hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: More test cases.

Browse Source
This commit is contained in:
Geoffrey White
2021-07-13 17:32:08 +01:00
parent 6aec7f2c49
commit 133953303b
2 changed files with 60 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextFileWrite.expected
View File

@@ -1,3 +1,9 @@
| test2.cpp:28:2:28:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:28:36:28:43 | password | this source. |
| test2.cpp:29:2:29:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:29:37:29:45 | thepasswd | this source. |
| test2.cpp:30:2:30:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:30:38:30:47 | accountkey | this source. |
| test2.cpp:31:2:31:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:31:41:31:53 | password_hash | this source. |
| test2.cpp:33:2:33:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:33:41:33:53 | password_file | this source. |
| test2.cpp:34:2:34:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:34:41:34:53 | passwd_config | this source. |
| test.cpp:45:3:45:7 | call to fputs | This write into file 'file' may contain unencrypted data from $@ | test.cpp:45:9:45:19 | thePassword | this source. |
| test.cpp:70:35:70:35 | call to operator<< | This write into file 'mystream' may contain unencrypted data from $@ | test.cpp:70:38:70:48 | thePassword | this source. |
| test.cpp:73:37:73:41 | call to write | This write into file 'mystream' may contain unencrypted data from $@ | test.cpp:73:43:73:53 | thePassword | this source. |

54
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test2.cpp Normal file
View File

@@ -0,0 +1,54 @@
#define FILE int
int fprintf(FILE *stream, const char *format, ...);
char *strcpy(char *s1, const char *s2);
char *crypt(char *input);
struct myStruct
{
// sensitive
char *password;
char *thepasswd;
char *accountkey;
// encrypted
char password_hash[64];
char *encrypted_passwd;
// not sensitive
char *password_file;
char *passwd_config;
};
void tests(FILE *log, myStruct &s)
{
fprintf(log, "password = %s\n", s.password); // BAD
fprintf(log, "thepasswd = %s\n", s.thepasswd); // BAD
fprintf(log, "accountkey = %s\n", s.accountkey); // BAD
fprintf(log, "password_hash = %s\n", s.password_hash); // GOOD
fprintf(log, "encrypted_passwd = %s\n", s.encrypted_passwd); // GOOD
fprintf(log, "password_file = %s\n", s.password_file); // GOOD
fprintf(log, "passwd_config = %s\n", s.passwd_config); // GOOD
{
char *cpy1 = s.password;
char *cpy2 = crypt(s.password);
fprintf(log, "cpy1 = %s\n", cpy1); // BAD
fprintf(log, "cpy2 = %s\n", cpy2); // GOOD
}
{
char buf[1024];
strcpy(buf, s.password);
fprintf(log, "buf = %s\n", buf); // BAD
strcpy(buf, s.password_hash);
fprintf(log, "buf = %s\n", buf); // GOOD
}
}