hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Redesign and fix results that appear to be encrypted.

Browse Source
This commit is contained in:
Geoffrey White
2021-12-07 17:35:21 +00:00
parent 511bee7a1a
commit 6896b20dcd
2 changed files with 93 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
View File

@@ -125,6 +125,8 @@ class FromSensitiveConfiguration extends TaintTracking::Configuration {
sink.asExpr() = any(NetworkSendRecv nsr | nsr.checkSocket()).getDataExpr()
or
sink.asExpr() instanceof Encrypted
or
sink.asExpr() instanceof SensitiveExpr
}
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
@@ -150,11 +152,16 @@ where
sink.getNode().asExpr() = networkSendRecv.getDataExpr() and
networkSendRecv.checkSocket() and
// no flow from sensitive -> evidence of encryption
not exists(DataFlow::Node anySource, DataFlow::Node encrypted |
config.hasFlow(anySource, sink.getNode()) and
config.hasFlow(anySource, encrypted) and
not exists(DataFlow::Node encrypted |
config.hasFlow(source.getNode(), encrypted) and
encrypted.asExpr() instanceof Encrypted
) and
// only use the 'first' sensitive expression
not exists(DataFlow::Node sensitive |
config.hasFlow(sensitive, source.getNode()) and
sensitive.asExpr() instanceof SensitiveExpr and
not source.getNode() = sensitive
) and
// construct result
if networkSendRecv instanceof NetworkSend
then
@@ -165,4 +172,4 @@ where
msg =
"This operation receives into '" + sink.toString() +
"', which may put unencrypted sensitive data into $@"
select networkSendRecv, source, sink, msg, source, source.getNode().asExpr().toString()
select networkSendRecv, source, sink, msg, source, source.getNode().toString()

83
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
View File

@@ -1,10 +1,32 @@
edges
| test2.cpp:43:34:43:34 | s [post update] [password] | test2.cpp:62:16:62:16 | s [password] |
| test2.cpp:43:34:43:34 | s [post update] [password] | test2.cpp:63:22:63:22 | s [password] |
| test2.cpp:43:34:43:34 | s [post update] [password] | test2.cpp:72:15:72:15 | s [password] |
| test2.cpp:43:34:43:34 | s [post update] [password] | test2.cpp:79:34:79:34 | s [password] |
| test2.cpp:43:34:43:34 | s [post update] [password] | test2.cpp:91:43:91:43 | s [password] |
| test2.cpp:43:36:43:43 | password | test2.cpp:43:36:43:43 | ref arg password |
| test2.cpp:43:36:43:43 | ref arg password | test2.cpp:43:34:43:34 | s [post update] [password] |
| test2.cpp:54:39:54:39 | s [post update] [widepassword] | test2.cpp:55:38:55:38 | s [widepassword] |
| test2.cpp:54:41:54:52 | ref arg widepassword | test2.cpp:54:39:54:39 | s [post update] [widepassword] |
| test2.cpp:54:41:54:52 | widepassword | test2.cpp:54:41:54:52 | ref arg widepassword |
| test2.cpp:55:38:55:38 | s [widepassword] | test2.cpp:55:40:55:51 | widepassword |
| test2.cpp:62:16:62:16 | s [password] | test2.cpp:62:18:62:25 | password |
| test2.cpp:63:22:63:22 | s [password] | test2.cpp:63:24:63:31 | password |
| test2.cpp:63:22:63:22 | s [password] | test2.cpp:63:24:63:31 | password |
| test2.cpp:63:22:63:22 | s [post update] [password] | test2.cpp:72:15:72:15 | s [password] |
| test2.cpp:63:22:63:22 | s [post update] [password] | test2.cpp:79:34:79:34 | s [password] |
| test2.cpp:63:22:63:22 | s [post update] [password] | test2.cpp:91:43:91:43 | s [password] |
| test2.cpp:63:24:63:31 | password | test2.cpp:63:16:63:20 | call to crypt |
| test2.cpp:63:24:63:31 | password | test2.cpp:63:24:63:31 | ref arg password |
| test2.cpp:63:24:63:31 | ref arg password | test2.cpp:63:22:63:22 | s [post update] [password] |
| test2.cpp:72:15:72:15 | s [password] | test2.cpp:72:17:72:24 | password |
| test2.cpp:79:34:79:34 | s [password] | test2.cpp:79:36:79:43 | password |
| test2.cpp:79:34:79:34 | s [password] | test2.cpp:79:36:79:43 | password |
| test2.cpp:79:34:79:34 | s [post update] [password] | test2.cpp:91:43:91:43 | s [password] |
