C++: Add triple-DES to the bad algorithms list.

cpp/ql/test/query-tests/Security/CWE/CWE-327/BrokenCryptoAlgorithm.expected

@@ -10,11 +10,15 @@
 | test2.cpp:239:5:239:11 | call to encrypt | This function call specifies a broken or weak cryptographic algorithm. |
 | test.cpp:38:2:38:31 | ENCRYPT_WITH_DES(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
 | test.cpp:39:2:39:31 | ENCRYPT_WITH_RC2(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
+| test.cpp:41:2:41:32 | ENCRYPT_WITH_3DES(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
+| test.cpp:42:2:42:38 | ENCRYPT_WITH_TRIPLE_DES(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
 | test.cpp:51:2:51:32 | DES_DO_ENCRYPTION(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
 | test.cpp:52:2:52:31 | RUN_DES_ENCODING(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
 | test.cpp:53:2:53:25 | DES_ENCODE(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
 | test.cpp:54:2:54:26 | DES_SET_KEY(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
 | test.cpp:88:2:88:11 | call to encryptDES | This function call specifies a broken or weak cryptographic algorithm. |
 | test.cpp:89:2:89:11 | call to encryptRC2 | This function call specifies a broken or weak cryptographic algorithm. |
+| test.cpp:91:2:91:12 | call to encrypt3DES | This function call specifies a broken or weak cryptographic algorithm. |
+| test.cpp:92:2:92:17 | call to encryptTripleDES | This function call specifies a broken or weak cryptographic algorithm. |
 | test.cpp:101:2:101:15 | call to do_des_encrypt | This function call specifies a broken or weak cryptographic algorithm. |
 | test.cpp:102:2:102:12 | call to DES_Set_Key | This function call specifies a broken or weak cryptographic algorithm. |

cpp/ql/test/query-tests/Security/CWE/CWE-327/test.cpp

@@ -38,15 +38,15 @@ void test_macros(void *data, size_t amount, const char *str)
 	ENCRYPT_WITH_DES(data, amount); // BAD
 	ENCRYPT_WITH_RC2(data, amount); // BAD
 	ENCRYPT_WITH_AES(data, amount); // GOOD (good algorithm)
-	ENCRYPT_WITH_3DES(data, amount); // GOOD (good enough algorithm)
-	ENCRYPT_WITH_TRIPLE_DES(data, amount); // GOOD (good enough algorithm)
+	ENCRYPT_WITH_3DES(data, amount); // BAD
+	ENCRYPT_WITH_TRIPLE_DES(data, amount); // BAD
 	ENCRYPT_WITH_RC20(data, amount); // GOOD (if there ever is an RC20 algorithm, we have no reason to believe it's weak)
 	ENCRYPT_WITH_DES_REMOVED(data, amount); // GOOD (implementation has been deleted)
 
 	DESENCRYPT(data, amount); // BAD [NOT DETECTED]
 	RC2ENCRYPT(data, amount); // BAD [NOT DETECTED]
 	AESENCRYPT(data, amount); // GOOD (good algorithm)
-	DES3ENCRYPT(data, amount); // GOOD (good enough algorithm)
+	DES3ENCRYPT(data, amount); // BAD [NOT DETECTED]
 
 	DES_DO_ENCRYPTION(data, amount); // BAD
 	RUN_DES_ENCODING(data, amount); // BAD
@@ -88,13 +88,13 @@ void test_functions(void *data, size_t amount, const char *str)
 	encryptDES(data, amount); // BAD
 	encryptRC2(data, amount); // BAD
 	encryptAES(data, amount); // GOOD (good algorithm)
-	encrypt3DES(data, amount); // GOOD (good enough algorithm)
-	encryptTripleDES(data, amount); // GOOD (good enough algorithm)
+	encrypt3DES(data, amount); // BAD
+	encryptTripleDES(data, amount); // BAD
 
 	DESEncrypt(data, amount); // BAD
 	RC2Encrypt(data, amount); // BAD
 	AESEncrypt(data, amount); // GOOD (good algorithm)
-	DES3Encrypt(data, amount); // GOOD (good enough algorithm)
+	DES3Encrypt(data, amount); // BAD [NOT DETECTED]
 
 	DoDESEncryption(data, amount); // BAD [NOT DETECTED]
 	encryptDes(data, amount); // BAD [NOT DETECTED]