From 60a67dce7380926d373afc4077a7f1634d90e8da Mon Sep 17 00:00:00 2001
From: "REDMOND\\brodes" <brodes@microsoft.com>
Date: Tue, 8 Nov 2022 14:57:34 -0500
Subject: [PATCH] Adding NCryptEncrypt sink

---
 .../WinCng/WindowsCng.qll                         | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/cpp/ql/src/experimental/campaigns/nccoe-pqc-migration/QuantumVulnerableDiscovery/WinCng/WindowsCng.qll b/cpp/ql/src/experimental/campaigns/nccoe-pqc-migration/QuantumVulnerableDiscovery/WinCng/WindowsCng.qll
index d3f499eaadf..4c426dd38b1 100644
--- a/cpp/ql/src/experimental/campaigns/nccoe-pqc-migration/QuantumVulnerableDiscovery/WinCng/WindowsCng.qll
+++ b/cpp/ql/src/experimental/campaigns/nccoe-pqc-migration/QuantumVulnerableDiscovery/WinCng/WindowsCng.qll
@@ -80,6 +80,21 @@ class BCryptEncryptArgumentSink extends BCryptOpenAlgorithmProviderSink {
   }
 }
 
+/**
+ * Argument at index 0 of call to NCryptEncrypt:
+ *     [in]           NCRYPT_KEY_HANDLE hKey,
+ */
+class NCryptEncryptArgumentSink extends BCryptOpenAlgorithmProviderSink {
+ int index;
+ string funcName;
+
+ NCryptEncryptArgumentSink() {
+   index = 0 and
+   funcName = "NCryptEncrypt" and
+   isCallArgument(funcName, this.asExpr(), index)
+ }
+}
+
 // ----------------- Default SOURCES -----------------------
 /**
  * A string identifier of known PQC vulnerable algorithms.