| test2.cpp:79:36:79:43 | password | test2.cpp:79:36:79:43 | ref arg password |
| test2.cpp:79:36:79:43 | ref arg password | test2.cpp:79:34:79:34 | s [post update] [password] |
| test2.cpp:91:43:91:43 | s [password] | test2.cpp:91:45:91:52 | password |
| test3.cpp:47:15:47:22 | password | test3.cpp:49:28:49:35 | password |
| test3.cpp:74:21:74:29 | password1 | test3.cpp:76:15:76:17 | ptr |
| test3.cpp:81:15:81:22 | password | test3.cpp:83:15:83:17 | ptr |
| test3.cpp:112:20:112:25 | buffer | test3.cpp:114:14:114:19 | buffer |
@@ -20,6 +42,7 @@ edges
| test3.cpp:173:15:173:22 | password | test3.cpp:175:19:175:26 | password |
| test3.cpp:173:15:173:22 | password | test3.cpp:175:19:175:26 | password |
| test3.cpp:175:19:175:26 | password | test3.cpp:175:3:175:17 | call to decrypt_inplace |
| test3.cpp:181:15:181:22 | password | test3.cpp:182:3:182:10 | password |
| test3.cpp:181:15:181:22 | password | test3.cpp:184:3:184:17 | call to decrypt_inplace |
| test3.cpp:181:15:181:22 | password | test3.cpp:184:19:184:26 | password |
| test3.cpp:181:15:181:22 | password | test3.cpp:184:19:184:26 | password |
@@ -30,45 +53,90 @@ edges
| test3.cpp:193:30:193:37 | password | test3.cpp:193:18:193:28 | call to rtn_decrypt |
| test3.cpp:199:19:199:26 | password | test3.cpp:199:3:199:17 | call to encrypt_inplace |
| test3.cpp:199:19:199:26 | password | test3.cpp:201:15:201:22 | password |
| test3.cpp:199:19:199:26 | password | test3.cpp:201:32:201:39 | password |
| test3.cpp:207:19:207:26 | password | test3.cpp:207:3:207:17 | call to encrypt_inplace |
| test3.cpp:207:19:207:26 | password | test3.cpp:208:3:208:10 | password |
| test3.cpp:207:19:207:26 | password | test3.cpp:210:15:210:22 | password |
| test3.cpp:207:19:207:26 | password | test3.cpp:210:32:210:39 | password |
| test3.cpp:217:18:217:28 | call to rtn_encrypt | test3.cpp:219:15:219:26 | password_ptr |
| test3.cpp:217:18:217:28 | call to rtn_encrypt | test3.cpp:219:36:219:47 | password_ptr |
| test3.cpp:217:30:217:37 | password | test3.cpp:217:18:217:28 | call to rtn_encrypt |
| test3.cpp:217:30:217:37 | password | test3.cpp:217:18:217:28 | call to rtn_encrypt |
| test3.cpp:217:30:217:37 | password | test3.cpp:219:15:219:26 | password_ptr |
| test3.cpp:217:30:217:37 | password | test3.cpp:219:36:219:47 | password_ptr |
| test3.cpp:241:8:241:15 | password | test3.cpp:242:8:242:15 | password |
| test.cpp:48:29:48:39 | thePassword | test.cpp:48:21:48:27 | call to encrypt |
| test.cpp:58:11:58:16 | passwd | test.cpp:61:11:61:16 | passwd |
| test.cpp:76:29:76:39 | thePassword | test.cpp:76:21:76:27 | call to encrypt |
nodes
| test2.cpp:43:34:43:34 | s [post update] [password] | semmle.label | s [post update] [password] |
| test2.cpp:43:36:43:43 | password | semmle.label | password |
| test2.cpp:43:36:43:43 | password | semmle.label | password |
| test2.cpp:43:36:43:43 | ref arg password | semmle.label | ref arg password |
| test2.cpp:44:37:44:45 | thepasswd | semmle.label | thepasswd |
| test2.cpp:50:41:50:53 | passwd_config | semmle.label | passwd_config |
| test2.cpp:52:44:52:57 | password_tries | semmle.label | password_tries |
| test2.cpp:54:39:54:39 | s [post update] [widepassword] | semmle.label | s [post update] [widepassword] |
| test2.cpp:54:41:54:52 | ref arg widepassword | semmle.label | ref arg widepassword |
| test2.cpp:54:41:54:52 | widepassword | semmle.label | widepassword |
| test2.cpp:54:41:54:52 | widepassword | semmle.label | widepassword |
| test2.cpp:55:38:55:38 | s [widepassword] | semmle.label | s [widepassword] |
| test2.cpp:55:40:55:51 | widepassword | semmle.label | widepassword |
| test2.cpp:57:39:57:49 | call to getPassword | semmle.label | call to getPassword |
| test2.cpp:62:16:62:16 | s [password] | semmle.label | s [password] |
| test2.cpp:62:18:62:25 | password | semmle.label | password |
| test2.cpp:63:16:63:20 | call to crypt | semmle.label | call to crypt |
| test2.cpp:63:22:63:22 | s [password] | semmle.label | s [password] |
