hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Fix 'triple DES' false positives.

Browse Source
This commit is contained in:
Geoffrey White
2021-05-13 09:15:58 +01:00
parent 40cf29b625
commit 123889a671
3 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cpp/ql/test/query-tests/Security/CWE/CWE-327/BrokenCryptoAlgorithm.expected
View File

@@ -5,7 +5,6 @@
| test2.cpp:182:38:182:45 | ALGO_DES | This macro invocation specifies a broken or weak cryptographic algorithm. |
| test.cpp:38:2:38:31 | ENCRYPT_WITH_DES(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
| test.cpp:39:2:39:31 | ENCRYPT_WITH_RC2(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
| test.cpp:42:2:42:38 | ENCRYPT_WITH_TRIPLE_DES(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
| test.cpp:51:2:51:32 | DES_DO_ENCRYPTION(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
| test.cpp:52:2:52:31 | RUN_DES_ENCODING(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
| test.cpp:53:2:53:25 | DES_ENCODE(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
@@ -14,6 +13,5 @@
| test.cpp:59:12:59:25 | SORT_ORDER_DES | This macro invocation specifies a broken or weak cryptographic algorithm. |
| test.cpp:88:2:88:11 | call to encryptDES | This function call specifies a broken or weak cryptographic algorithm. |
| test.cpp:89:2:89:11 | call to encryptRC2 | This function call specifies a broken or weak cryptographic algorithm. |
| test.cpp:92:2:92:17 | call to encryptTripleDES | This function call specifies a broken or weak cryptographic algorithm. |
| test.cpp:101:2:101:15 | call to do_des_encrypt | This function call specifies a broken or weak cryptographic algorithm. |
| test.cpp:102:2:102:12 | call to DES_Set_Key | This function call specifies a broken or weak cryptographic algorithm. |

4
cpp/ql/test/query-tests/Security/CWE/CWE-327/test.cpp
View File

@@ -39,7 +39,7 @@ void test_macros(void *data, size_t amount, const char *str)
ENCRYPT_WITH_RC2(data, amount); // BAD
ENCRYPT_WITH_AES(data, amount); // GOOD (good algorithm)
ENCRYPT_WITH_3DES(data, amount); // GOOD (good enough algorithm)
ENCRYPT_WITH_TRIPLE_DES(data, amount); // GOOD (good enough algorithm) [FALSE POSITIVE]
ENCRYPT_WITH_TRIPLE_DES(data, amount); // GOOD (good enough algorithm)
ENCRYPT_WITH_RC20(data, amount); // GOOD (if there ever is an RC20 algorithm, we have no reason to believe it's weak)
ENCRYPT_WITH_DES_REMOVED(data, amount); // GOOD (implementation has been deleted)
@@ -89,7 +89,7 @@ void test_functions(void *data, size_t amount, const char *str)
encryptRC2(data, amount); // BAD
encryptAES(data, amount); // GOOD (good algorithm)
encrypt3DES(data, amount); // GOOD (good enough algorithm)
encryptTripleDES(data, amount); // GOOD (good enough algorithm) [FALSE POSITIVE]
encryptTripleDES(data, amount); // GOOD (good enough algorithm)
DESEncrypt(data, amount); // BAD
RC2Encrypt(data, amount); // BAD