mirror of
https://github.com/github/codeql.git
synced 2026-04-29 18:55:14 +02:00
C++: Repair the 'cpp/cleartext-transmission' query in preparation for IR-based use-use dataflow.
This commit is contained in:
Mathias Vorreiter Pedersen
@@ -16,6 +16,8 @@ import cpp
|
||||
import semmle.code.cpp.security.SensitiveExprs
|
||||
import semmle.code.cpp.security.PrivateData
|
||||
import semmle.code.cpp.dataflow.TaintTracking
|
||||
import semmle.code.cpp.dataflow.TaintTracking2
|
||||
import semmle.code.cpp.dataflow.TaintTracking3
|
||||
import semmle.code.cpp.models.interfaces.FlowSource
|
||||
import semmle.code.cpp.commons.File
|
||||
import DataFlow::PathGraph
|
||||
@@ -34,21 +36,6 @@ class SourceFunction extends Function {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A DataFlow node corresponding to a variable or function call that
|
||||
* might contain or return a password or other sensitive information.
|
||||
*/
|
||||
class SourceNode extends DataFlow::Node {
|
||||
SourceNode() {
|
||||
this.asExpr() = any(SourceVariable sv).getInitializer().getExpr() or
|
||||
this.asExpr().(VariableAccess).getTarget() = any(SourceVariable sv).(GlobalOrNamespaceVariable) or
|
||||
this.asExpr().(VariableAccess).getTarget() = any(SourceVariable v | v instanceof Field) or
|
||||
this.asUninitialized() instanceof SourceVariable or
|
||||
this.asParameter() instanceof SourceVariable or
|
||||
this.asExpr().(FunctionCall).getTarget() instanceof SourceFunction
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A function that sends or receives data over a network.
|
||||
*/
|
||||
@@ -216,24 +203,94 @@ class Encrypted extends Expr {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `sink` is a node that represents data transmitted through a network
|
||||
* operation `nsr`.
|
||||
*/
|
||||
predicate isSinkSendRecv(DataFlow::Node sink, NetworkSendRecv nsr) {
|
||||
sink.asConvertedExpr() = nsr.getDataExpr().getFullyConverted()
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `sink` is a node that is encrypted by `enc`.
|
||||
*/
|
||||
predicate isSinkEncrypt(DataFlow::Node sink, Encrypted enc) {
|
||||
sink.asConvertedExpr() = enc.getFullyConverted()
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `source` represents a use of a sensitive variable, or data returned by a
|
||||
* function returning sensitive data.
|
||||
*/
|
||||
predicate isSourceImpl(DataFlow::Node source) {
|
||||
exists(Expr e |
|
||||
e = source.asIndirectConvertedExpr() and
|
||||
e.getUnconverted().(VariableAccess).getTarget() instanceof SourceVariable and
|
||||
not e.hasConversion()
|
||||
)
|
||||
or
|
||||
source.asExpr().(FunctionCall).getTarget() instanceof SourceFunction
|
||||
}
|
||||
|
||||
/**
|
||||
* A taint flow configuration for flow from a sensitive expression to a network
|
||||
* operation or encryption operation.
|
||||
* operation.
|
||||
*/
|
||||
class FromSensitiveConfiguration extends TaintTracking::Configuration {
|
||||
FromSensitiveConfiguration() { this = "FromSensitiveConfiguration" }
|
||||
|
||||
override predicate isSource(DataFlow::Node source) { source instanceof SourceNode }
|
||||
override predicate isSource(DataFlow::Node source) { isSourceImpl(source) }
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) {
|
||||
sink.asExpr() = any(NetworkSendRecv nsr).getDataExpr()
|
||||
or
|
||||
sink.asExpr() instanceof Encrypted
|
||||
override predicate isSink(DataFlow::Node sink) { isSinkSendRecv(sink, _) }
|
||||
|
||||
override predicate isSanitizer(DataFlow::Node node) {
|
||||
node.asExpr().getUnspecifiedType() instanceof IntegralType
|
||||
}
|
||||
|
||||
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
|
||||
// flow through encryption functions to the return value (in case we can reach other sinks)
|
||||
node2.asExpr().(Encrypted).(FunctionCall).getAnArgument() = node1.asExpr()
|
||||
override predicate isSanitizerIn(DataFlow::Node node) {
|
||||
// As any use of a sensitive variable is a potential source, we need to block flow into
|
||||
// sources to not get path duplication.
|
||||
this.isSource(node)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A taint flow configuration for flow from a sensitive expression to an encryption operation.
|
||||
*/
|
||||
class ToEncryptionConfiguration extends TaintTracking2::Configuration {
|
||||
ToEncryptionConfiguration() { this = "ToEncryptionConfiguration" }
|
||||
|
||||
override predicate isSource(DataFlow::Node source) {
|
||||
any(FromSensitiveConfiguration config).hasFlow(source, _) and
|
||||
isSourceImpl(source)
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) { isSinkEncrypt(sink, _) }
|
||||
|
||||
override predicate isSanitizer(DataFlow::Node node) {
|
||||
node.asExpr().getUnspecifiedType() instanceof IntegralType
|
||||
}
|
||||
|
||||
override predicate isSanitizerIn(DataFlow::Node node) {
|
||||
// As any use of a sensitive variable is a potential source, we need to block flow into
|
||||
// sources to not get path duplication.
|
||||
this.isSource(node)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A taint flow configuration for flow from an encryption operation to a network operation.
|
||||
*/
|
||||
class FromEncryptionConfiguration extends TaintTracking3::Configuration {
|
||||
FromEncryptionConfiguration() { this = "FromEncryptionConfiguration" }
|
||||
|
||||
override predicate isSource(DataFlow::Node source) {
|
||||
isSinkEncrypt(source, _) or
|
||||
isSinkEncrypt(_, source.asDefiningArgument())
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) {
|
||||
any(FromSensitiveConfiguration config).hasFlowTo(sink)
|
||||
}
|
||||
|
||||
override predicate isSanitizer(DataFlow::Node node) {
|
||||
@@ -241,18 +298,14 @@ class FromSensitiveConfiguration extends TaintTracking::Configuration {
|
||||
}
|
||||
}
|
||||
|
||||
from
|
||||
FromSensitiveConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink,
|
||||
NetworkSendRecv networkSendRecv, string msg
|
||||
from DataFlow::PathNode source, DataFlow::PathNode sink, NetworkSendRecv networkSendRecv, string msg
|
||||
where
|
||||
// flow from sensitive -> network data
|
||||
config.hasFlowPath(source, sink) and
|
||||
sink.getNode().asExpr() = networkSendRecv.getDataExpr() and
|
||||
any(FromSensitiveConfiguration config).hasFlowPath(source, sink) and
|
||||
isSinkSendRecv(sink.getNode(), networkSendRecv) and
|
||||
// no flow from sensitive -> evidence of encryption
|
||||
not exists(DataFlow::Node encrypted |
|
||||
config.hasFlow(source.getNode(), encrypted) and
|
||||
encrypted.asExpr() instanceof Encrypted
|
||||
) and
|
||||
not any(ToEncryptionConfiguration config).hasFlow(source.getNode(), _) and
|
||||
not any(FromEncryptionConfiguration config).hasFlowTo(sink.getNode()) and
|
||||
// construct result
|
||||
if networkSendRecv instanceof NetworkSend
|
||||
then
|
||||
@@ -263,4 +316,4 @@ where
|
||||
msg =
|
||||
"This operation receives into '" + sink.toString() +
|
||||
"', which may put unencrypted sensitive data into $@."
|
||||
select networkSendRecv, source, sink, msg, source, source.getNode().toString()
|
||||
select networkSendRecv, source, sink, msg, source.getNode(), source.getNode().toString()
|
||||
|
||||
@@ -1,481 +1,292 @@
|
||||
edges
|
||||
| test2.cpp:63:24:63:31 | password | test2.cpp:63:16:63:20 | call to crypt |
|
||||
| test3.cpp:17:28:17:36 | password1 | test3.cpp:22:15:22:23 | password1 |
|
||||
| test3.cpp:17:28:17:36 | password1 | test3.cpp:22:15:22:23 | password1 |
|
||||
| test3.cpp:17:51:17:59 | password2 | test3.cpp:26:15:26:23 | password2 |
|
||||
| test3.cpp:17:51:17:59 | password2 | test3.cpp:26:15:26:23 | password2 |
|
||||
| test3.cpp:45:8:45:15 | Uninitialized | test3.cpp:47:15:47:22 | array to pointer conversion |
|
||||
| test3.cpp:45:8:45:15 | Uninitialized | test3.cpp:47:15:47:22 | password |
|
||||
| test3.cpp:53:8:53:15 | Uninitialized | test3.cpp:55:15:55:22 | array to pointer conversion |
|
||||
| test3.cpp:53:8:53:15 | Uninitialized | test3.cpp:55:15:55:22 | password |
|
||||
| test3.cpp:71:32:71:40 | password1 | test3.cpp:76:15:76:17 | ptr |
|
||||
| test3.cpp:71:32:71:40 | password1 | test3.cpp:76:15:76:17 | ptr |
|
||||
| test3.cpp:80:8:80:15 | Uninitialized | test3.cpp:83:15:83:17 | ptr |
|
||||
| test3.cpp:80:8:80:15 | Uninitialized | test3.cpp:83:15:83:17 | ptr |
|
||||
| test3.cpp:98:8:98:15 | Uninitialized | test3.cpp:101:12:101:19 | array to pointer conversion |
|
||||
| test3.cpp:98:8:98:15 | Uninitialized | test3.cpp:101:12:101:19 | password |
|
||||
| test3.cpp:112:20:112:25 | buffer | test3.cpp:114:14:114:19 | buffer |
|
||||
| test3.cpp:20:28:20:36 | password1 indirection | test3.cpp:22:15:22:23 | password1 |
|
||||
| test3.cpp:22:15:22:23 | password1 indirection | test3.cpp:22:15:22:23 | password1 |
|
||||
| test3.cpp:22:33:22:41 | password1 indirection | test3.cpp:22:15:22:23 | password1 |
|
||||
| test3.cpp:26:15:26:23 | password2 indirection | test3.cpp:26:15:26:23 | password2 |
|
||||
| test3.cpp:26:33:26:41 | password2 indirection | test3.cpp:26:15:26:23 | password2 |
|
||||
| test3.cpp:47:15:47:22 | password indirection | test3.cpp:47:15:47:22 | password |
|
||||
| test3.cpp:55:15:55:22 | password indirection | test3.cpp:55:15:55:22 | password |
|
||||
| test3.cpp:74:21:74:29 | Load indirection | test3.cpp:76:15:76:17 | ptr |
|
||||
| test3.cpp:81:15:81:22 | array to pointer conversion indirection | test3.cpp:83:15:83:17 | ptr |
|
||||
| test3.cpp:101:12:101:19 | password indirection | test3.cpp:101:12:101:19 | password |
|
||||
| test3.cpp:112:20:112:25 | buffer | test3.cpp:114:14:114:19 | buffer |
|
||||
| test3.cpp:112:20:112:25 | buffer indirection | test3.cpp:114:14:114:19 | buffer |
|
||||
| test3.cpp:112:20:112:25 | buffer indirection | test3.cpp:114:14:114:19 | buffer |
|
||||
| test3.cpp:117:28:117:33 | buffer indirection | test3.cpp:117:13:117:14 | VariableAddress indirection |
|
||||
| test3.cpp:124:7:124:20 | VariableAddress indirection | test3.cpp:144:16:144:29 | Call indirection |
|
||||
| test3.cpp:124:7:124:20 | VariableAddress indirection | test3.cpp:146:15:146:18 | data |
|
||||
| test3.cpp:124:7:124:20 | VariableAddress indirection | test3.cpp:146:15:146:18 | data |
|
||||
| test3.cpp:126:9:126:23 | global_password | test3.cpp:124:7:124:20 | VariableAddress indirection |
|
||||
| test3.cpp:129:39:129:47 | password1 | test3.cpp:138:24:138:32 | password1 |
|
||||
| test3.cpp:132:8:132:15 | Uninitialized | test3.cpp:134:11:134:18 | password |
|
||||
| test3.cpp:132:8:132:15 | Uninitialized | test3.cpp:134:11:134:18 | password indirection |
|
||||
| test3.cpp:126:9:126:23 | Load indirection | test3.cpp:124:7:124:20 | VariableAddress indirection |
|
||||
| test3.cpp:126:9:126:23 | Load indirection | test3.cpp:124:7:124:20 | VariableAddress indirection |
|
||||
| test3.cpp:134:11:134:18 | password | test3.cpp:112:20:112:25 | buffer |
|
||||
| test3.cpp:134:11:134:18 | password indirection | test3.cpp:112:20:112:25 | buffer indirection |
|
||||
| test3.cpp:134:11:134:18 | password indirection | test3.cpp:134:11:134:18 | password |
|
||||
| test3.cpp:138:21:138:22 | Call indirection | test3.cpp:140:15:140:17 | ptr |
|
||||
| test3.cpp:138:24:138:32 | password1 | test3.cpp:140:15:140:17 | ptr |
|
||||
| test3.cpp:138:24:138:32 | password1 | test3.cpp:140:15:140:17 | ptr |
|
||||
| test3.cpp:171:8:171:15 | Uninitialized | test3.cpp:173:15:173:22 | array to pointer conversion |
|
||||
| test3.cpp:171:8:171:15 | Uninitialized | test3.cpp:173:15:173:22 | password |
|
||||
| test3.cpp:171:8:171:15 | Uninitialized | test3.cpp:175:3:175:17 | call to decrypt_inplace |
|
||||
| test3.cpp:171:8:171:15 | Uninitialized | test3.cpp:175:19:175:26 | password |
|
||||