| test2.cpp:63:22:63:22 | s [post update] [password] | semmle.label | s [post update] [password] |
| test2.cpp:63:24:63:31 | password | semmle.label | password |
| test2.cpp:63:24:63:31 | password | semmle.label | password |
| test2.cpp:63:24:63:31 | ref arg password | semmle.label | ref arg password |
| test2.cpp:72:15:72:15 | s [password] | semmle.label | s [password] |
| test2.cpp:72:17:72:24 | password | semmle.label | password |
| test2.cpp:79:34:79:34 | s [password] | semmle.label | s [password] |
| test2.cpp:79:34:79:34 | s [post update] [password] | semmle.label | s [post update] [password] |
| test2.cpp:79:36:79:43 | password | semmle.label | password |
| test2.cpp:79:36:79:43 | password | semmle.label | password |
| test2.cpp:79:36:79:43 | ref arg password | semmle.label | ref arg password |
| test2.cpp:82:15:82:28 | passwd_config2 | semmle.label | passwd_config2 |
| test2.cpp:84:50:84:63 | passwd_config2 | semmle.label | passwd_config2 |
| test2.cpp:91:43:91:43 | s [password] | semmle.label | s [password] |
| test2.cpp:91:45:91:52 | password | semmle.label | password |
| test3.cpp:20:28:20:36 | password1 | semmle.label | password1 |
| test3.cpp:22:15:22:23 | password1 | semmle.label | password1 |
| test3.cpp:22:33:22:41 | password1 | semmle.label | password1 |
| test3.cpp:26:15:26:23 | password2 | semmle.label | password2 |
| test3.cpp:26:33:26:41 | password2 | semmle.label | password2 |
| test3.cpp:38:23:38:31 | password2 | semmle.label | password2 |
| test3.cpp:38:41:38:49 | password2 | semmle.label | password2 |
| test3.cpp:47:15:47:22 | password | semmle.label | password |
| test3.cpp:47:15:47:22 | password | semmle.label | password |
| test3.cpp:49:28:49:35 | password | semmle.label | password |
| test3.cpp:55:15:55:22 | password | semmle.label | password |
| test3.cpp:74:21:74:29 | password1 | semmle.label | password1 |
| test3.cpp:74:21:74:29 | password1 | semmle.label | password1 |
| test3.cpp:76:15:76:17 | ptr | semmle.label | ptr |
| test3.cpp:81:15:81:22 | password | semmle.label | password |
| test3.cpp:81:15:81:22 | password | semmle.label | password |
| test3.cpp:83:15:83:17 | ptr | semmle.label | ptr |
| test3.cpp:101:12:101:19 | password | semmle.label | password |
| test3.cpp:108:12:108:19 | password | semmle.label | password |
| test3.cpp:112:20:112:25 | buffer | semmle.label | buffer |
| test3.cpp:114:14:114:19 | buffer | semmle.label | buffer |
| test3.cpp:117:28:117:33 | buffer | semmle.label | buffer |
| test3.cpp:119:9:119:14 | buffer | semmle.label | buffer |
| test3.cpp:126:9:126:23 | global_password | semmle.label | global_password |
| test3.cpp:126:9:126:23 | global_password | semmle.label | global_password |
| test3.cpp:134:11:134:18 | password | semmle.label | password |
| test3.cpp:134:11:134:18 | password | semmle.label | password |
| test3.cpp:138:21:138:22 | call to id | semmle.label | call to id |
| test3.cpp:138:24:138:32 | password1 | semmle.label | password1 |
| test3.cpp:138:24:138:32 | password1 | semmle.label | password1 |
| test3.cpp:140:15:140:17 | ptr | semmle.label | ptr |
| test3.cpp:144:16:144:29 | call to get_global_str | semmle.label | call to get_global_str |
| test3.cpp:146:15:146:18 | data | semmle.label | data |
| test3.cpp:157:19:157:26 | password | semmle.label | password |
| test3.cpp:157:19:157:26 | password | semmle.label | password |
| test3.cpp:159:15:159:20 | buffer | semmle.label | buffer |
| test3.cpp:173:15:173:22 | password | semmle.label | password |
| test3.cpp:173:15:173:22 | password | semmle.label | password |
@@ -77,11 +145,13 @@ nodes
| test3.cpp:175:19:175:26 | password | semmle.label | password |
| test3.cpp:181:15:181:22 | password | semmle.label | password |
| test3.cpp:181:15:181:22 | password | semmle.label | password |
| test3.cpp:182:3:182:10 | password | semmle.label | password |
