hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

[DIFF-INFORMED] C++: CWE-311/Cleartext…

Browse Source
This commit is contained in:
Nora Dimitrijević
2025-07-16 10:30:31 +02:00
parent 21914030e8
commit 05df2f2216
3 changed files with 32 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql
View File

@@ -47,6 +47,12 @@ module ToBufferConfig implements DataFlow::ConfigSig {
}
predicate isSink(DataFlow::Node sink) { isSinkImpl(sink, _) }
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSinkLocation(DataFlow::Node sink) {
exists(SensitiveBufferWrite w | result = w.getLocation() | isSinkImpl(sink, w))
}
}
module ToBufferFlow = TaintTracking::Global<ToBufferConfig>;

10
cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql
View File

@@ -31,6 +31,16 @@ module FromSensitiveConfig implements DataFlow::ConfigSig {
predicate isBarrier(DataFlow::Node node) {
node.asExpr().getUnspecifiedType() instanceof IntegralType
}
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSourceLocation(DataFlow::Node sourceNode) {
exists(SensitiveExpr source | result = source.getLocation() | isSourceImpl(sourceNode, source))
}
Location getASelectedSinkLocation(DataFlow::Node sink) {
exists(FileWrite w | result = w.getLocation() | isSinkImpl(sink, w, _))
}
}
module FromSensitiveFlow = TaintTracking::Global<FromSensitiveConfig>;

16
cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
View File

@@ -245,6 +245,14 @@ module FromSensitiveConfig implements DataFlow::ConfigSig {
// sources to not get path duplication.
isSource(node)
}
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSinkLocation(DataFlow::Node sink) {
exists(NetworkSendRecv networkSendRecv | result = networkSendRecv.getLocation() |
isSinkSendRecv(sink, networkSendRecv)
)
}
}
module FromSensitiveFlow = TaintTracking::Global<FromSensitiveConfig>;
@@ -266,6 +274,10 @@ module ToEncryptionConfig implements DataFlow::ConfigSig {
// sources to not get path duplication.
isSource(node)
}
predicate observeDiffInformedIncrementalMode() {
none() // only used negatively
}
}
module ToEncryptionFlow = TaintTracking::Global<ToEncryptionConfig>;
@@ -281,6 +293,10 @@ module FromEncryptionConfig implements DataFlow::ConfigSig {
predicate isBarrier(DataFlow::Node node) {
node.asExpr().getUnspecifiedType() instanceof IntegralType
}
predicate observeDiffInformedIncrementalMode() {
none() // only used negatively
}
}
module FromEncryptionFlow = TaintTracking::Global<FromEncryptionConfig>;