| test3.cpp:179:8:179:15 | Uninitialized | test3.cpp:181:15:181:22 | array to pointer conversion |
|
||||
| test3.cpp:179:8:179:15 | Uninitialized | test3.cpp:181:15:181:22 | password |
|
||||
| test3.cpp:188:8:188:15 | Uninitialized | test3.cpp:191:15:191:22 | array to pointer conversion |
|
||||
| test3.cpp:188:8:188:15 | Uninitialized | test3.cpp:191:15:191:22 | password |
|
||||
| test3.cpp:188:8:188:15 | Uninitialized | test3.cpp:193:18:193:28 | call to rtn_decrypt |
|
||||
| test3.cpp:188:8:188:15 | Uninitialized | test3.cpp:193:30:193:37 | array to pointer conversion |
|
||||
| test3.cpp:188:8:188:15 | Uninitialized | test3.cpp:193:30:193:37 | password |
|
||||
| test3.cpp:197:8:197:15 | Uninitialized | test3.cpp:199:3:199:17 | call to encrypt_inplace |
|
||||
| test3.cpp:197:8:197:15 | Uninitialized | test3.cpp:199:19:199:26 | password |
|
||||
| test3.cpp:197:8:197:15 | Uninitialized | test3.cpp:201:15:201:22 | array to pointer conversion |
|
||||
| test3.cpp:197:8:197:15 | Uninitialized | test3.cpp:201:15:201:22 | password |
|
||||
| test3.cpp:205:8:205:15 | Uninitialized | test3.cpp:207:3:207:17 | call to encrypt_inplace |
|
||||
| test3.cpp:205:8:205:15 | Uninitialized | test3.cpp:207:19:207:26 | password |
|
||||
| test3.cpp:214:8:214:15 | Uninitialized | test3.cpp:217:18:217:28 | call to rtn_encrypt |
|
||||
| test3.cpp:214:8:214:15 | Uninitialized | test3.cpp:217:30:217:37 | array to pointer conversion |
|
||||
| test3.cpp:214:8:214:15 | Uninitialized | test3.cpp:217:30:217:37 | password |
|
||||
| test3.cpp:214:8:214:15 | Uninitialized | test3.cpp:219:15:219:26 | password_ptr |
|
||||
| test3.cpp:214:8:214:15 | Uninitialized | test3.cpp:219:15:219:26 | password_ptr |
|
||||
| test3.cpp:225:34:225:41 | password | test3.cpp:228:26:228:33 | password |
|
||||
| test3.cpp:225:34:225:41 | password | test3.cpp:228:26:228:33 | password |
|
||||
| test3.cpp:239:7:239:14 | Uninitialized | test3.cpp:241:8:241:15 | password |
|
||||
| test3.cpp:252:8:252:16 | Uninitialized | test3.cpp:254:15:254:23 | array to pointer conversion |
|
||||
| test3.cpp:252:8:252:16 | Uninitialized | test3.cpp:254:15:254:23 | password1 |
|
||||
| test3.cpp:252:8:252:16 | Uninitialized | test3.cpp:256:3:256:19 | call to decrypt_to_buffer |
|
||||
| test3.cpp:252:8:252:16 | Uninitialized | test3.cpp:256:21:256:29 | array to pointer conversion |
|
||||
| test3.cpp:252:8:252:16 | Uninitialized | test3.cpp:256:21:256:29 | password1 |
|
||||
| test3.cpp:252:24:252:32 | Uninitialized | test3.cpp:256:3:256:19 | call to decrypt_to_buffer |
|
||||
| test3.cpp:252:24:252:32 | Uninitialized | test3.cpp:256:32:256:40 | password2 |
|
||||
| test3.cpp:260:8:260:16 | Uninitialized | test3.cpp:262:3:262:19 | call to encrypt_to_buffer |
|
||||
| test3.cpp:260:8:260:16 | Uninitialized | test3.cpp:262:21:262:29 | array to pointer conversion |
|
||||
| test3.cpp:260:8:260:16 | Uninitialized | test3.cpp:262:21:262:29 | password1 |
|
||||
| test3.cpp:260:24:260:32 | Uninitialized | test3.cpp:262:3:262:19 | call to encrypt_to_buffer |
|
||||
| test3.cpp:260:24:260:32 | Uninitialized | test3.cpp:262:32:262:40 | password2 |
|
||||
| test3.cpp:260:24:260:32 | Uninitialized | test3.cpp:264:15:264:23 | array to pointer conversion |
|
||||
| test3.cpp:260:24:260:32 | Uninitialized | test3.cpp:264:15:264:23 | password2 |
|
||||
| test3.cpp:268:19:268:26 | Uninitialized | test3.cpp:272:15:272:18 | array to pointer conversion |
|
||||
| test3.cpp:268:19:268:26 | Uninitialized | test3.cpp:272:15:272:18 | data |
|
||||
| test3.cpp:278:20:278:23 | data | test3.cpp:280:14:280:17 | data |
|
||||
| test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:117:28:117:33 | buffer indirection |
|
||||
| test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:138:21:138:22 | Call indirection |
|
||||
| test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:138:24:138:32 | password1 |
|
||||
| test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:140:15:140:17 | ptr |
|
||||
| test3.cpp:144:16:144:29 | Call indirection | test3.cpp:146:15:146:18 | data |
|
||||
| test3.cpp:173:15:173:22 | password indirection | test3.cpp:173:15:173:22 | password |
|
||||
| test3.cpp:181:15:181:22 | password indirection | test3.cpp:181:15:181:22 | password |
|
||||
| test3.cpp:191:15:191:22 | password indirection | test3.cpp:191:15:191:22 | password |
|
||||
| test3.cpp:199:19:199:26 | password indirection | test3.cpp:201:15:201:22 | password |
|
||||
| test3.cpp:201:15:201:22 | password indirection | test3.cpp:201:15:201:22 | password |
|
||||
| test3.cpp:201:32:201:39 | password indirection | test3.cpp:201:15:201:22 | password |
|
||||
| test3.cpp:210:15:210:22 | password indirection | test3.cpp:210:15:210:22 | password |
|
||||
| test3.cpp:210:32:210:39 | password indirection | test3.cpp:210:15:210:22 | password |
|
||||
| test3.cpp:219:15:219:26 | password_ptr indirection | test3.cpp:219:15:219:26 | password_ptr |
|
||||
| test3.cpp:219:36:219:47 | password_ptr indirection | test3.cpp:219:15:219:26 | password_ptr |
|
||||
| test3.cpp:227:22:227:29 | password indirection | test3.cpp:228:26:228:33 | password |
|
||||
| test3.cpp:228:26:228:33 | password indirection | test3.cpp:228:26:228:33 | password |
|
||||
| test3.cpp:241:8:241:15 | password indirection | test3.cpp:241:8:241:15 | password |
|
||||
| test3.cpp:254:15:254:23 | password1 indirection | test3.cpp:254:15:254:23 | password1 |
|
||||
| test3.cpp:262:32:262:40 | password2 indirection | test3.cpp:264:15:264:23 | password2 |
|
||||
| test3.cpp:264:15:264:23 | password2 indirection | test3.cpp:264:15:264:23 | password2 |
|
||||
| test3.cpp:264:33:264:41 | password2 indirection | test3.cpp:264:15:264:23 | password2 |
|
||||
| test3.cpp:270:16:270:23 | password indirection | test3.cpp:272:15:272:18 | data |
|
||||
| test3.cpp:278:20:278:23 | data | test3.cpp:280:14:280:17 | data |
|
||||
| test3.cpp:278:20:278:23 | data indirection | test3.cpp:280:14:280:17 | data |
|
||||
| test3.cpp:283:20:283:23 | data | test3.cpp:285:14:285:17 | data |
|
||||
| test3.cpp:283:20:283:23 | data | test3.cpp:285:14:285:17 | data |
|
||||
| test3.cpp:288:20:288:23 | data | test3.cpp:290:14:290:17 | data |
|
||||
| test3.cpp:283:20:283:23 | data indirection | test3.cpp:285:14:285:17 | data |
|
||||
| test3.cpp:288:20:288:23 | data | test3.cpp:290:14:290:17 | data |
|
||||
| test3.cpp:288:20:288:23 | data indirection | test3.cpp:290:14:290:17 | data |
|
||||
| test3.cpp:293:20:293:23 | data | test3.cpp:295:14:295:17 | data |
|
||||
| test3.cpp:293:20:293:23 | data | test3.cpp:295:14:295:17 | data |
|
||||
| test3.cpp:293:20:293:23 | data indirection | test3.cpp:295:14:295:17 | data |
|
||||
| test3.cpp:298:20:298:23 | data | test3.cpp:300:14:300:17 | data |
|
||||
| test3.cpp:298:20:298:23 | data | test3.cpp:300:14:300:17 | data |
|
||||
| test3.cpp:308:41:308:49 | password1 | test3.cpp:312:3:312:17 | call to encrypt_inplace |
|
||||
| test3.cpp:308:41:308:49 | password1 | test3.cpp:312:19:312:27 | password1 |
|
||||
| test3.cpp:308:41:308:49 | password1 | test3.cpp:313:11:313:19 | password1 |
|
||||
| test3.cpp:308:41:308:49 | password1 | test3.cpp:314:11:314:19 | password1 |
|
||||
| test3.cpp:308:41:308:49 | password1 | test3.cpp:316:11:316:19 | password1 |
|
||||
| test3.cpp:308:41:308:49 | password1 | test3.cpp:317:11:317:19 | password1 |
|
||||
| test3.cpp:308:58:308:66 | password2 | test3.cpp:324:11:324:14 | data |
|
||||
| test3.cpp:308:58:308:66 | password2 | test3.cpp:325:11:325:14 | data |
|
||||
| test3.cpp:298:20:298:23 | data indirection | test3.cpp:300:14:300:17 | data |
|
||||
| test3.cpp:312:19:312:27 | password1 indirection | test3.cpp:313:11:313:19 | password1 |
|
||||
| test3.cpp:312:19:312:27 | password1 indirection | test3.cpp:314:11:314:19 | password1 |
|
||||
| test3.cpp:313:11:313:19 | password1 | test3.cpp:278:20:278:23 | data |
|
||||
| test3.cpp:313:11:313:19 | password1 indirection | test3.cpp:278:20:278:23 | data indirection |
|
||||
| test3.cpp:313:11:313:19 | password1 indirection | test3.cpp:313:11:313:19 | password1 |
|
||||
| test3.cpp:313:11:313:19 | password1 indirection | test3.cpp:314:11:314:19 | password1 |
|
||||
| test3.cpp:314:11:314:19 | password1 | test3.cpp:283:20:283:23 | data |
|
||||
| test3.cpp:314:11:314:19 | password1 indirection | test3.cpp:283:20:283:23 | data indirection |
|
||||
| test3.cpp:314:11:314:19 | password1 indirection | test3.cpp:314:11:314:19 | password1 |
|
||||
| test3.cpp:316:11:316:19 | password1 | test3.cpp:283:20:283:23 | data |
|
||||
| test3.cpp:316:11:316:19 | password1 indirection | test3.cpp:283:20:283:23 | data indirection |
|
||||
| test3.cpp:316:11:316:19 | password1 indirection | test3.cpp:316:11:316:19 | password1 |
|
||||
| test3.cpp:316:11:316:19 | password1 indirection | test3.cpp:317:11:317:19 | password1 |
|
||||
| test3.cpp:317:11:317:19 | password1 | test3.cpp:288:20:288:23 | data |
|
||||
| test3.cpp:317:11:317:19 | password1 indirection | test3.cpp:288:20:288:23 | data indirection |
|
||||
| test3.cpp:317:11:317:19 | password1 indirection | test3.cpp:317:11:317:19 | password1 |
|
||||
| test3.cpp:322:16:322:24 | Load indirection | test3.cpp:324:11:324:14 | data |
|
||||
| test3.cpp:322:16:322:24 | Load indirection | test3.cpp:324:11:324:14 | data indirection |
|
||||
| test3.cpp:322:16:322:24 | Load indirection | test3.cpp:325:11:325:14 | data |
|
||||
| test3.cpp:322:16:322:24 | Load indirection | test3.cpp:325:11:325:14 | data indirection |
|
||||
| test3.cpp:324:11:324:14 | data | test3.cpp:293:20:293:23 | data |
|
||||
| test3.cpp:324:11:324:14 | data indirection | test3.cpp:293:20:293:23 | data indirection |
|
||||
| test3.cpp:325:11:325:14 | data | test3.cpp:298:20:298:23 | data |
|
||||
| test3.cpp:339:9:339:16 | Uninitialized | test3.cpp:341:16:341:23 | array to pointer conversion |
|
||||
| test3.cpp:339:9:339:16 | Uninitialized | test3.cpp:341:16:341:23 | password |
|
||||
| test3.cpp:350:9:350:16 | Uninitialized | test3.cpp:352:16:352:23 | array to pointer conversion |
|
||||
| test3.cpp:350:9:350:16 | Uninitialized | test3.cpp:352:16:352:23 | password |
|
||||
| test3.cpp:350:9:350:16 | Uninitialized | test3.cpp:353:4:353:18 | call to decrypt_inplace |
|
||||
| test3.cpp:350:9:350:16 | Uninitialized | test3.cpp:353:20:353:27 | password |
|
||||
| test3.cpp:366:8:366:15 | Uninitialized | test3.cpp:368:15:368:22 | array to pointer conversion |
|
||||
| test3.cpp:366:8:366:15 | Uninitialized | test3.cpp:368:15:368:22 | password |
|
||||
| test3.cpp:366:8:366:15 | Uninitialized | test3.cpp:374:3:374:18 | call to SecureZeroBuffer |
|
||||
| test3.cpp:366:8:366:15 | Uninitialized | test3.cpp:374:20:374:27 | password |
|
||||
| test3.cpp:386:8:386:15 | Uninitialized | test3.cpp:388:15:388:22 | array to pointer conversion |
|
||||
| test3.cpp:386:8:386:15 | Uninitialized | test3.cpp:388:15:388:22 | password |
|
||||
| test3.cpp:398:18:398:25 | Uninitialized | test3.cpp:400:15:400:23 | & ... |
|
||||
| test3.cpp:398:18:398:25 | Uninitialized | test3.cpp:400:15:400:23 | & ... |
|
||||
| test3.cpp:414:15:414:24 | array to pointer conversion | test3.cpp:414:15:414:24 | password |
|
||||
| test3.cpp:414:17:414:24 | password | test3.cpp:414:15:414:24 | array to pointer conversion |
|
||||
| test3.cpp:414:17:414:24 | password | test3.cpp:414:15:414:24 | array to pointer conversion |
|
||||
| test3.cpp:414:17:414:24 | password | test3.cpp:414:15:414:24 | password |
|
||||
| test3.cpp:420:15:420:24 | array to pointer conversion | test3.cpp:420:15:420:24 | password |
|
||||
| test3.cpp:420:17:420:24 | password | test3.cpp:420:15:420:24 | array to pointer conversion |
|
||||
| test3.cpp:420:17:420:24 | password | test3.cpp:420:15:420:24 | array to pointer conversion |
|
||||
| test3.cpp:420:17:420:24 | password | test3.cpp:420:15:420:24 | password |
