread |
+| funcsLocal.c:116:26:116:28 | *fmt | funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:116:26:116:28 | *fmt | The value of this argument may come from $@ and is being used as a formatting argument to _vsnprintf_l. | funcsLocal.c:109:8:109:10 | fread output argument | string read by fread |
+| funcsLocal.c:117:31:117:33 | *fmt | funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:117:31:117:33 | *fmt | The value of this argument may come from $@ and is being used as a formatting argument to vsnprintf_s. | funcsLocal.c:109:8:109:10 | fread output argument | string read by fread |
+| funcsLocal.c:118:32:118:34 | *fmt | funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:118:32:118:34 | *fmt | The value of this argument may come from $@ and is being used as a formatting argument to _vsnprintf_s. | funcsLocal.c:109:8:109:10 | fread output argument | string read by fread |
+| funcsLocal.c:119:34:119:36 | *fmt | funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:119:34:119:36 | *fmt | The value of this argument may come from $@ and is being used as a formatting argument to _vsnprintf_s_l. | funcsLocal.c:109:8:109:10 | fread output argument | string read by fread |
+| funcsLocal.c:120:16:120:18 | *fmt | funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:120:16:120:18 | *fmt | The value of this argument may come from $@ and is being used as a formatting argument to vsprintf. | funcsLocal.c:109:8:109:10 | fread output argument | string read by fread |
+| funcsLocal.c:121:19:121:21 | *fmt | funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:121:19:121:21 | *fmt | The value of this argument may come from $@ and is being used as a formatting argument to _vsprintf_l. | funcsLocal.c:109:8:109:10 | fread output argument | string read by fread |
+| funcsLocal.c:122:25:122:27 | *fmt | funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:122:25:122:27 | *fmt | The value of this argument may come from $@ and is being used as a formatting argument to _vsprintf_p. | funcsLocal.c:109:8:109:10 | fread output argument | string read by fread |
+| funcsLocal.c:123:27:123:29 | *fmt | funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:123:27:123:29 | *fmt | The value of this argument may come from $@ and is being used as a formatting argument to _vsprintf_p_l. | funcsLocal.c:109:8:109:10 | fread output argument | string read by fread |
+| funcsLocal.c:124:24:124:26 | *fmt | funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:124:24:124:26 | *fmt | The value of this argument may come from $@ and is being used as a formatting argument to vsprintf_s. | funcsLocal.c:109:8:109:10 | fread output argument | string read by fread |
+| funcsLocal.c:125:27:125:29 | *fmt | funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:125:27:125:29 | *fmt | The value of this argument may come from $@ and is being used as a formatting argument to _vsprintf_s_l. | funcsLocal.c:109:8:109:10 | fread output argument | string read by fread |
+| funcsLocal.c:126:15:126:17 | *fmt | funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:126:15:126:17 | *fmt | The value of this argument may come from $@ and is being used as a formatting argument to _vscprintf_p. | funcsLocal.c:109:8:109:10 | fread output argument | string read by fread |
+| funcsLocal.c:127:17:127:19 | *fmt | funcsLocal.c:109:8:109:10 | fread output argument | funcsLocal.c:127:17:127:19 | *fmt | The value of this argument may come from $@ and is being used as a formatting argument to _vscprintf_p_l. | funcsLocal.c:109:8:109:10 | fread output argument | string read by fread |
