[CPP-370] Fix up // GOOD and // BAD test annotations so that they're consistent.

zlaski-semmle · zlaski-semmle · commit 88a39d94544a · 2019-06-12T12:56:11.000-07:00
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.c b/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.c
@@ -27,23 +27,23 @@ extern char *any_random_function(const char *);
 
 int main(int argc, char **argv) {
 	if(argc > 1)
-		printf(argv[1]);                   // not ok
+		printf(argv[1]);                   // BAD
 	else
-		printf("No argument supplied.\n"); // ok
+		printf("No argument supplied.\n"); // GOOD
 
-	printf(_("No argument supplied.\n")); // ok
+	printf(_("No argument supplied.\n")); // GOOD
 
-	printf(dgettext(NULL, "No argument supplied.\n")); // ok
+	printf(dgettext(NULL, "No argument supplied.\n")); // GOOD
 
-	printf(ngettext("One argument\n", "%d arguments\n", argc-1), argc-1); // ok
+	printf(ngettext("One argument\n", "%d arguments\n", argc-1), argc-1); // GOOD
 
-	printf(gettext("%d arguments\n"), argc-1); // ok
-	printf(any_random_function("%d arguments\n"), argc-1); // not ok
+	printf(gettext("%d arguments\n"), argc-1); // GOOD
+	printf(any_random_function("%d arguments\n"), argc-1); // BAD
 
 	// Even though `_` is mapped to `some_random_function` above,
 	// the following call should not  be flagged.
 	printf(_(any_random_function("%d arguments\n")),
-			argc-1); // ok
+			argc-1); // GOOD
 
 	return 0;
 }
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/nested.cpp b/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/nested.cpp
@@ -18,7 +18,7 @@ extern "C" int snprintf ( char * s, int n, const char * format, ... );
 struct A {
   void do_print(const char *fmt0) {
     char buf[32];
-    snprintf(buf, 32, fmt0); // BAD [FALSE POSITIVE]
+    snprintf(buf, 32, fmt0); // GOOD [FALSE POSITIVE]
   }
 };
 
@@ -39,7 +39,7 @@ struct C {
 
 void foo(void) {
   C c;
-  c.do_some_printing(c.ext_fmt_str()); // GOOD [NOT DETECTED]
+  c.do_some_printing(c.ext_fmt_str()); // BAD [NOT DETECTED]
 }
 
 struct some_class {
@@ -54,7 +54,7 @@ struct debug_ {
         va_list args)
     {
         char str[4096];
-        int length = _vsnprintf_s(str, sizeof(str), 0, fmt, args);
+        int length = _vsnprintf_s(str, sizeof(str), 0, fmt, args); // GOOD
         if (length > 0)
         {
             return 0;
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/test.cpp
@@ -42,83 +42,83 @@ const char *const_wash(char *str) {
 