|
||||
| test3.cpp:421:19:421:28 | password | test3.cpp:421:3:421:17 | call to decrypt_inplace |
|
||||
| test3.cpp:421:21:421:28 | password | test3.cpp:421:3:421:17 | call to decrypt_inplace |
|
||||
| test3.cpp:421:21:421:28 | password | test3.cpp:421:19:421:28 | password |
|
||||
| test3.cpp:421:21:421:28 | password | test3.cpp:421:19:421:28 | password |
|
||||
| test3.cpp:429:7:429:14 | Uninitialized | test3.cpp:431:8:431:15 | password |
|
||||
| test3.cpp:507:18:507:39 | social_security_number | test3.cpp:507:14:507:39 | social_security_number |
|
||||
| test3.cpp:508:18:508:33 | socialSecurityNo | test3.cpp:508:14:508:33 | socialSecurityNo |
|
||||
| test3.cpp:509:18:509:29 | homePostCode | test3.cpp:509:14:509:29 | homePostCode |
|
||||
| test3.cpp:510:18:510:28 | my_zip_code | test3.cpp:510:14:510:28 | my_zip_code |
|
||||
| test3.cpp:511:18:511:26 | telephone | test3.cpp:511:14:511:26 | telephone |
|
||||
| test3.cpp:512:18:512:36 | mobile_phone_number | test3.cpp:512:14:512:36 | mobile_phone_number |
|
||||
| test3.cpp:513:18:513:22 | email | test3.cpp:513:14:513:22 | email |
|
||||
| test3.cpp:514:18:514:38 | my_credit_card_number | test3.cpp:514:14:514:38 | my_credit_card_number |
|
||||
| test3.cpp:515:18:515:35 | my_bank_account_no | test3.cpp:515:14:515:35 | my_bank_account_no |
|
||||
| test3.cpp:516:18:516:29 | employerName | test3.cpp:516:14:516:29 | employerName |
|
||||
| test3.cpp:517:14:517:29 | array to pointer conversion | test3.cpp:517:14:517:29 | medical_info |
|
||||
| test3.cpp:517:18:517:29 | medical_info | test3.cpp:517:14:517:29 | array to pointer conversion |
|
||||
| test3.cpp:517:18:517:29 | medical_info | test3.cpp:517:14:517:29 | array to pointer conversion |
|
||||
| test3.cpp:517:18:517:29 | medical_info | test3.cpp:517:14:517:29 | medical_info |
|
||||
| test3.cpp:518:18:518:28 | license_key | test3.cpp:518:14:518:28 | license_key |
|
||||
| test3.cpp:526:44:526:54 | my_latitude | test3.cpp:527:15:527:20 | array to pointer conversion |
|
||||
| test3.cpp:526:44:526:54 | my_latitude | test3.cpp:527:15:527:20 | buffer |
|
||||
| test3.cpp:532:45:532:58 | home_longitude | test3.cpp:533:15:533:20 | array to pointer conversion |
|
||||
| test3.cpp:532:45:532:58 | home_longitude | test3.cpp:533:15:533:20 | buffer |
|
||||
| test3.cpp:551:47:551:58 | salaryString | test3.cpp:552:15:552:20 | array to pointer conversion |
|
||||
| test3.cpp:551:47:551:58 | salaryString | test3.cpp:552:15:552:20 | buffer |
|
||||
| test3.cpp:556:19:556:30 | salaryString | test3.cpp:559:15:559:20 | array to pointer conversion |
|
||||
| test3.cpp:556:19:556:30 | salaryString | test3.cpp:559:15:559:20 | buffer |
|
||||
| test3.cpp:571:8:571:21 | call to get_home_phone | test3.cpp:572:14:572:16 | str |
|
||||
| test3.cpp:325:11:325:14 | data indirection | test3.cpp:298:20:298:23 | data indirection |
|
||||
| test3.cpp:341:16:341:23 | password indirection | test3.cpp:341:16:341:23 | password |
|
||||
| test3.cpp:352:16:352:23 | password indirection | test3.cpp:352:16:352:23 | password |
|
||||
| test3.cpp:368:15:368:22 | password indirection | test3.cpp:368:15:368:22 | password |
|
||||
| test3.cpp:388:15:388:22 | password indirection | test3.cpp:388:15:388:22 | password |
|
||||
| test3.cpp:400:16:400:23 | password indirection | test3.cpp:400:15:400:23 | & ... |
|
||||
| test3.cpp:414:15:414:24 | password indirection | test3.cpp:414:15:414:24 | password |
|
||||
| test3.cpp:420:15:420:24 | password indirection | test3.cpp:420:15:420:24 | password |
|
||||
| test3.cpp:431:8:431:15 | password indirection | test3.cpp:431:8:431:15 | password |
|
||||
| test3.cpp:507:14:507:39 | social_security_number indirection | test3.cpp:507:14:507:39 | social_security_number |
|
||||
| test3.cpp:508:14:508:33 | socialSecurityNo indirection | test3.cpp:508:14:508:33 | socialSecurityNo |
|
||||
| test3.cpp:509:14:509:29 | homePostCode indirection | test3.cpp:509:14:509:29 | homePostCode |
|
||||
| test3.cpp:510:14:510:28 | my_zip_code indirection | test3.cpp:510:14:510:28 | my_zip_code |
|
||||
| test3.cpp:511:14:511:26 | telephone indirection | test3.cpp:511:14:511:26 | telephone |
|
||||
| test3.cpp:512:14:512:36 | mobile_phone_number indirection | test3.cpp:512:14:512:36 | mobile_phone_number |
|
||||
| test3.cpp:513:14:513:22 | email indirection | test3.cpp:513:14:513:22 | email |
|
||||
| test3.cpp:514:14:514:38 | my_credit_card_number indirection | test3.cpp:514:14:514:38 | my_credit_card_number |
|
||||
| test3.cpp:515:14:515:35 | my_bank_account_no indirection | test3.cpp:515:14:515:35 | my_bank_account_no |
|
||||
| test3.cpp:516:14:516:29 | employerName indirection | test3.cpp:516:14:516:29 | employerName |
|
||||
| test3.cpp:517:14:517:29 | medical_info indirection | test3.cpp:517:14:517:29 | medical_info |
|
||||
| test3.cpp:518:14:518:28 | license_key indirection | test3.cpp:518:14:518:28 | license_key |
|
||||
| test3.cpp:551:47:551:58 | salaryString indirection | test3.cpp:552:15:552:20 | buffer |
|
||||
| test3.cpp:556:19:556:30 | Load indirection | test3.cpp:559:15:559:20 | buffer |
|
||||
| test3.cpp:571:8:571:21 | call to get_home_phone | test3.cpp:572:14:572:16 | str |
|
||||
| test3.cpp:577:8:577:23 | call to get_home_address | test3.cpp:578:14:578:16 | str |
|
||||
| test3.cpp:577:8:577:23 | call to get_home_address | test3.cpp:578:14:578:16 | str |
|
||||
| test.cpp:41:23:41:43 | (char *)... | test.cpp:48:21:48:27 | call to encrypt |
|
||||
| test.cpp:41:23:41:43 | (char *)... | test.cpp:48:29:48:39 | thePassword |
|
||||
| test.cpp:41:23:41:43 | array to pointer conversion | test.cpp:48:21:48:27 | call to encrypt |
|
||||
| test.cpp:41:23:41:43 | array to pointer conversion | test.cpp:48:29:48:39 | thePassword |
|
||||
| test.cpp:41:23:41:43 | cleartext password! | test.cpp:48:21:48:27 | call to encrypt |
|
||||
| test.cpp:41:23:41:43 | cleartext password! | test.cpp:48:29:48:39 | thePassword |
|
||||
| test.cpp:66:23:66:43 | (char *)... | test.cpp:76:21:76:27 | call to encrypt |
|
||||
| test.cpp:66:23:66:43 | (char *)... | test.cpp:76:29:76:39 | thePassword |
|
||||
| test.cpp:66:23:66:43 | array to pointer conversion | test.cpp:76:21:76:27 | call to encrypt |
|
||||
| test.cpp:66:23:66:43 | array to pointer conversion | test.cpp:76:29:76:39 | thePassword |
|
||||
| test.cpp:66:23:66:43 | cleartext password! | test.cpp:76:21:76:27 | call to encrypt |
|
||||
| test.cpp:66:23:66:43 | cleartext password! | test.cpp:76:29:76:39 | thePassword |
|
||||
nodes
|
||||
| test2.cpp:63:16:63:20 | call to crypt | semmle.label | call to crypt |
|
||||
| test2.cpp:63:24:63:31 | password | semmle.label | password |
|
||||
| test2.cpp:63:24:63:31 | password | semmle.label | password |
|
||||
| test3.cpp:17:28:17:36 | password1 | semmle.label | password1 |
|
||||
| test3.cpp:17:51:17:59 | password2 | semmle.label | password2 |
|
||||
| test3.cpp:22:15:22:23 | password1 | semmle.label | password1 |
|
||||
| test3.cpp:20:28:20:36 | password1 indirection | semmle.label | password1 indirection |
|
||||
| test3.cpp:22:15:22:23 | password1 | semmle.label | password1 |
|
||||
| test3.cpp:22:15:22:23 | password1 indirection | semmle.label | password1 indirection |
|
||||
| test3.cpp:22:33:22:41 | password1 indirection | semmle.label | password1 indirection |
|
||||
| test3.cpp:26:15:26:23 | password2 | semmle.label | password2 |
|
||||
| test3.cpp:26:15:26:23 | password2 | semmle.label | password2 |
|
||||
| test3.cpp:45:8:45:15 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:47:15:47:22 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:26:15:26:23 | password2 indirection | semmle.label | password2 indirection |
|
||||
| test3.cpp:26:33:26:41 | password2 indirection | semmle.label | password2 indirection |
|
||||
| test3.cpp:47:15:47:22 | password | semmle.label | password |
|
||||
| test3.cpp:53:8:53:15 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:55:15:55:22 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:47:15:47:22 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:55:15:55:22 | password | semmle.label | password |
|
||||
| test3.cpp:71:32:71:40 | password1 | semmle.label | password1 |
|
||||
| test3.cpp:55:15:55:22 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:74:21:74:29 | Load indirection | semmle.label | Load indirection |
|
||||
| test3.cpp:76:15:76:17 | ptr | semmle.label | ptr |
|
||||
| test3.cpp:76:15:76:17 | ptr | semmle.label | ptr |
|
||||
| test3.cpp:80:8:80:15 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:81:15:81:22 | array to pointer conversion indirection | semmle.label | array to pointer conversion indirection |
|
||||
| test3.cpp:83:15:83:17 | ptr | semmle.label | ptr |
|
||||
| test3.cpp:83:15:83:17 | ptr | semmle.label | ptr |
|
||||
| test3.cpp:98:8:98:15 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:101:12:101:19 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:101:12:101:19 | password | semmle.label | password |
|
||||
| test3.cpp:101:12:101:19 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:112:20:112:25 | buffer | semmle.label | buffer |
|
||||
| test3.cpp:112:20:112:25 | buffer indirection | semmle.label | buffer indirection |
|
||||
| test3.cpp:114:14:114:19 | buffer | semmle.label | buffer |
|
||||
| test3.cpp:114:14:114:19 | buffer | semmle.label | buffer |
|
||||
| test3.cpp:117:13:117:14 | VariableAddress indirection | semmle.label | VariableAddress indirection |
|
||||
| test3.cpp:117:28:117:33 | buffer indirection | semmle.label | buffer indirection |
|
||||
| test3.cpp:124:7:124:20 | VariableAddress indirection | semmle.label | VariableAddress indirection |
|
||||
| test3.cpp:126:9:126:23 | global_password | semmle.label | global_password |
|
||||
| test3.cpp:129:39:129:47 | password1 | semmle.label | password1 |
|
||||
| test3.cpp:132:8:132:15 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:124:7:124:20 | VariableAddress indirection | semmle.label | VariableAddress indirection |
|
||||
| test3.cpp:126:9:126:23 | Load indirection | semmle.label | Load indirection |
|
||||
| test3.cpp:134:11:134:18 | password | semmle.label | password |
|
||||
| test3.cpp:134:11:134:18 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:138:21:138:22 | Call indirection | semmle.label | Call indirection |
|
||||
| test3.cpp:138:24:138:32 | password1 | semmle.label | password1 |
|
||||
| test3.cpp:138:24:138:32 | password1 indirection | semmle.label | password1 indirection |
|
||||
| test3.cpp:140:15:140:17 | ptr | semmle.label | ptr |
|
||||
| test3.cpp:140:15:140:17 | ptr | semmle.label | ptr |
|
||||
| test3.cpp:144:16:144:29 | Call indirection | semmle.label | Call indirection |
|
||||
| test3.cpp:146:15:146:18 | data | semmle.label | data |
|
||||
| test3.cpp:146:15:146:18 | data | semmle.label | data |
|
||||
| test3.cpp:171:8:171:15 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:173:15:173:22 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:173:15:173:22 | password | semmle.label | password |
|
||||
| test3.cpp:175:3:175:17 | call to decrypt_inplace | semmle.label | call to decrypt_inplace |
|
||||
| test3.cpp:175:19:175:26 | password | semmle.label | password |
|
||||
| test3.cpp:179:8:179:15 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:181:15:181:22 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:173:15:173:22 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:181:15:181:22 | password | semmle.label | password |
|
||||
| test3.cpp:188:8:188:15 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:191:15:191:22 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:181:15:181:22 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:191:15:191:22 | password | semmle.label | password |
