hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Speed up cpp/cleartext-transmission ('Encrypted' class).

Browse Source
This commit is contained in:
Geoffrey White
2022-02-07 14:07:02 +00:00
parent 55e69d421c
commit 005dfdffdb
1 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
View File

@@ -168,6 +168,18 @@ class NetworkRecv extends NetworkSendRecv {
override Recv target;
}
predicate encryptionFunction(Function f)
{
f.getName()
.toLowerCase()
.regexpMatch(".*(crypt|encode|decode|hash|securezero).*")
}
predicate encryptionType(Type t)
{
t.getName().toLowerCase().regexpMatch(".*(crypt|encode|decode|hash|securezero).*")
}
/**
* An expression that is an argument or return value from an encryption /
* decryption call. This is quite inclusive to minimize false positives, for
@@ -177,10 +189,7 @@ class NetworkRecv extends NetworkSendRecv {
class Encrypted extends Expr {
Encrypted() {
exists(FunctionCall fc |
fc.getTarget()
.getName()
.toLowerCase()
.regexpMatch(".*(crypt|encode|decode|hash|securezero).*") and
encryptionFunction(fc.getTarget()) and
(
this = fc or
this = fc.getAnArgument()
@@ -189,7 +198,7 @@ class Encrypted extends Expr {
or
exists(Type t |
this.getType().refersTo(t) and
t.getName().toLowerCase().regexpMatch(".*(crypt|encode|decode|hash|securezero).*")
encryptionType(t)
)
}
}