Use inline expectations for query test

owen-mc · owen-mc · commit de4fe6d25cb6 · 2026-03-26T15:27:17.000Z
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.qlref b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.qlref
@@ -1,2 +1,4 @@
 query: Security/CWE/CWE-497/ExposedSystemData.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+ - utils/test/PrettyPrintModels.ql
+ - utils/test/InlineExpectationsTestQuery.ql
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/tests2.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/tests2.cpp
@@ -47,23 +47,23 @@ int val();
 
 // --- test cases ---
 
-const char *global1 = mysql_get_client_info();
+const char *global1 = mysql_get_client_info(); // $ Source
 const char *global2 = "abc";
 
 void test7()
 {
 	int sock = socket(val(), val(), val());
 
 	// tests for a strict implementation of CWE-497
-	std::cout << getenv("HOME"); // BAD: outputs HOME environment variable [NOT DETECTED]
-	std::cout << "PATH = " << getenv("PATH") << "."; // BAD: outputs PATH environment variable [NOT DETECTED]
+	std::cout << getenv("HOME");  // $ MISSING: Alert // outputs HOME environment variable
+	std::cout << "PATH = " << getenv("PATH") << "."; // $ MISSING: Alert // outputs PATH environment variable
 	std::cout << "PATHPATHPATH"; // GOOD: not system data
 
 	// tests for a more pragmatic implementation of CWE-497
-	send(sock, getenv("HOME"), val(), val()); // BAD
-	send(sock, getenv("PATH"), val(), val()); // BAD
-	send(sock, getenv("USERNAME"), val(), val()); // BAD
-	send(sock, getenv("APP_PASSWORD"), val(), val()); // BAD
+	send(sock, getenv("HOME"), val(), val()); // $ Alert
+	send(sock, getenv("PATH"), val(), val()); // $ Alert
+	send(sock, getenv("USERNAME"), val(), val()); // $ Alert
+	send(sock, getenv("APP_PASSWORD"), val(), val()); // $ Alert
 	send(sock, getenv("HARMLESS"), val(), val()); // GOOD: harmless information
 	send(sock, "HOME", val(), val()); // GOOD: not system data
 	send(sock, "PATH", val(), val()); // GOOD: not system data
@@ -75,11 +75,11 @@ void test7()
 	{
 		char buffer[256];
 
-		strcpy(buffer, mysql_get_client_info());
+		strcpy(buffer, mysql_get_client_info()); // $ Source
 
-		send(sock, mysql_get_client_info(), val(), val()); // BAD
-		send(sock, buffer, val(), val()); // BAD
-		send(sock, global1, val(), val()); // BAD
+		send(sock, mysql_get_client_info(), val(), val()); // $ Alert
+		send(sock, buffer, val(), val()); // $ Alert
+		send(sock, global1, val(), val()); // $ Alert
 		send(sock, global2, val(), val()); // GOOD: not system data
 	}
 
@@ -88,27 +88,27 @@ void test7()
 		const char *str1 = "123456";
 		const char *str2 = "abcdef";
 
-		mysql_real_connect(sock, val(), val(), str1, val(), val(), val(), val());
+		mysql_real_connect(sock, val(), val(), str1, val(), val(), val(), val()); // $ Source
 
-		send(sock, str1, val(), val()); // BAD
+		send(sock, str1, val(), val()); // $ Alert
 		send(sock, str2, val(), val()); // GOOD: not system data
 	}
 
 	// tests for `getpwuid`
 	{
 		passwd *pw;
 
-		pw = getpwuid(val());
-		send(sock, pw->pw_passwd, val(), val()); // BAD
+		pw = getpwuid(val()); // $ Source
+		send(sock, pw->pw_passwd, val(), val()); // $ Alert
 	}
 
 	// tests for containers
 	{
 		container c1, c2;
 
-		c1.ptr = getenv("MY_SECRET_TOKEN");
+		c1.ptr = getenv("MY_SECRET_TOKEN"); // $ Source
 		c2.ptr = "";
-		send(sock, c1.ptr, val(), val()); // BAD
+		send(sock, c1.ptr, val(), val()); // $ Alert
 		send(sock, c2.ptr, val(), val()); // GOOD: not system data
 	}
 }
@@ -131,31 +131,31 @@ void test_zmq(void *remoteSocket)
 	size_t message_len;
 
 	// prepare data
-	message_data = getenv("HOME");
+	message_data = getenv("HOME"); // $ Source
 	message_len = strlen(message_data) + 1;
 
 	// send as data
-	if (zmq_send(socket, message_data, message_len, 0) >= 0) { // BAD: outputs HOME environment variable
+	if (zmq_send(socket, message_data, message_len, 0) >= 0) { // $ Alert: outputs HOME environment variable
 		// ...
 	}
 
 	// send as message
 	if (zmq_msg_init_data(&message, message_data, message_len, 0, 0)) {
-		if (zmq_sendmsg(remoteSocket, &message, message_len)) { // BAD: outputs HOME environment variable
+		if (zmq_sendmsg(remoteSocket, &message, message_len)) { // $ Alert: outputs HOME environment variable
 			// ...
 		}
-		if (zmq_msg_send(&message, remoteSocket, message_len)) { // BAD: outputs HOME environment variable
+		if (zmq_msg_send(&message, remoteSocket, message_len)) { // $ Alert: outputs HOME environment variable
 			// ...
 		}
 	}
 