|
||||
| test3.cpp:193:18:193:28 | call to rtn_decrypt | semmle.label | call to rtn_decrypt |
|
||||
| test3.cpp:193:30:193:37 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:193:30:193:37 | password | semmle.label | password |
|
||||
| test3.cpp:197:8:197:15 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:199:3:199:17 | call to encrypt_inplace | semmle.label | call to encrypt_inplace |
|
||||
| test3.cpp:199:19:199:26 | password | semmle.label | password |
|
||||
| test3.cpp:201:15:201:22 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:191:15:191:22 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:199:19:199:26 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:201:15:201:22 | password | semmle.label | password |
|
||||
| test3.cpp:205:8:205:15 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:207:3:207:17 | call to encrypt_inplace | semmle.label | call to encrypt_inplace |
|
||||
| test3.cpp:207:19:207:26 | password | semmle.label | password |
|
||||
| test3.cpp:214:8:214:15 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:217:18:217:28 | call to rtn_encrypt | semmle.label | call to rtn_encrypt |
|
||||
| test3.cpp:217:30:217:37 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:217:30:217:37 | password | semmle.label | password |
|
||||
| test3.cpp:201:15:201:22 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:201:32:201:39 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:210:15:210:22 | password | semmle.label | password |
|
||||
| test3.cpp:210:15:210:22 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:210:32:210:39 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:219:15:219:26 | password_ptr | semmle.label | password_ptr |
|
||||
| test3.cpp:219:15:219:26 | password_ptr | semmle.label | password_ptr |
|
||||
| test3.cpp:225:34:225:41 | password | semmle.label | password |
|
||||
| test3.cpp:219:15:219:26 | password_ptr indirection | semmle.label | password_ptr indirection |
|
||||
| test3.cpp:219:36:219:47 | password_ptr indirection | semmle.label | password_ptr indirection |
|
||||
| test3.cpp:227:22:227:29 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:228:26:228:33 | password | semmle.label | password |
|
||||
| test3.cpp:228:26:228:33 | password | semmle.label | password |
|
||||
| test3.cpp:239:7:239:14 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:228:26:228:33 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:241:8:241:15 | password | semmle.label | password |
|
||||
| test3.cpp:252:8:252:16 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:252:24:252:32 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:254:15:254:23 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:241:8:241:15 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:254:15:254:23 | password1 | semmle.label | password1 |
|
||||
| test3.cpp:256:3:256:19 | call to decrypt_to_buffer | semmle.label | call to decrypt_to_buffer |
|
||||
| test3.cpp:256:21:256:29 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:256:21:256:29 | password1 | semmle.label | password1 |
|
||||
| test3.cpp:256:32:256:40 | password2 | semmle.label | password2 |
|
||||
| test3.cpp:260:8:260:16 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:260:24:260:32 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:262:3:262:19 | call to encrypt_to_buffer | semmle.label | call to encrypt_to_buffer |
|
||||
| test3.cpp:262:21:262:29 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:262:21:262:29 | password1 | semmle.label | password1 |
|
||||
| test3.cpp:262:32:262:40 | password2 | semmle.label | password2 |
|
||||
| test3.cpp:264:15:264:23 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:254:15:254:23 | password1 indirection | semmle.label | password1 indirection |
|
||||
| test3.cpp:262:32:262:40 | password2 indirection | semmle.label | password2 indirection |
|
||||
| test3.cpp:264:15:264:23 | password2 | semmle.label | password2 |
|
||||
| test3.cpp:268:19:268:26 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:272:15:272:18 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:264:15:264:23 | password2 indirection | semmle.label | password2 indirection |
|
||||
| test3.cpp:264:33:264:41 | password2 indirection | semmle.label | password2 indirection |
|
||||
| test3.cpp:270:16:270:23 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:272:15:272:18 | data | semmle.label | data |
|
||||
| test3.cpp:278:20:278:23 | data | semmle.label | data |
|
||||
| test3.cpp:280:14:280:17 | data | semmle.label | data |
|
||||
| test3.cpp:278:20:278:23 | data indirection | semmle.label | data indirection |
|
||||
| test3.cpp:280:14:280:17 | data | semmle.label | data |
|
||||
| test3.cpp:283:20:283:23 | data | semmle.label | data |
|
||||
| test3.cpp:285:14:285:17 | data | semmle.label | data |
|
||||
| test3.cpp:283:20:283:23 | data indirection | semmle.label | data indirection |
|
||||
| test3.cpp:285:14:285:17 | data | semmle.label | data |
|
||||
| test3.cpp:288:20:288:23 | data | semmle.label | data |
|
||||
| test3.cpp:290:14:290:17 | data | semmle.label | data |
|
||||
| test3.cpp:288:20:288:23 | data indirection | semmle.label | data indirection |
|
||||
| test3.cpp:290:14:290:17 | data | semmle.label | data |
|
||||
| test3.cpp:293:20:293:23 | data | semmle.label | data |
|
||||
| test3.cpp:295:14:295:17 | data | semmle.label | data |
|
||||
| test3.cpp:293:20:293:23 | data indirection | semmle.label | data indirection |
|
||||
| test3.cpp:295:14:295:17 | data | semmle.label | data |
|
||||
| test3.cpp:298:20:298:23 | data | semmle.label | data |
|
||||
| test3.cpp:298:20:298:23 | data indirection | semmle.label | data indirection |
|
||||
| test3.cpp:300:14:300:17 | data | semmle.label | data |
|
||||
| test3.cpp:300:14:300:17 | data | semmle.label | data |
|
||||
| test3.cpp:308:41:308:49 | password1 | semmle.label | password1 |
|
||||
| test3.cpp:308:58:308:66 | password2 | semmle.label | password2 |
|
||||
| test3.cpp:312:3:312:17 | call to encrypt_inplace | semmle.label | call to encrypt_inplace |
|
||||
| test3.cpp:312:19:312:27 | password1 | semmle.label | password1 |
|
||||
| test3.cpp:312:19:312:27 | password1 indirection | semmle.label | password1 indirection |
|
||||
| test3.cpp:313:11:313:19 | password1 | semmle.label | password1 |
|
||||
| test3.cpp:313:11:313:19 | password1 indirection | semmle.label | password1 indirection |
|
||||
| test3.cpp:314:11:314:19 | password1 | semmle.label | password1 |
|
||||
| test3.cpp:314:11:314:19 | password1 indirection | semmle.label | password1 indirection |
|
||||
| test3.cpp:316:11:316:19 | password1 | semmle.label | password1 |
|
||||
| test3.cpp:316:11:316:19 | password1 indirection | semmle.label | password1 indirection |
|
||||
| test3.cpp:317:11:317:19 | password1 | semmle.label | password1 |
|
||||
| test3.cpp:317:11:317:19 | password1 indirection | semmle.label | password1 indirection |
|
||||
| test3.cpp:322:16:322:24 | Load indirection | semmle.label | Load indirection |
|
||||
| test3.cpp:324:11:324:14 | data | semmle.label | data |
|
||||
| test3.cpp:324:11:324:14 | data indirection | semmle.label | data indirection |
|
||||
| test3.cpp:325:11:325:14 | data | semmle.label | data |
|
||||
| test3.cpp:339:9:339:16 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:341:16:341:23 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:325:11:325:14 | data indirection | semmle.label | data indirection |
|
||||
| test3.cpp:341:16:341:23 | password | semmle.label | password |
|
||||
| test3.cpp:350:9:350:16 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:352:16:352:23 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:341:16:341:23 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:352:16:352:23 | password | semmle.label | password |
|
||||
| test3.cpp:353:4:353:18 | call to decrypt_inplace | semmle.label | call to decrypt_inplace |
|
||||
| test3.cpp:353:20:353:27 | password | semmle.label | password |
|
||||
| test3.cpp:366:8:366:15 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:368:15:368:22 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:352:16:352:23 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:368:15:368:22 | password | semmle.label | password |
|
||||
| test3.cpp:374:3:374:18 | call to SecureZeroBuffer | semmle.label | call to SecureZeroBuffer |
|
||||
| test3.cpp:374:20:374:27 | password | semmle.label | password |
|
||||
| test3.cpp:386:8:386:15 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:388:15:388:22 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:368:15:368:22 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:388:15:388:22 | password | semmle.label | password |
|
||||
| test3.cpp:398:18:398:25 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:388:15:388:22 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:400:15:400:23 | & ... | semmle.label | & ... |
|
||||
| test3.cpp:400:15:400:23 | & ... | semmle.label | & ... |
|
||||
| test3.cpp:414:15:414:24 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:414:15:414:24 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:400:16:400:23 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:414:15:414:24 | password | semmle.label | password |
|
||||
| test3.cpp:414:17:414:24 | password | semmle.label | password |
|
||||
| test3.cpp:414:17:414:24 | password | semmle.label | password |
|
||||
| test3.cpp:420:15:420:24 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:420:15:420:24 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:414:15:414:24 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:420:15:420:24 | password | semmle.label | password |
|
||||
| test3.cpp:420:17:420:24 | password | semmle.label | password |
|
||||
| test3.cpp:420:17:420:24 | password | semmle.label | password |
|
||||
| test3.cpp:421:3:421:17 | call to decrypt_inplace | semmle.label | call to decrypt_inplace |
|
||||
| test3.cpp:421:19:421:28 | password | semmle.label | password |
|
||||
| test3.cpp:421:19:421:28 | password | semmle.label | password |
|
||||
| test3.cpp:421:21:421:28 | password | semmle.label | password |
|
||||
| test3.cpp:421:21:421:28 | password | semmle.label | password |
|
||||
| test3.cpp:429:7:429:14 | Uninitialized | semmle.label | Uninitialized |
|
||||
| test3.cpp:420:15:420:24 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:431:8:431:15 | password | semmle.label | password |
|
||||
| test3.cpp:431:8:431:15 | password indirection | semmle.label | password indirection |
|
||||
| test3.cpp:507:14:507:39 | social_security_number | semmle.label | social_security_number |
|
||||
| test3.cpp:507:18:507:39 | social_security_number | semmle.label | social_security_number |
|
||||
| test3.cpp:507:18:507:39 | social_security_number | semmle.label | social_security_number |
|
||||
| test3.cpp:507:14:507:39 | social_security_number indirection | semmle.label | social_security_number indirection |
|
||||
| test3.cpp:508:14:508:33 | socialSecurityNo | semmle.label | socialSecurityNo |
|
||||
| test3.cpp:508:18:508:33 | socialSecurityNo | semmle.label | socialSecurityNo |
|
||||
| test3.cpp:508:18:508:33 | socialSecurityNo | semmle.label | socialSecurityNo |
|
||||
| test3.cpp:508:14:508:33 | socialSecurityNo indirection | semmle.label | socialSecurityNo indirection |
|
||||
| test3.cpp:509:14:509:29 | homePostCode | semmle.label | homePostCode |
|
||||
| test3.cpp:509:18:509:29 | homePostCode | semmle.label | homePostCode |
|
||||
| test3.cpp:509:18:509:29 | homePostCode | semmle.label | homePostCode |
|
||||
| test3.cpp:509:14:509:29 | homePostCode indirection | semmle.label | homePostCode indirection |
|
||||
| test3.cpp:510:14:510:28 | my_zip_code | semmle.label | my_zip_code |
|
||||
