C++: Add a MaD model for 'CAtlTemporaryFile' and mark reads as local flow sources.

Author: MathiasVP

cpp/ql/lib/ext/CAtlTemporaryFile.model.yml

@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/cpp-all
+      extensible: summaryModel
+    data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
+      - ["", "CAtlTemporaryFile", True, "Create", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
+      - ["", "CAtlTemporaryFile", True, "Read", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]
+      - ["", "CAtlTemporaryFile", True, "Write", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]

cpp/ql/lib/semmle/code/cpp/models/Models.qll

@@ -55,3 +55,4 @@ private import implementations.CComBSTR
 private import implementations.CPathT
 private import implementations.CAtlFile
 private import implementations.CAtlFileMapping
+private import implementations.CAtlTemporaryFile

cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlTemporaryFile.qll

@@ -0,0 +1,17 @@
+import semmle.code.cpp.models.interfaces.FlowSource
+
+/**
+ * The `CAtlFile` class from Microsoft's Active Template Library.
+ */
+class CAtlTemporaryFile extends Class {
+  CAtlTemporaryFile() { this.hasGlobalName("CAtlTemporaryFile") }
+}
+
+private class CAtlTemporaryFileRead extends MemberFunction, LocalFlowSourceFunction {
+  CAtlTemporaryFileRead() { this.getClassAndName("Read") instanceof CAtlTemporaryFile }
+
+  override predicate hasLocalFlowSource(FunctionOutput output, string description) {
+    output.isParameterDeref(0) and
+    description = "string read by " + this.getName()
+  }
+}

cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp

@@ -213,5 +213,5 @@ void test_CAtlTemporaryFile() {
   CAtlTemporaryFile file;
   char buffer[1024];
   DWORD bytesRead;
-  file.Read(buffer, 1024, bytesRead); // $ MISSING: local_source
+  file.Read(buffer, 1024, bytesRead); // $ local_source
 }