hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Exclude macro invocations in switch case expressions.

Browse Source
This commit is contained in:
Geoffrey White
2021-05-12 14:58:21 +01:00
parent 9404d0676d
commit 52a88af6c1
3 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
View File

@@ -45,7 +45,10 @@ class InsecureMacroSpec extends InsecureCryptoSpec, MacroInvocation {
// the macro name suggests it relates to an insecure crypto algorithm.
this.getMacro() = getAnInsecureMacro() and
// the macro invocation generates something.
exists(this.getAGeneratedElement())
exists(this.getAGeneratedElement().(ControlFlowNode)) and
// exclude expressions controlling ifs/switches (as they may not be used).
not any(IfStmt c).getCondition().getAChild*() = this.getAGeneratedElement() and
not any(SwitchCase c).getExpr().getAChild*() = this.getAGeneratedElement()
}
override string description() { result = "macro invocation" }