| test3.cpp:510:18:510:28 | my_zip_code | semmle.label | my_zip_code |
|
||||
| test3.cpp:510:18:510:28 | my_zip_code | semmle.label | my_zip_code |
|
||||
| test3.cpp:510:14:510:28 | my_zip_code indirection | semmle.label | my_zip_code indirection |
|
||||
| test3.cpp:511:14:511:26 | telephone | semmle.label | telephone |
|
||||
| test3.cpp:511:18:511:26 | telephone | semmle.label | telephone |
|
||||
| test3.cpp:511:18:511:26 | telephone | semmle.label | telephone |
|
||||
| test3.cpp:511:14:511:26 | telephone indirection | semmle.label | telephone indirection |
|
||||
| test3.cpp:512:14:512:36 | mobile_phone_number | semmle.label | mobile_phone_number |
|
||||
| test3.cpp:512:18:512:36 | mobile_phone_number | semmle.label | mobile_phone_number |
|
||||
| test3.cpp:512:18:512:36 | mobile_phone_number | semmle.label | mobile_phone_number |
|
||||
| test3.cpp:512:14:512:36 | mobile_phone_number indirection | semmle.label | mobile_phone_number indirection |
|
||||
| test3.cpp:513:14:513:22 | email | semmle.label | email |
|
||||
| test3.cpp:513:18:513:22 | email | semmle.label | email |
|
||||
| test3.cpp:513:18:513:22 | email | semmle.label | email |
|
||||
| test3.cpp:513:14:513:22 | email indirection | semmle.label | email indirection |
|
||||
| test3.cpp:514:14:514:38 | my_credit_card_number | semmle.label | my_credit_card_number |
|
||||
| test3.cpp:514:18:514:38 | my_credit_card_number | semmle.label | my_credit_card_number |
|
||||
| test3.cpp:514:18:514:38 | my_credit_card_number | semmle.label | my_credit_card_number |
|
||||
| test3.cpp:514:14:514:38 | my_credit_card_number indirection | semmle.label | my_credit_card_number indirection |
|
||||
| test3.cpp:515:14:515:35 | my_bank_account_no | semmle.label | my_bank_account_no |
|
||||
| test3.cpp:515:18:515:35 | my_bank_account_no | semmle.label | my_bank_account_no |
|
||||
| test3.cpp:515:18:515:35 | my_bank_account_no | semmle.label | my_bank_account_no |
|
||||
| test3.cpp:515:14:515:35 | my_bank_account_no indirection | semmle.label | my_bank_account_no indirection |
|
||||
| test3.cpp:516:14:516:29 | employerName | semmle.label | employerName |
|
||||
| test3.cpp:516:18:516:29 | employerName | semmle.label | employerName |
|
||||
| test3.cpp:516:18:516:29 | employerName | semmle.label | employerName |
|
||||
| test3.cpp:517:14:517:29 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:517:14:517:29 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:516:14:516:29 | employerName indirection | semmle.label | employerName indirection |
|
||||
| test3.cpp:517:14:517:29 | medical_info | semmle.label | medical_info |
|
||||
| test3.cpp:517:18:517:29 | medical_info | semmle.label | medical_info |
|
||||
| test3.cpp:517:18:517:29 | medical_info | semmle.label | medical_info |
|
||||
| test3.cpp:517:14:517:29 | medical_info indirection | semmle.label | medical_info indirection |
|
||||
| test3.cpp:518:14:518:28 | license_key | semmle.label | license_key |
|
||||
| test3.cpp:518:18:518:28 | license_key | semmle.label | license_key |
|
||||
| test3.cpp:518:18:518:28 | license_key | semmle.label | license_key |
|
||||
| test3.cpp:526:44:526:54 | my_latitude | semmle.label | my_latitude |
|
||||
| test3.cpp:527:15:527:20 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:527:15:527:20 | buffer | semmle.label | buffer |
|
||||
| test3.cpp:532:45:532:58 | home_longitude | semmle.label | home_longitude |
|
||||
| test3.cpp:533:15:533:20 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:533:15:533:20 | buffer | semmle.label | buffer |
|
||||
| test3.cpp:551:47:551:58 | salaryString | semmle.label | salaryString |
|
||||
| test3.cpp:552:15:552:20 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:518:14:518:28 | license_key indirection | semmle.label | license_key indirection |
|
||||
| test3.cpp:551:47:551:58 | salaryString indirection | semmle.label | salaryString indirection |
|
||||
| test3.cpp:552:15:552:20 | buffer | semmle.label | buffer |
|
||||
| test3.cpp:556:19:556:30 | salaryString | semmle.label | salaryString |
|
||||
| test3.cpp:559:15:559:20 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test3.cpp:556:19:556:30 | Load indirection | semmle.label | Load indirection |
|
||||
| test3.cpp:559:15:559:20 | buffer | semmle.label | buffer |
|
||||
| test3.cpp:571:8:571:21 | call to get_home_phone | semmle.label | call to get_home_phone |
|
||||
| test3.cpp:572:14:572:16 | str | semmle.label | str |
|
||||
| test3.cpp:572:14:572:16 | str | semmle.label | str |
|
||||
| test3.cpp:577:8:577:23 | call to get_home_address | semmle.label | call to get_home_address |
|
||||
| test3.cpp:578:14:578:16 | str | semmle.label | str |
|
||||
| test3.cpp:578:14:578:16 | str | semmle.label | str |
|
||||
| test.cpp:41:23:41:43 | (char *)... | semmle.label | (char *)... |
|
||||
| test.cpp:41:23:41:43 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test.cpp:41:23:41:43 | cleartext password! | semmle.label | cleartext password! |
|
||||
| test.cpp:48:21:48:27 | call to encrypt | semmle.label | call to encrypt |
|
||||
| test.cpp:48:29:48:39 | thePassword | semmle.label | thePassword |
|
||||
| test.cpp:66:23:66:43 | (char *)... | semmle.label | (char *)... |
|
||||
| test.cpp:66:23:66:43 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test.cpp:66:23:66:43 | cleartext password! | semmle.label | cleartext password! |
|
||||
| test.cpp:76:21:76:27 | call to encrypt | semmle.label | call to encrypt |
|
||||
| test.cpp:76:29:76:39 | thePassword | semmle.label | thePassword |
|
||||
subpaths
|
||||
| test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:117:28:117:33 | buffer indirection | test3.cpp:117:13:117:14 | VariableAddress indirection | test3.cpp:138:21:138:22 | Call indirection |
|
||||
#select
|
||||
| test3.cpp:22:3:22:6 | call to send | test3.cpp:17:28:17:36 | password1 | test3.cpp:22:15:22:23 | password1 | This operation transmits 'password1', which may contain unencrypted sensitive data from $@. | test3.cpp:17:28:17:36 | password1 | password1 |
|
||||
| test3.cpp:22:3:22:6 | call to send | test3.cpp:17:28:17:36 | password1 | test3.cpp:22:15:22:23 | password1 | This operation transmits 'password1', which may contain unencrypted sensitive data from $@. | test3.cpp:17:28:17:36 | password1 | password1 |
|
||||
| test3.cpp:26:3:26:6 | call to send | test3.cpp:17:51:17:59 | password2 | test3.cpp:26:15:26:23 | password2 | This operation transmits 'password2', which may contain unencrypted sensitive data from $@. | test3.cpp:17:51:17:59 | password2 | password2 |
|
||||
| test3.cpp:26:3:26:6 | call to send | test3.cpp:17:51:17:59 | password2 | test3.cpp:26:15:26:23 | password2 | This operation transmits 'password2', which may contain unencrypted sensitive data from $@. | test3.cpp:17:51:17:59 | password2 | password2 |
|
||||
| test3.cpp:47:3:47:6 | call to recv | test3.cpp:45:8:45:15 | Uninitialized | test3.cpp:47:15:47:22 | array to pointer conversion | This operation receives into 'array to pointer conversion', which may put unencrypted sensitive data into $@. | test3.cpp:45:8:45:15 | Uninitialized | Uninitialized |
|
||||
| test3.cpp:47:3:47:6 | call to recv | test3.cpp:45:8:45:15 | Uninitialized | test3.cpp:47:15:47:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:45:8:45:15 | Uninitialized | Uninitialized |
|
||||
| test3.cpp:55:3:55:6 | call to recv | test3.cpp:53:8:53:15 | Uninitialized | test3.cpp:55:15:55:22 | array to pointer conversion | This operation receives into 'array to pointer conversion', which may put unencrypted sensitive data into $@. | test3.cpp:53:8:53:15 | Uninitialized | Uninitialized |
|
||||
| test3.cpp:55:3:55:6 | call to recv | test3.cpp:53:8:53:15 | Uninitialized | test3.cpp:55:15:55:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:53:8:53:15 | Uninitialized | Uninitialized |
|
||||
| test3.cpp:76:3:76:6 | call to send | test3.cpp:71:32:71:40 | password1 | test3.cpp:76:15:76:17 | ptr | This operation transmits 'ptr', which may contain unencrypted sensitive data from $@. | test3.cpp:71:32:71:40 | password1 | password1 |
|
||||
| test3.cpp:76:3:76:6 | call to send | test3.cpp:71:32:71:40 | password1 | test3.cpp:76:15:76:17 | ptr | This operation transmits 'ptr', which may contain unencrypted sensitive data from $@. | test3.cpp:71:32:71:40 | password1 | password1 |
|
||||
| test3.cpp:83:3:83:6 | call to recv | test3.cpp:80:8:80:15 | Uninitialized | test3.cpp:83:15:83:17 | ptr | This operation receives into 'ptr', which may put unencrypted sensitive data into $@. | test3.cpp:80:8:80:15 | Uninitialized | Uninitialized |
|
||||
| test3.cpp:83:3:83:6 | call to recv | test3.cpp:80:8:80:15 | Uninitialized | test3.cpp:83:15:83:17 | ptr | This operation receives into 'ptr', which may put unencrypted sensitive data into $@. | test3.cpp:80:8:80:15 | Uninitialized | Uninitialized |
|
||||
| test3.cpp:101:3:101:6 | call to read | test3.cpp:98:8:98:15 | Uninitialized | test3.cpp:101:12:101:19 | array to pointer conversion | This operation receives into 'array to pointer conversion', which may put unencrypted sensitive data into $@. | test3.cpp:98:8:98:15 | Uninitialized | Uninitialized |
|
||||
| test3.cpp:101:3:101:6 | call to read | test3.cpp:98:8:98:15 | Uninitialized | test3.cpp:101:12:101:19 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:98:8:98:15 | Uninitialized | Uninitialized |
|
||||
| test3.cpp:114:2:114:5 | call to recv | test3.cpp:132:8:132:15 | Uninitialized | test3.cpp:114:14:114:19 | buffer | This operation receives into 'buffer', which may put unencrypted sensitive data into $@. | test3.cpp:132:8:132:15 | Uninitialized | Uninitialized |
|
||||
| test3.cpp:114:2:114:5 | call to recv | test3.cpp:132:8:132:15 | Uninitialized | test3.cpp:114:14:114:19 | buffer | This operation receives into 'buffer', which may put unencrypted sensitive data into $@. | test3.cpp:132:8:132:15 | Uninitialized | Uninitialized |
|
||||
| test3.cpp:140:3:140:6 | call to send | test3.cpp:129:39:129:47 | password1 | test3.cpp:140:15:140:17 | ptr | This operation transmits 'ptr', which may contain unencrypted sensitive data from $@. | test3.cpp:129:39:129:47 | password1 | password1 |
|
||||
| test3.cpp:140:3:140:6 | call to send | test3.cpp:129:39:129:47 | password1 | test3.cpp:140:15:140:17 | ptr | This operation transmits 'ptr', which may contain unencrypted sensitive data from $@. | test3.cpp:129:39:129:47 | password1 | password1 |
|
||||
| test3.cpp:146:3:146:6 | call to send | test3.cpp:126:9:126:23 | global_password | test3.cpp:146:15:146:18 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:126:9:126:23 | global_password | global_password |
|
||||
| test3.cpp:146:3:146:6 | call to send | test3.cpp:126:9:126:23 | global_password | test3.cpp:146:15:146:18 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:126:9:126:23 | global_password | global_password |
|
||||
| test3.cpp:181:3:181:6 | call to recv | test3.cpp:179:8:179:15 | Uninitialized | test3.cpp:181:15:181:22 | array to pointer conversion | This operation receives into 'array to pointer conversion', which may put unencrypted sensitive data into $@. | test3.cpp:179:8:179:15 | Uninitialized | Uninitialized |
|
||||
| test3.cpp:181:3:181:6 | call to recv | test3.cpp:179:8:179:15 | Uninitialized | test3.cpp:181:15:181:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:179:8:179:15 | Uninitialized | Uninitialized |
|
||||
| test3.cpp:228:2:228:5 | call to send | test3.cpp:225:34:225:41 | password | test3.cpp:228:26:228:33 | password | This operation transmits 'password', which may contain unencrypted sensitive data from $@. | test3.cpp:225:34:225:41 | password | password |
|
||||