| test3.cpp:184:3:184:17 | call to decrypt_inplace | semmle.label | call to decrypt_inplace |
| test3.cpp:184:19:184:26 | password | semmle.label | password |
| test3.cpp:184:19:184:26 | password | semmle.label | password |
| test3.cpp:191:15:191:22 | password | semmle.label | password |
| test3.cpp:191:15:191:22 | password | semmle.label | password |
| test3.cpp:193:3:193:14 | password_ptr | semmle.label | password_ptr |
| test3.cpp:193:18:193:28 | call to rtn_decrypt | semmle.label | call to rtn_decrypt |
| test3.cpp:193:30:193:37 | password | semmle.label | password |
| test3.cpp:193:30:193:37 | password | semmle.label | password |
@@ -89,23 +159,35 @@ nodes
| test3.cpp:199:19:199:26 | password | semmle.label | password |
| test3.cpp:199:19:199:26 | password | semmle.label | password |
| test3.cpp:201:15:201:22 | password | semmle.label | password |
| test3.cpp:201:32:201:39 | password | semmle.label | password |
| test3.cpp:207:3:207:17 | call to encrypt_inplace | semmle.label | call to encrypt_inplace |
| test3.cpp:207:19:207:26 | password | semmle.label | password |
| test3.cpp:207:19:207:26 | password | semmle.label | password |
| test3.cpp:208:3:208:10 | password | semmle.label | password |
| test3.cpp:210:15:210:22 | password | semmle.label | password |
| test3.cpp:210:32:210:39 | password | semmle.label | password |
| test3.cpp:217:3:217:14 | password_ptr | semmle.label | password_ptr |
| test3.cpp:217:18:217:28 | call to rtn_encrypt | semmle.label | call to rtn_encrypt |
| test3.cpp:217:18:217:28 | call to rtn_encrypt | semmle.label | call to rtn_encrypt |
| test3.cpp:217:30:217:37 | password | semmle.label | password |
| test3.cpp:217:30:217:37 | password | semmle.label | password |
| test3.cpp:219:15:219:26 | password_ptr | semmle.label | password_ptr |
| test3.cpp:219:36:219:47 | password_ptr | semmle.label | password_ptr |
| test3.cpp:227:22:227:29 | password | semmle.label | password |
| test3.cpp:228:26:228:33 | password | semmle.label | password |
| test3.cpp:241:8:241:15 | password | semmle.label | password |
| test3.cpp:241:8:241:15 | password | semmle.label | password |
| test3.cpp:242:8:242:15 | password | semmle.label | password |
| test.cpp:45:9:45:19 | thePassword | semmle.label | thePassword |
| test.cpp:48:21:48:27 | call to encrypt | semmle.label | call to encrypt |
| test.cpp:48:29:48:39 | thePassword | semmle.label | thePassword |
| test.cpp:48:29:48:39 | thePassword | semmle.label | thePassword |
| test.cpp:58:11:58:16 | passwd | semmle.label | passwd |
| test.cpp:58:11:58:16 | passwd | semmle.label | passwd |
| test.cpp:61:11:61:16 | passwd | semmle.label | passwd |
| test.cpp:70:38:70:48 | thePassword | semmle.label | thePassword |
| test.cpp:73:43:73:53 | thePassword | semmle.label | thePassword |
| test.cpp:73:63:73:73 | thePassword | semmle.label | thePassword |
| test.cpp:76:21:76:27 | call to encrypt | semmle.label | call to encrypt |
| test.cpp:76:29:76:39 | thePassword | semmle.label | thePassword |
| test.cpp:76:29:76:39 | thePassword | semmle.label | thePassword |
@@ -128,4 +210,3 @@ subpaths
| test3.cpp:228:2:228:5 | call to send | test3.cpp:228:26:228:33 | password | test3.cpp:228:26:228:33 | password | This operation transmits 'password', which may contain unencrypted sensitive data from $@ | test3.cpp:228:26:228:33 | password | password |
| test3.cpp:241:2:241:6 | call to fgets | test3.cpp:241:8:241:15 | password | test3.cpp:241:8:241:15 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@ | test3.cpp:241:8:241:15 | password | password |
| test3.cpp:242:2:242:6 | call to fgets | test3.cpp:241:8:241:15 | password | test3.cpp:242:8:242:15 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@ | test3.cpp:241:8:241:15 | password | password |
| test3.cpp:242:2:242:6 | call to fgets | test3.cpp:242:8:242:15 | password | test3.cpp:242:8:242:15 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@ | test3.cpp:242:8:242:15 | password | password |