C++: Add support for enum constants.

cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql

@@ -51,6 +51,20 @@ Macro getAdditionalEvidenceMacro() {
   exists(result.getAnInvocation())
 }
 
+/**
+ * An enum constant which may relate to an insecure encryption algorithm.
+ */
+EnumConstant getAnInsecureEncryptionEnumConst() {
+  isInsecureEncryption(result.getName())
+}
+
+/**
+ * An enum constant with additional evidence it is related to encryption.
+ */
+EnumConstant getAdditionalEvidenceEnumConst() {
+  isEncryptionAdditionalEvidence(result.getName())
+}
+
 /**
  * A function call we have a high confidence is related to use of an insecure
  * encryption algorithm.
@@ -65,6 +79,11 @@ class InsecureFunctionCall extends FunctionCall {
         mi.getAGeneratedElement() = this.getAChild*() and
         mi.getMacro() = getAnInsecureEncryptionMacro()
       )
+      or
+      exists(EnumConstantAccess ec |
+        ec = this.getAChild*() and
+        ec.getTarget() = getAnInsecureEncryptionEnumConst()
+      )
     ) and
     // find additional evidence that this function is related to encryption.
     (
@@ -74,6 +93,11 @@ class InsecureFunctionCall extends FunctionCall {
         mi.getAGeneratedElement() = this.getAChild*() and
         mi.getMacro() = getAdditionalEvidenceMacro()
       )
+      or
+      exists(EnumConstantAccess ec |
+        ec = this.getAChild*() and
+        ec.getTarget() = getAdditionalEvidenceEnumConst()
+      )
     )
   }
 

cpp/ql/test/query-tests/Security/CWE/CWE-327/BrokenCryptoAlgorithm.expected

@@ -1,8 +1,11 @@
 | test2.cpp:49:4:49:24 | call to my_des_implementation | This function call specifies a broken or weak cryptographic algorithm. |
 | test2.cpp:62:2:62:12 | call to encrypt_bad | This function call specifies a broken or weak cryptographic algorithm. |
 | test2.cpp:124:4:124:24 | call to my_des_implementation | This function call specifies a broken or weak cryptographic algorithm. |
+| test2.cpp:144:22:144:30 | call to MyBadEncryptor | This function call specifies a broken or weak cryptographic algorithm. |
 | test2.cpp:172:2:172:26 | call to set_encryption_algorithm1 | This function call specifies a broken or weak cryptographic algorithm. |
+| test2.cpp:175:2:175:26 | call to set_encryption_algorithm2 | This function call specifies a broken or weak cryptographic algorithm. |
 | test2.cpp:182:2:182:17 | call to encryption_with1 | This function call specifies a broken or weak cryptographic algorithm. |
+| test2.cpp:185:2:185:17 | call to encryption_with2 | This function call specifies a broken or weak cryptographic algorithm. |
 | test.cpp:38:2:38:31 | call to my_implementation1 | This function call specifies a broken or weak cryptographic algorithm. |
 | test.cpp:39:2:39:31 | call to my_implementation2 | This function call specifies a broken or weak cryptographic algorithm. |
 | test.cpp:51:2:51:32 | call to my_implementation1 | This function call specifies a broken or weak cryptographic algorithm. |

cpp/ql/test/query-tests/Security/CWE/CWE-327/test2.cpp

@@ -141,7 +141,7 @@ void do_class_encrypts(char *data, size_t amount, keytype key)
 	}
 
 	{
-		MyBadEncryptor mbe(key, DES); // BAD [NOT DETECTED]
+		MyBadEncryptor mbe(key, DES); // BAD
 
 		mbe.encrypt(data, amount);
 	}
@@ -172,7 +172,7 @@ void do_unseen_encrypts(char *data, size_t amount, keytype key)
 	set_encryption_algorithm1(ALGO_DES); // BAD
 	set_encryption_algorithm1(ALGO_AES); // GOOD
 
-	set_encryption_algorithm2(USE_DES); // BAD [NOT DETECTED]
+	set_encryption_algorithm2(USE_DES); // BAD
 	set_encryption_algorithm2(USE_AES); // GOOD
 
 	set_encryption_algorithm3("DES"); // BAD [NOT DETECTED]
@@ -182,7 +182,7 @@ void do_unseen_encrypts(char *data, size_t amount, keytype key)
 	encryption_with1(data, amount, key, ALGO_DES); // BAD
 	encryption_with1(data, amount, key, ALGO_AES); // GOOD
 
-	encryption_with2(data, amount, key, USE_DES); // BAD [NOT DETECTED]
+	encryption_with2(data, amount, key, USE_DES); // BAD
 	encryption_with2(data, amount, key, USE_AES); // GOOD
 
 	encryption_with3(data, amount, key, "DES"); // BAD [NOT DETECTED]