| test3.cpp:228:2:228:5 | call to send | test3.cpp:225:34:225:41 | password | test3.cpp:228:26:228:33 | password | This operation transmits 'password', which may contain unencrypted sensitive data from $@. | test3.cpp:225:34:225:41 | password | password |
|
||||
| test3.cpp:241:2:241:6 | call to fgets | test3.cpp:239:7:239:14 | Uninitialized | test3.cpp:241:8:241:15 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:239:7:239:14 | Uninitialized | Uninitialized |
|
||||
| test3.cpp:272:3:272:6 | call to send | test3.cpp:268:19:268:26 | Uninitialized | test3.cpp:272:15:272:18 | array to pointer conversion | This operation transmits 'array to pointer conversion', which may contain unencrypted sensitive data from $@. | test3.cpp:268:19:268:26 | Uninitialized | Uninitialized |
|
||||
| test3.cpp:272:3:272:6 | call to send | test3.cpp:268:19:268:26 | Uninitialized | test3.cpp:272:15:272:18 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:268:19:268:26 | Uninitialized | Uninitialized |
|
||||
| test3.cpp:295:2:295:5 | call to send | test3.cpp:308:58:308:66 | password2 | test3.cpp:295:14:295:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:308:58:308:66 | password2 | password2 |
|
||||
| test3.cpp:295:2:295:5 | call to send | test3.cpp:308:58:308:66 | password2 | test3.cpp:295:14:295:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:308:58:308:66 | password2 | password2 |
|
||||
| test3.cpp:300:2:300:5 | call to send | test3.cpp:308:58:308:66 | password2 | test3.cpp:300:14:300:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:308:58:308:66 | password2 | password2 |
|
||||
| test3.cpp:300:2:300:5 | call to send | test3.cpp:308:58:308:66 | password2 | test3.cpp:300:14:300:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:308:58:308:66 | password2 | password2 |
|
||||
| test3.cpp:341:4:341:7 | call to recv | test3.cpp:339:9:339:16 | Uninitialized | test3.cpp:341:16:341:23 | array to pointer conversion | This operation receives into 'array to pointer conversion', which may put unencrypted sensitive data into $@. | test3.cpp:339:9:339:16 | Uninitialized | Uninitialized |
|
||||
| test3.cpp:341:4:341:7 | call to recv | test3.cpp:339:9:339:16 | Uninitialized | test3.cpp:341:16:341:23 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:339:9:339:16 | Uninitialized | Uninitialized |
|
||||
| test3.cpp:388:3:388:6 | call to recv | test3.cpp:386:8:386:15 | Uninitialized | test3.cpp:388:15:388:22 | array to pointer conversion | This operation receives into 'array to pointer conversion', which may put unencrypted sensitive data into $@. | test3.cpp:386:8:386:15 | Uninitialized | Uninitialized |
|
||||
| test3.cpp:388:3:388:6 | call to recv | test3.cpp:386:8:386:15 | Uninitialized | test3.cpp:388:15:388:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:386:8:386:15 | Uninitialized | Uninitialized |
|
||||
| test3.cpp:414:3:414:6 | call to recv | test3.cpp:414:15:414:24 | array to pointer conversion | test3.cpp:414:15:414:24 | array to pointer conversion | This operation receives into 'array to pointer conversion', which may put unencrypted sensitive data into $@. | test3.cpp:414:15:414:24 | array to pointer conversion | array to pointer conversion |
|
||||
| test3.cpp:414:3:414:6 | call to recv | test3.cpp:414:15:414:24 | array to pointer conversion | test3.cpp:414:15:414:24 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:414:15:414:24 | array to pointer conversion | array to pointer conversion |
|
||||
| test3.cpp:414:3:414:6 | call to recv | test3.cpp:414:15:414:24 | password | test3.cpp:414:15:414:24 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:414:15:414:24 | password | password |
|
||||
| test3.cpp:414:3:414:6 | call to recv | test3.cpp:414:17:414:24 | password | test3.cpp:414:15:414:24 | array to pointer conversion | This operation receives into 'array to pointer conversion', which may put unencrypted sensitive data into $@. | test3.cpp:414:17:414:24 | password | password |
|
||||
| test3.cpp:414:3:414:6 | call to recv | test3.cpp:414:17:414:24 | password | test3.cpp:414:15:414:24 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:414:17:414:24 | password | password |
|
||||
| test3.cpp:414:3:414:6 | call to recv | test3.cpp:414:17:414:24 | password | test3.cpp:414:17:414:24 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:414:17:414:24 | password | password |
|
||||
| test3.cpp:420:3:420:6 | call to recv | test3.cpp:420:15:420:24 | array to pointer conversion | test3.cpp:420:15:420:24 | array to pointer conversion | This operation receives into 'array to pointer conversion', which may put unencrypted sensitive data into $@. | test3.cpp:420:15:420:24 | array to pointer conversion | array to pointer conversion |
|
||||
| test3.cpp:420:3:420:6 | call to recv | test3.cpp:420:15:420:24 | array to pointer conversion | test3.cpp:420:15:420:24 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:420:15:420:24 | array to pointer conversion | array to pointer conversion |
|
||||
| test3.cpp:420:3:420:6 | call to recv | test3.cpp:420:15:420:24 | password | test3.cpp:420:15:420:24 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:420:15:420:24 | password | password |
|
||||
| test3.cpp:420:3:420:6 | call to recv | test3.cpp:420:17:420:24 | password | test3.cpp:420:15:420:24 | array to pointer conversion | This operation receives into 'array to pointer conversion', which may put unencrypted sensitive data into $@. | test3.cpp:420:17:420:24 | password | password |
|
||||
| test3.cpp:420:3:420:6 | call to recv | test3.cpp:420:17:420:24 | password | test3.cpp:420:15:420:24 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:420:17:420:24 | password | password |
|
||||
| test3.cpp:420:3:420:6 | call to recv | test3.cpp:420:17:420:24 | password | test3.cpp:420:17:420:24 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:420:17:420:24 | password | password |
|
||||
| test3.cpp:431:2:431:6 | call to fgets | test3.cpp:429:7:429:14 | Uninitialized | test3.cpp:431:8:431:15 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:429:7:429:14 | Uninitialized | Uninitialized |
|
||||
| test3.cpp:507:2:507:5 | call to send | test3.cpp:507:14:507:39 | social_security_number | test3.cpp:507:14:507:39 | social_security_number | This operation transmits 'social_security_number', which may contain unencrypted sensitive data from $@. | test3.cpp:507:14:507:39 | social_security_number | social_security_number |
|
||||
| test3.cpp:507:2:507:5 | call to send | test3.cpp:507:18:507:39 | social_security_number | test3.cpp:507:14:507:39 | social_security_number | This operation transmits 'social_security_number', which may contain unencrypted sensitive data from $@. | test3.cpp:507:18:507:39 | social_security_number | social_security_number |
|
||||
| test3.cpp:507:2:507:5 | call to send | test3.cpp:507:18:507:39 | social_security_number | test3.cpp:507:18:507:39 | social_security_number | This operation transmits 'social_security_number', which may contain unencrypted sensitive data from $@. | test3.cpp:507:18:507:39 | social_security_number | social_security_number |
|
||||
| test3.cpp:508:2:508:5 | call to send | test3.cpp:508:14:508:33 | socialSecurityNo | test3.cpp:508:14:508:33 | socialSecurityNo | This operation transmits 'socialSecurityNo', which may contain unencrypted sensitive data from $@. | test3.cpp:508:14:508:33 | socialSecurityNo | socialSecurityNo |
|
||||
| test3.cpp:508:2:508:5 | call to send | test3.cpp:508:18:508:33 | socialSecurityNo | test3.cpp:508:14:508:33 | socialSecurityNo | This operation transmits 'socialSecurityNo', which may contain unencrypted sensitive data from $@. | test3.cpp:508:18:508:33 | socialSecurityNo | socialSecurityNo |
|
||||
| test3.cpp:508:2:508:5 | call to send | test3.cpp:508:18:508:33 | socialSecurityNo | test3.cpp:508:18:508:33 | socialSecurityNo | This operation transmits 'socialSecurityNo', which may contain unencrypted sensitive data from $@. | test3.cpp:508:18:508:33 | socialSecurityNo | socialSecurityNo |
|
||||
| test3.cpp:509:2:509:5 | call to send | test3.cpp:509:14:509:29 | homePostCode | test3.cpp:509:14:509:29 | homePostCode | This operation transmits 'homePostCode', which may contain unencrypted sensitive data from $@. | test3.cpp:509:14:509:29 | homePostCode | homePostCode |
|
||||
| test3.cpp:509:2:509:5 | call to send | test3.cpp:509:18:509:29 | homePostCode | test3.cpp:509:14:509:29 | homePostCode | This operation transmits 'homePostCode', which may contain unencrypted sensitive data from $@. | test3.cpp:509:18:509:29 | homePostCode | homePostCode |
|
||||
| test3.cpp:509:2:509:5 | call to send | test3.cpp:509:18:509:29 | homePostCode | test3.cpp:509:18:509:29 | homePostCode | This operation transmits 'homePostCode', which may contain unencrypted sensitive data from $@. | test3.cpp:509:18:509:29 | homePostCode | homePostCode |
|
||||
| test3.cpp:510:2:510:5 | call to send | test3.cpp:510:14:510:28 | my_zip_code | test3.cpp:510:14:510:28 | my_zip_code | This operation transmits 'my_zip_code', which may contain unencrypted sensitive data from $@. | test3.cpp:510:14:510:28 | my_zip_code | my_zip_code |
|
||||
| test3.cpp:510:2:510:5 | call to send | test3.cpp:510:18:510:28 | my_zip_code | test3.cpp:510:14:510:28 | my_zip_code | This operation transmits 'my_zip_code', which may contain unencrypted sensitive data from $@. | test3.cpp:510:18:510:28 | my_zip_code | my_zip_code |
|
||||
| test3.cpp:510:2:510:5 | call to send | test3.cpp:510:18:510:28 | my_zip_code | test3.cpp:510:18:510:28 | my_zip_code | This operation transmits 'my_zip_code', which may contain unencrypted sensitive data from $@. | test3.cpp:510:18:510:28 | my_zip_code | my_zip_code |
|
||||
| test3.cpp:511:2:511:5 | call to send | test3.cpp:511:14:511:26 | telephone | test3.cpp:511:14:511:26 | telephone | This operation transmits 'telephone', which may contain unencrypted sensitive data from $@. | test3.cpp:511:14:511:26 | telephone | telephone |
|
||||
| test3.cpp:511:2:511:5 | call to send | test3.cpp:511:18:511:26 | telephone | test3.cpp:511:14:511:26 | telephone | This operation transmits 'telephone', which may contain unencrypted sensitive data from $@. | test3.cpp:511:18:511:26 | telephone | telephone |
|
||||
| test3.cpp:511:2:511:5 | call to send | test3.cpp:511:18:511:26 | telephone | test3.cpp:511:18:511:26 | telephone | This operation transmits 'telephone', which may contain unencrypted sensitive data from $@. | test3.cpp:511:18:511:26 | telephone | telephone |
|
||||
| test3.cpp:512:2:512:5 | call to send | test3.cpp:512:14:512:36 | mobile_phone_number | test3.cpp:512:14:512:36 | mobile_phone_number | This operation transmits 'mobile_phone_number', which may contain unencrypted sensitive data from $@. | test3.cpp:512:14:512:36 | mobile_phone_number | mobile_phone_number |
|
||||
| test3.cpp:512:2:512:5 | call to send | test3.cpp:512:18:512:36 | mobile_phone_number | test3.cpp:512:14:512:36 | mobile_phone_number | This operation transmits 'mobile_phone_number', which may contain unencrypted sensitive data from $@. | test3.cpp:512:18:512:36 | mobile_phone_number | mobile_phone_number |
|
||||
| test3.cpp:512:2:512:5 | call to send | test3.cpp:512:18:512:36 | mobile_phone_number | test3.cpp:512:18:512:36 | mobile_phone_number | This operation transmits 'mobile_phone_number', which may contain unencrypted sensitive data from $@. | test3.cpp:512:18:512:36 | mobile_phone_number | mobile_phone_number |
|
||||
| test3.cpp:513:2:513:5 | call to send | test3.cpp:513:14:513:22 | email | test3.cpp:513:14:513:22 | email | This operation transmits 'email', which may contain unencrypted sensitive data from $@. | test3.cpp:513:14:513:22 | email | email |
|
||||
| test3.cpp:513:2:513:5 | call to send | test3.cpp:513:18:513:22 | email | test3.cpp:513:14:513:22 | email | This operation transmits 'email', which may contain unencrypted sensitive data from $@. | test3.cpp:513:18:513:22 | email | email |