 int main(int argc, char **argv) {
   const char *message = messages[2];
-  printf(choose_message(argc - 1), argc - 1); // OK
-  printf(messages[1]); // OK
-  printf(message); // OK
-  printf(make_message(argc - 1)); // NOT OK
-  printf("Hello, World\n"); // OK
-  printf(_("Hello, World\n")); // OK
+  printf(choose_message(argc - 1), argc - 1); // GOOD
+  printf(messages[1]); // GOOD
+  printf(message); // GOOD
+  printf(make_message(argc - 1)); // BAD
+  printf("Hello, World\n"); // GOOD
+  printf(_("Hello, World\n")); // GOOD
   {
     char hello[] = "hello, World\n";
     hello[0] = 'H';
-    printf(hello); // NOT OK
-    printf(_(hello)); // OK
-    printf(gettext(hello)); // OK
-    printf(const_wash(hello)); // NOT OK
-    printf((hello + 1) + 1); // NOT OK
-    printf(+hello); // NOT OK
-    printf(*&hello); // NOT OK
-    printf(&*hello); // NOT OK
-    printf((char*)(void*)+(hello+1) + 1); // NOT OK
+    printf(hello); // BAD
+    printf(_(hello)); // GOOD
+    printf(gettext(hello)); // GOOD
+    printf(const_wash(hello)); // BAD
+    printf((hello + 1) + 1); // BAD
+    printf(+hello); // BAD
+    printf(*&hello); // BAD
+    printf(&*hello); // BAD
+    printf((char*)(void*)+(hello+1) + 1); // BAD
   }
-  printf(("Hello, World\n" + 1) + 1); // NOT OK
+  printf(("Hello, World\n" + 1) + 1); // BAD
   {
     const char *hello = "Hello, World\n";
-    printf(hello + 1); // NOT OK
-    printf(hello); // OK
+    printf(hello + 1); // BAD
+    printf(hello); // GOOD
   }
   {
     const char *hello = "Hello, World\n";
     hello += 1;
-    printf(hello); // NOT OK
+    printf(hello); // BAD
   }
   {
     // Same as above block but using "x = x + 1" syntax
     const char *hello = "Hello, World\n";
     hello = hello + 1;
-    printf(hello); // NOT OK
+    printf(hello); // BAD
   }
   {
     // Same as above block but using "x++" syntax
     const char *hello = "Hello, World\n";
     hello++;
-    printf(hello); // NOT OK
+    printf(hello); // BAD
   }
   {
     // Same as above block but using "++x" as subexpression
     const char *hello = "Hello, World\n";
-    printf(++hello); // NOT OK
+    printf(++hello); // BAD
   }
   {
     // Same as above block but through a pointer
     const char *hello = "Hello, World\n";
     const char **p = &hello;
     (*p)++;
-    printf(hello); // NOT OK [NOT DETECTED]
+    printf(hello); // BAD [NOT DETECTED]
   }
   {
     // Same as above block but through a C++ reference
     const char *hello = "Hello, World\n";
     const char *&p = hello;
     p++;
-    printf(hello); // NOT OK [NOT DETECTED]
+    printf(hello); // BAD [NOT DETECTED]
   }
   if (gettext_debug) {
-    printf(new char[100]); // NOT OK
+    printf(new char[100]); // BAD
   }
   {
     const char *hello = "Hello, World\n";
     const char *const *p = &hello; // harmless reference to const pointer
-    printf(hello); // OK
+    printf(hello); // GOOD
     hello++; // modification comes after use and so does no harm
   }
-  printf(argc > 2 ? "More than one\n" : _("Only one\n")); // OK
+  printf(argc > 2 ? "More than one\n" : _("Only one\n")); // GOOD
 
   // This following is OK since a const literal is passed to const_wash()
   // and the taint tracker detects this.
   //
   //
-  printf(const_wash("Hello, World\n")); // OK
+  printf(const_wash("Hello, World\n")); // GOOD
 }
 
 const char *simple_func(const char *str) {
@@ -127,9 +127,9 @@ const char *simple_func(const char *str) {
 
 void another_func(void) {
   const char *message = messages[2];
-  printf(simple_func("Hello, World\n")); // OK
-  printf(messages[1]); // OK
-  printf(message); // OK
-  printf("Hello, World\n"); // OK
-  printf(gettext("Hello, World\n")); // OK
+  printf(simple_func("Hello, World\n")); // GOOD
+  printf(messages[1]); // GOOD
+  printf(message); // GOOD
+  printf("Hello, World\n"); // GOOD
+  printf(gettext("Hello, World\n")); // GOOD
 }

Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@ extern "C" int snprintf ( char * s, int n, const char * format, ... );`
`18`	`18`	`struct A {`
`19`	`19`	`void do_print(const char *fmt0) {`
`20`	`20`	`char buf[32];`
`21`		`- snprintf(buf, 32, fmt0); // BAD [FALSE POSITIVE]`
	`21`	`+ snprintf(buf, 32, fmt0); // GOOD [FALSE POSITIVE]`
`22`	`22`	`}`
`23`	`23`	`};`
`24`	`24`
`@@ -39,7 +39,7 @@ struct C {`
`39`	`39`
`40`	`40`	`void foo(void) {`
`41`	`41`	`C c;`
`42`		`- c.do_some_printing(c.ext_fmt_str()); // GOOD [NOT DETECTED]`
	`42`	`+ c.do_some_printing(c.ext_fmt_str()); // BAD [NOT DETECTED]`
`43`	`43`	`}`
`44`	`44`
`45`	`45`	`struct some_class {`
`@@ -54,7 +54,7 @@ struct debug_ {`
`54`	`54`	`va_list args)`
`55`	`55`	`{`
`56`	`56`	`char str[4096];`
`57`		`- int length = _vsnprintf_s(str, sizeof(str), 0, fmt, args);`
	`57`	`+ int length = _vsnprintf_s(str, sizeof(str), 0, fmt, args); // GOOD`
`58`	`58`	`if (length > 0)`
`59`	`59`	`{`
`60`	`60`	`return 0;`