 	// send as message (alternative path)
 	if (zmq_msg_init_size(&message, message_len) == 0) {
 		memcpy(zmq_msg_data(&message), message_data, message_len);
-		if (zmq_sendmsg(remoteSocket,&message, message_len)) { // BAD: outputs HOME environment variable
+		if (zmq_sendmsg(remoteSocket,&message, message_len)) { // $ Alert: outputs HOME environment variable
 			// ...
 		}
-		if (zmq_msg_send(&message, remoteSocket, message_len)) { // BAD: outputs HOME environment variable
+		if (zmq_msg_send(&message, remoteSocket, message_len)) { // $ Alert: outputs HOME environment variable
 			// ...
 		}
 	}
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/tests_sockets.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/tests_sockets.cpp
@@ -23,7 +23,7 @@ void test_sockets1()
 	int sockfd;
 	sockaddr addr_remote;
 	char *msg = "Hello, world!";
-	char *path = getenv("PATH");
+	char *path = getenv("PATH"); // $ Source
 
 	// create socket
 	sockfd = socket(AF_INET, SOCK_STREAM, 0);
@@ -36,11 +36,11 @@ void test_sockets1()
 
 	// send something using 'send'
 	if (send(sockfd, msg, strlen(msg) + 1, 0) < 0) return; // GOOD
-	if (send(sockfd, path, strlen(path) + 1, 0) < 0) return; // BAD
-	
+	if (send(sockfd, path, strlen(path) + 1, 0) < 0) return; // $ Alert
+
 	// send something using 'write'
 	if (write(sockfd, msg, strlen(msg) + 1) < 0) return; // GOOD
-	if (write(sockfd, path, strlen(path) + 1) < 0) return; // BAD
+	if (write(sockfd, path, strlen(path) + 1) < 0) return; // $ Alert
 
 	// clean up
 	// ...
@@ -49,9 +49,9 @@ void test_sockets1()
 int mksocket()
 {
 	int fd;
-	
+
 	fd = socket(AF_INET, SOCK_STREAM, 0);
-	
+
 	return fd;
 }
 
@@ -60,7 +60,7 @@ void test_sockets2()
 	int sockfd;
 	sockaddr addr_remote;
 	char *msg = "Hello, world!";
-	char *path = getenv("PATH");
+	char *path = getenv("PATH"); // $ Source
 
 	// create socket
 	sockfd = mksocket();
@@ -73,11 +73,11 @@ void test_sockets2()
 
 	// send something using 'send'
 	if (send(sockfd, msg, strlen(msg) + 1, 0) < 0) return; // GOOD
-	if (send(sockfd, path, strlen(path) + 1, 0) < 0) return; // BAD
-	
+	if (send(sockfd, path, strlen(path) + 1, 0) < 0) return; // $ Alert
+
 	// send something using 'write'
 	if (write(sockfd, msg, strlen(msg) + 1) < 0) return; // GOOD
-	if (write(sockfd, path, strlen(path) + 1) < 0) return; // BAD
+	if (write(sockfd, path, strlen(path) + 1) < 0) return; // $ Alert
 
 	// clean up
 	// ...
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/tests_sysconf.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/tests_sysconf.cpp
@@ -21,7 +21,7 @@ void test_sc_1()
 	int value = sysconf(_SC_CHILD_MAX);
 
 	printf("_SC_CHILD_MAX = %i\n", _SC_CHILD_MAX); // GOOD
-	printf("_SC_CHILD_MAX = %i\n", value); // BAD [NOT DETECTED]
+	printf("_SC_CHILD_MAX = %i\n", value); // $ MISSING: Alert
 }
 
 void test_sc_2()
@@ -33,9 +33,9 @@ void test_sc_2()
 	pathbuf = (char *)malloc(n);
 	if (pathbuf != NULL)
 	{
-		confstr(_CS_PATH, pathbuf, n);
+		confstr(_CS_PATH, pathbuf, n); // $ Source
 
-		printf("path: %s", pathbuf); // BAD [NOT DETECTED]
-		write(get_fd(), pathbuf, strlen(pathbuf)); // BAD
+		printf("path: %s", pathbuf); // $ MISSING: Alert
+		write(get_fd(), pathbuf, strlen(pathbuf)); // $ Alert
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ void test_sc_1()`
`21`	`21`	`int value = sysconf(_SC_CHILD_MAX);`
`22`	`22`
`23`	`23`	`printf("_SC_CHILD_MAX = %i\n", _SC_CHILD_MAX); // GOOD`
`24`		`- printf("_SC_CHILD_MAX = %i\n", value); // BAD [NOT DETECTED]`
	`24`	`+ printf("_SC_CHILD_MAX = %i\n", value); // $ MISSING: Alert`
`25`	`25`	`}`
`26`	`26`
`27`	`27`	`void test_sc_2()`
`@@ -33,9 +33,9 @@ void test_sc_2()`
`33`	`33`	`pathbuf = (char *)malloc(n);`
`34`	`34`	`if (pathbuf != NULL)`
`35`	`35`	`{`
`36`		`- confstr(_CS_PATH, pathbuf, n);`
	`36`	`+ confstr(_CS_PATH, pathbuf, n); // $ Source`
`37`	`37`
`38`		`- printf("path: %s", pathbuf); // BAD [NOT DETECTED]`
`39`		`- write(get_fd(), pathbuf, strlen(pathbuf)); // BAD`
	`38`	`+ printf("path: %s", pathbuf); // $ MISSING: Alert`
	`39`	`+ write(get_fd(), pathbuf, strlen(pathbuf)); // $ Alert`
`40`	`40`	`}`
`41`	`41`	`}`