|
||||
| test3.cpp:513:2:513:5 | call to send | test3.cpp:513:18:513:22 | email | test3.cpp:513:18:513:22 | email | This operation transmits 'email', which may contain unencrypted sensitive data from $@. | test3.cpp:513:18:513:22 | email | email |
|
||||
| test3.cpp:514:2:514:5 | call to send | test3.cpp:514:14:514:38 | my_credit_card_number | test3.cpp:514:14:514:38 | my_credit_card_number | This operation transmits 'my_credit_card_number', which may contain unencrypted sensitive data from $@. | test3.cpp:514:14:514:38 | my_credit_card_number | my_credit_card_number |
|
||||
| test3.cpp:514:2:514:5 | call to send | test3.cpp:514:18:514:38 | my_credit_card_number | test3.cpp:514:14:514:38 | my_credit_card_number | This operation transmits 'my_credit_card_number', which may contain unencrypted sensitive data from $@. | test3.cpp:514:18:514:38 | my_credit_card_number | my_credit_card_number |
|
||||
| test3.cpp:514:2:514:5 | call to send | test3.cpp:514:18:514:38 | my_credit_card_number | test3.cpp:514:18:514:38 | my_credit_card_number | This operation transmits 'my_credit_card_number', which may contain unencrypted sensitive data from $@. | test3.cpp:514:18:514:38 | my_credit_card_number | my_credit_card_number |
|
||||
| test3.cpp:515:2:515:5 | call to send | test3.cpp:515:14:515:35 | my_bank_account_no | test3.cpp:515:14:515:35 | my_bank_account_no | This operation transmits 'my_bank_account_no', which may contain unencrypted sensitive data from $@. | test3.cpp:515:14:515:35 | my_bank_account_no | my_bank_account_no |
|
||||
| test3.cpp:515:2:515:5 | call to send | test3.cpp:515:18:515:35 | my_bank_account_no | test3.cpp:515:14:515:35 | my_bank_account_no | This operation transmits 'my_bank_account_no', which may contain unencrypted sensitive data from $@. | test3.cpp:515:18:515:35 | my_bank_account_no | my_bank_account_no |
|
||||
| test3.cpp:515:2:515:5 | call to send | test3.cpp:515:18:515:35 | my_bank_account_no | test3.cpp:515:18:515:35 | my_bank_account_no | This operation transmits 'my_bank_account_no', which may contain unencrypted sensitive data from $@. | test3.cpp:515:18:515:35 | my_bank_account_no | my_bank_account_no |
|
||||
| test3.cpp:516:2:516:5 | call to send | test3.cpp:516:14:516:29 | employerName | test3.cpp:516:14:516:29 | employerName | This operation transmits 'employerName', which may contain unencrypted sensitive data from $@. | test3.cpp:516:14:516:29 | employerName | employerName |
|
||||
| test3.cpp:516:2:516:5 | call to send | test3.cpp:516:18:516:29 | employerName | test3.cpp:516:14:516:29 | employerName | This operation transmits 'employerName', which may contain unencrypted sensitive data from $@. | test3.cpp:516:18:516:29 | employerName | employerName |
|
||||
| test3.cpp:516:2:516:5 | call to send | test3.cpp:516:18:516:29 | employerName | test3.cpp:516:18:516:29 | employerName | This operation transmits 'employerName', which may contain unencrypted sensitive data from $@. | test3.cpp:516:18:516:29 | employerName | employerName |
|
||||
| test3.cpp:517:2:517:5 | call to send | test3.cpp:517:14:517:29 | array to pointer conversion | test3.cpp:517:14:517:29 | array to pointer conversion | This operation transmits 'array to pointer conversion', which may contain unencrypted sensitive data from $@. | test3.cpp:517:14:517:29 | array to pointer conversion | array to pointer conversion |
|
||||
| test3.cpp:517:2:517:5 | call to send | test3.cpp:517:14:517:29 | array to pointer conversion | test3.cpp:517:14:517:29 | medical_info | This operation transmits 'medical_info', which may contain unencrypted sensitive data from $@. | test3.cpp:517:14:517:29 | array to pointer conversion | array to pointer conversion |
|
||||
| test3.cpp:517:2:517:5 | call to send | test3.cpp:517:14:517:29 | medical_info | test3.cpp:517:14:517:29 | medical_info | This operation transmits 'medical_info', which may contain unencrypted sensitive data from $@. | test3.cpp:517:14:517:29 | medical_info | medical_info |
|
||||
| test3.cpp:517:2:517:5 | call to send | test3.cpp:517:18:517:29 | medical_info | test3.cpp:517:14:517:29 | array to pointer conversion | This operation transmits 'array to pointer conversion', which may contain unencrypted sensitive data from $@. | test3.cpp:517:18:517:29 | medical_info | medical_info |
|
||||
| test3.cpp:517:2:517:5 | call to send | test3.cpp:517:18:517:29 | medical_info | test3.cpp:517:14:517:29 | medical_info | This operation transmits 'medical_info', which may contain unencrypted sensitive data from $@. | test3.cpp:517:18:517:29 | medical_info | medical_info |
|
||||
| test3.cpp:517:2:517:5 | call to send | test3.cpp:517:18:517:29 | medical_info | test3.cpp:517:18:517:29 | medical_info | This operation transmits 'medical_info', which may contain unencrypted sensitive data from $@. | test3.cpp:517:18:517:29 | medical_info | medical_info |
|
||||
| test3.cpp:518:2:518:5 | call to send | test3.cpp:518:14:518:28 | license_key | test3.cpp:518:14:518:28 | license_key | This operation transmits 'license_key', which may contain unencrypted sensitive data from $@. | test3.cpp:518:14:518:28 | license_key | license_key |
|
||||
| test3.cpp:518:2:518:5 | call to send | test3.cpp:518:18:518:28 | license_key | test3.cpp:518:14:518:28 | license_key | This operation transmits 'license_key', which may contain unencrypted sensitive data from $@. | test3.cpp:518:18:518:28 | license_key | license_key |
|
||||
| test3.cpp:518:2:518:5 | call to send | test3.cpp:518:18:518:28 | license_key | test3.cpp:518:18:518:28 | license_key | This operation transmits 'license_key', which may contain unencrypted sensitive data from $@. | test3.cpp:518:18:518:28 | license_key | license_key |
|
||||
| test3.cpp:527:3:527:6 | call to send | test3.cpp:526:44:526:54 | my_latitude | test3.cpp:527:15:527:20 | array to pointer conversion | This operation transmits 'array to pointer conversion', which may contain unencrypted sensitive data from $@. | test3.cpp:526:44:526:54 | my_latitude | my_latitude |
|
||||
| test3.cpp:527:3:527:6 | call to send | test3.cpp:526:44:526:54 | my_latitude | test3.cpp:527:15:527:20 | buffer | This operation transmits 'buffer', which may contain unencrypted sensitive data from $@. | test3.cpp:526:44:526:54 | my_latitude | my_latitude |
|
||||
| test3.cpp:533:3:533:6 | call to send | test3.cpp:532:45:532:58 | home_longitude | test3.cpp:533:15:533:20 | array to pointer conversion | This operation transmits 'array to pointer conversion', which may contain unencrypted sensitive data from $@. | test3.cpp:532:45:532:58 | home_longitude | home_longitude |
|
||||
| test3.cpp:533:3:533:6 | call to send | test3.cpp:532:45:532:58 | home_longitude | test3.cpp:533:15:533:20 | buffer | This operation transmits 'buffer', which may contain unencrypted sensitive data from $@. | test3.cpp:532:45:532:58 | home_longitude | home_longitude |
|
||||
| test3.cpp:552:3:552:6 | call to send | test3.cpp:551:47:551:58 | salaryString | test3.cpp:552:15:552:20 | array to pointer conversion | This operation transmits 'array to pointer conversion', which may contain unencrypted sensitive data from $@. | test3.cpp:551:47:551:58 | salaryString | salaryString |
|
||||
| test3.cpp:552:3:552:6 | call to send | test3.cpp:551:47:551:58 | salaryString | test3.cpp:552:15:552:20 | buffer | This operation transmits 'buffer', which may contain unencrypted sensitive data from $@. | test3.cpp:551:47:551:58 | salaryString | salaryString |
|
||||
| test3.cpp:559:3:559:6 | call to send | test3.cpp:556:19:556:30 | salaryString | test3.cpp:559:15:559:20 | array to pointer conversion | This operation transmits 'array to pointer conversion', which may contain unencrypted sensitive data from $@. | test3.cpp:556:19:556:30 | salaryString | salaryString |
|
||||
| test3.cpp:559:3:559:6 | call to send | test3.cpp:556:19:556:30 | salaryString | test3.cpp:559:15:559:20 | buffer | This operation transmits 'buffer', which may contain unencrypted sensitive data from $@. | test3.cpp:556:19:556:30 | salaryString | salaryString |
|
||||
| test3.cpp:572:2:572:5 | call to send | test3.cpp:571:8:571:21 | call to get_home_phone | test3.cpp:572:14:572:16 | str | This operation transmits 'str', which may contain unencrypted sensitive data from $@. | test3.cpp:571:8:571:21 | call to get_home_phone | call to get_home_phone |
|
||||
| test3.cpp:22:3:22:6 | call to send | test3.cpp:20:28:20:36 | password1 indirection | test3.cpp:22:15:22:23 | password1 | This operation transmits 'password1', which may contain unencrypted sensitive data from $@. | test3.cpp:20:28:20:36 | password1 indirection | password1 indirection |
|
||||
| test3.cpp:22:3:22:6 | call to send | test3.cpp:22:15:22:23 | password1 indirection | test3.cpp:22:15:22:23 | password1 | This operation transmits 'password1', which may contain unencrypted sensitive data from $@. | test3.cpp:22:15:22:23 | password1 indirection | password1 indirection |
|
||||
| test3.cpp:22:3:22:6 | call to send | test3.cpp:22:33:22:41 | password1 indirection | test3.cpp:22:15:22:23 | password1 | This operation transmits 'password1', which may contain unencrypted sensitive data from $@. | test3.cpp:22:33:22:41 | password1 indirection | password1 indirection |
|
||||
| test3.cpp:26:3:26:6 | call to send | test3.cpp:26:15:26:23 | password2 indirection | test3.cpp:26:15:26:23 | password2 | This operation transmits 'password2', which may contain unencrypted sensitive data from $@. | test3.cpp:26:15:26:23 | password2 indirection | password2 indirection |
|
||||
| test3.cpp:26:3:26:6 | call to send | test3.cpp:26:33:26:41 | password2 indirection | test3.cpp:26:15:26:23 | password2 | This operation transmits 'password2', which may contain unencrypted sensitive data from $@. | test3.cpp:26:33:26:41 | password2 indirection | password2 indirection |
|
||||
| test3.cpp:47:3:47:6 | call to recv | test3.cpp:47:15:47:22 | password indirection | test3.cpp:47:15:47:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:47:15:47:22 | password indirection | password indirection |
|
||||
| test3.cpp:55:3:55:6 | call to recv | test3.cpp:55:15:55:22 | password indirection | test3.cpp:55:15:55:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:55:15:55:22 | password indirection | password indirection |
|
||||
| test3.cpp:76:3:76:6 | call to send | test3.cpp:74:21:74:29 | Load indirection | test3.cpp:76:15:76:17 | ptr | This operation transmits 'ptr', which may contain unencrypted sensitive data from $@. | test3.cpp:74:21:74:29 | Load indirection | Load indirection |
|
||||
| test3.cpp:83:3:83:6 | call to recv | test3.cpp:81:15:81:22 | array to pointer conversion indirection | test3.cpp:83:15:83:17 | ptr | This operation receives into 'ptr', which may put unencrypted sensitive data into $@. | test3.cpp:81:15:81:22 | array to pointer conversion indirection | array to pointer conversion indirection |
|
||||
| test3.cpp:101:3:101:6 | call to read | test3.cpp:101:12:101:19 | password indirection | test3.cpp:101:12:101:19 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:101:12:101:19 | password indirection | password indirection |
|
||||
| test3.cpp:114:2:114:5 | call to recv | test3.cpp:134:11:134:18 | password indirection | test3.cpp:114:14:114:19 | buffer | This operation receives into 'buffer', which may put unencrypted sensitive data into $@. | test3.cpp:134:11:134:18 | password indirection | password indirection |
|
||||
| test3.cpp:140:3:140:6 | call to send | test3.cpp:138:24:138:32 | password1 indirection | test3.cpp:140:15:140:17 | ptr | This operation transmits 'ptr', which may contain unencrypted sensitive data from $@. | test3.cpp:138:24:138:32 | password1 indirection | password1 indirection |
