C++: Add taint model and accept test changes.

Author: MathiasVP

cpp/ql/lib/semmle/code/cpp/models/implementations/SmartPointer.qll

@@ -106,7 +106,9 @@ private class MakeUniqueOrShared extends TaintFunction {
  *
  * This could be a constructor, an assignment operator, or a named member function like `reset()`.
  */
-private class SmartPtrSetterFunction extends MemberFunction, AliasFunction, SideEffectFunction {
+private class SmartPtrSetterFunction extends MemberFunction, AliasFunction, SideEffectFunction,
+  TaintFunction
+{
   SmartPtrSetterFunction() {
     this.getDeclaringType() instanceof SmartPtr and
     not this.isStatic() and
@@ -158,6 +160,16 @@ private class SmartPtrSetterFunction extends MemberFunction, AliasFunction, Side
     output.isReturnValue()
   }
 
+  override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
+    exists(Parameter param0, Type t, int indirectionIndex |
+      param0 = this.getParameter(0) and
+      param0.getUnspecifiedType().(PointerType).getBaseType() = t and
+      this.getTemplateArgument(0) = t and
+      input.isParameterDeref(0, indirectionIndex) and
+      output.isQualifierObject(indirectionIndex + 1)
+    )
+  }
+
   private FunctionInput getPointerInput() {
     exists(Parameter param0 | param0 = this.getParameter(0) |
       (

cpp/ql/test/library-tests/dataflow/smart-pointers-taint/test.cpp

@@ -31,7 +31,7 @@ void test_shared_ptr_int() {
 	std::shared_ptr<int> p1(new int(source()));
 	std::shared_ptr<int> p2 = std::make_shared<int>(source());
 
-	sink(*p1); // $ ast MISSING: ir
+	sink(*p1); // $ ast ir
 	sink(*p2); // $ ast ir
 }