|
||||
| test3.cpp:146:3:146:6 | call to send | test3.cpp:126:9:126:23 | Load indirection | test3.cpp:146:15:146:18 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:126:9:126:23 | Load indirection | Load indirection |
|
||||
| test3.cpp:181:3:181:6 | call to recv | test3.cpp:181:15:181:22 | password indirection | test3.cpp:181:15:181:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:181:15:181:22 | password indirection | password indirection |
|
||||
| test3.cpp:210:3:210:6 | call to send | test3.cpp:210:15:210:22 | password indirection | test3.cpp:210:15:210:22 | password | This operation transmits 'password', which may contain unencrypted sensitive data from $@. | test3.cpp:210:15:210:22 | password indirection | password indirection |
|
||||
| test3.cpp:210:3:210:6 | call to send | test3.cpp:210:32:210:39 | password indirection | test3.cpp:210:15:210:22 | password | This operation transmits 'password', which may contain unencrypted sensitive data from $@. | test3.cpp:210:32:210:39 | password indirection | password indirection |
|
||||
| test3.cpp:228:2:228:5 | call to send | test3.cpp:227:22:227:29 | password indirection | test3.cpp:228:26:228:33 | password | This operation transmits 'password', which may contain unencrypted sensitive data from $@. | test3.cpp:227:22:227:29 | password indirection | password indirection |
|
||||
| test3.cpp:228:2:228:5 | call to send | test3.cpp:228:26:228:33 | password indirection | test3.cpp:228:26:228:33 | password | This operation transmits 'password', which may contain unencrypted sensitive data from $@. | test3.cpp:228:26:228:33 | password indirection | password indirection |
|
||||
| test3.cpp:241:2:241:6 | call to fgets | test3.cpp:241:8:241:15 | password indirection | test3.cpp:241:8:241:15 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:241:8:241:15 | password indirection | password indirection |
|
||||
| test3.cpp:272:3:272:6 | call to send | test3.cpp:270:16:270:23 | password indirection | test3.cpp:272:15:272:18 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:270:16:270:23 | password indirection | password indirection |
|
||||
| test3.cpp:290:2:290:5 | call to send | test3.cpp:316:11:316:19 | password1 indirection | test3.cpp:290:14:290:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:316:11:316:19 | password1 indirection | password1 indirection |
|
||||
| test3.cpp:290:2:290:5 | call to send | test3.cpp:317:11:317:19 | password1 indirection | test3.cpp:290:14:290:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:317:11:317:19 | password1 indirection | password1 indirection |
|
||||
| test3.cpp:295:2:295:5 | call to send | test3.cpp:322:16:322:24 | Load indirection | test3.cpp:295:14:295:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:322:16:322:24 | Load indirection | Load indirection |
|
||||
| test3.cpp:300:2:300:5 | call to send | test3.cpp:322:16:322:24 | Load indirection | test3.cpp:300:14:300:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:322:16:322:24 | Load indirection | Load indirection |
|
||||
| test3.cpp:341:4:341:7 | call to recv | test3.cpp:341:16:341:23 | password indirection | test3.cpp:341:16:341:23 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:341:16:341:23 | password indirection | password indirection |
|
||||
| test3.cpp:388:3:388:6 | call to recv | test3.cpp:388:15:388:22 | password indirection | test3.cpp:388:15:388:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:388:15:388:22 | password indirection | password indirection |
|
||||
| test3.cpp:414:3:414:6 | call to recv | test3.cpp:414:15:414:24 | password indirection | test3.cpp:414:15:414:24 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:414:15:414:24 | password indirection | password indirection |
|
||||
| test3.cpp:420:3:420:6 | call to recv | test3.cpp:420:15:420:24 | password indirection | test3.cpp:420:15:420:24 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:420:15:420:24 | password indirection | password indirection |
|
||||
| test3.cpp:431:2:431:6 | call to fgets | test3.cpp:431:8:431:15 | password indirection | test3.cpp:431:8:431:15 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:431:8:431:15 | password indirection | password indirection |
|
||||
| test3.cpp:507:2:507:5 | call to send | test3.cpp:507:14:507:39 | social_security_number indirection | test3.cpp:507:14:507:39 | social_security_number | This operation transmits 'social_security_number', which may contain unencrypted sensitive data from $@. | test3.cpp:507:14:507:39 | social_security_number indirection | social_security_number indirection |
|
||||
| test3.cpp:508:2:508:5 | call to send | test3.cpp:508:14:508:33 | socialSecurityNo indirection | test3.cpp:508:14:508:33 | socialSecurityNo | This operation transmits 'socialSecurityNo', which may contain unencrypted sensitive data from $@. | test3.cpp:508:14:508:33 | socialSecurityNo indirection | socialSecurityNo indirection |
|
||||
| test3.cpp:509:2:509:5 | call to send | test3.cpp:509:14:509:29 | homePostCode indirection | test3.cpp:509:14:509:29 | homePostCode | This operation transmits 'homePostCode', which may contain unencrypted sensitive data from $@. | test3.cpp:509:14:509:29 | homePostCode indirection | homePostCode indirection |
|
||||
| test3.cpp:510:2:510:5 | call to send | test3.cpp:510:14:510:28 | my_zip_code indirection | test3.cpp:510:14:510:28 | my_zip_code | This operation transmits 'my_zip_code', which may contain unencrypted sensitive data from $@. | test3.cpp:510:14:510:28 | my_zip_code indirection | my_zip_code indirection |
|
||||
| test3.cpp:511:2:511:5 | call to send | test3.cpp:511:14:511:26 | telephone indirection | test3.cpp:511:14:511:26 | telephone | This operation transmits 'telephone', which may contain unencrypted sensitive data from $@. | test3.cpp:511:14:511:26 | telephone indirection | telephone indirection |
|
||||
| test3.cpp:512:2:512:5 | call to send | test3.cpp:512:14:512:36 | mobile_phone_number indirection | test3.cpp:512:14:512:36 | mobile_phone_number | This operation transmits 'mobile_phone_number', which may contain unencrypted sensitive data from $@. | test3.cpp:512:14:512:36 | mobile_phone_number indirection | mobile_phone_number indirection |
|
||||
| test3.cpp:513:2:513:5 | call to send | test3.cpp:513:14:513:22 | email indirection | test3.cpp:513:14:513:22 | email | This operation transmits 'email', which may contain unencrypted sensitive data from $@. | test3.cpp:513:14:513:22 | email indirection | email indirection |
|
||||
| test3.cpp:514:2:514:5 | call to send | test3.cpp:514:14:514:38 | my_credit_card_number indirection | test3.cpp:514:14:514:38 | my_credit_card_number | This operation transmits 'my_credit_card_number', which may contain unencrypted sensitive data from $@. | test3.cpp:514:14:514:38 | my_credit_card_number indirection | my_credit_card_number indirection |
|
||||
| test3.cpp:515:2:515:5 | call to send | test3.cpp:515:14:515:35 | my_bank_account_no indirection | test3.cpp:515:14:515:35 | my_bank_account_no | This operation transmits 'my_bank_account_no', which may contain unencrypted sensitive data from $@. | test3.cpp:515:14:515:35 | my_bank_account_no indirection | my_bank_account_no indirection |
|
||||
| test3.cpp:516:2:516:5 | call to send | test3.cpp:516:14:516:29 | employerName indirection | test3.cpp:516:14:516:29 | employerName | This operation transmits 'employerName', which may contain unencrypted sensitive data from $@. | test3.cpp:516:14:516:29 | employerName indirection | employerName indirection |
|
||||
| test3.cpp:517:2:517:5 | call to send | test3.cpp:517:14:517:29 | medical_info indirection | test3.cpp:517:14:517:29 | medical_info | This operation transmits 'medical_info', which may contain unencrypted sensitive data from $@. | test3.cpp:517:14:517:29 | medical_info indirection | medical_info indirection |
|
||||
| test3.cpp:518:2:518:5 | call to send | test3.cpp:518:14:518:28 | license_key indirection | test3.cpp:518:14:518:28 | license_key | This operation transmits 'license_key', which may contain unencrypted sensitive data from $@. | test3.cpp:518:14:518:28 | license_key indirection | license_key indirection |
|
||||
| test3.cpp:552:3:552:6 | call to send | test3.cpp:551:47:551:58 | salaryString indirection | test3.cpp:552:15:552:20 | buffer | This operation transmits 'buffer', which may contain unencrypted sensitive data from $@. | test3.cpp:551:47:551:58 | salaryString indirection | salaryString indirection |
|
||||
| test3.cpp:559:3:559:6 | call to send | test3.cpp:556:19:556:30 | Load indirection | test3.cpp:559:15:559:20 | buffer | This operation transmits 'buffer', which may contain unencrypted sensitive data from $@. | test3.cpp:556:19:556:30 | Load indirection | Load indirection |
|
||||
| test3.cpp:572:2:572:5 | call to send | test3.cpp:571:8:571:21 | call to get_home_phone | test3.cpp:572:14:572:16 | str | This operation transmits 'str', which may contain unencrypted sensitive data from $@. | test3.cpp:571:8:571:21 | call to get_home_phone | call to get_home_phone |
|
||||
| test3.cpp:578:2:578:5 | call to send | test3.cpp:577:8:577:23 | call to get_home_address | test3.cpp:578:14:578:16 | str | This operation transmits 'str', which may contain unencrypted sensitive data from $@. | test3.cpp:577:8:577:23 | call to get_home_address | call to get_home_address |
|
||||
| test3.cpp:578:2:578:5 | call to send | test3.cpp:577:8:577:23 | call to get_home_address | test3.cpp:578:14:578:16 | str | This operation transmits 'str', which may contain unencrypted sensitive data from $@. | test3.cpp:577:8:577:23 | call to get_home_address | call to get_home_address |
|
||||
|
||||
@@ -156,7 +156,7 @@ void test_taint(const char *password)
|
||||
|
||||
strncpy(buffer, password, 16);
|
||||
buffer[15] = 0;
|
||||
send(val(), buffer, 16, val()); // BAD: `password` is (partially) sent plaintext
|
||||
send(val(), buffer, 16, val()); // BAD: `password` is (partially) sent plaintext [NOT DETECTED]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -178,7 +178,7 @@ void test_decrypt()
|
||||
{
|
||||
char password[256];
|
||||
|
||||
recv(val(), password, 256, val()); // GOOD: password is encrypted
|
||||
recv(val(), password, 256, val()); // GOOD: password is encrypted [FALSE POSITIVE]
|
||||
password[255] = 0;
|
||||
|
||||
decrypt_inplace(password); // proof that `password` was in fact encrypted
|
||||
@@ -207,7 +207,7 @@ void test_decrypt()
|
||||
encrypt_inplace(password); // proof that `password` is in fact encrypted
|
||||
password[255] = 0;
|
||||
|
||||
send(val(), password, strlen(password), val()); // GOOD: password is encrypted
|
||||
send(val(), password, strlen(password), val()); // GOOD: password is encrypted [FALSE POSITIVE]
|
||||
}
|
||||
|
||||
{
|
||||
@@ -287,7 +287,7 @@ void target2(char *data)
|
||||
|
||||
void target3(char *data)
|
||||
{
|
||||
send(val(), data, strlen(data), val()); // BAD: data is a plaintext password [NOT DETECTED]
|
||||
send(val(), data, strlen(data), val()); // BAD: data is a plaintext password
|
||||
}
|
||||
|
||||
void target4(char *data)
|
||||
@@ -524,13 +524,13 @@ void tests2(person_info *pi)
|
||||
char buffer[1024];
|
||||
|
||||
snprintf(buffer, 1024, "lat = %f\n", pi->my_latitude);
|
||||
send(val(), buffer, strlen(buffer), val()); // BAD
|
||||
send(val(), buffer, strlen(buffer), val()); // BAD [NOT DETECTED]
|
||||
}
|
||||
{
|
||||
char buffer[1024];
|
||||
|
||||
snprintf(buffer, 1024, "long = %f\n", pi->home_longitude);
|
||||
send(val(), buffer, strlen(buffer), val()); // BAD
|
||||
send(val(), buffer, strlen(buffer), val()); // BAD [NOT DETECTED]
|
||||
}
|
||||
{
|
||||
char buffer[1024];
|
||||
|
||||
Reference in New Issue
Block a user