hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-30 04:08:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Exclude macros that don't generate anything.

Browse Source
This commit is contained in:
Geoffrey White
2021-05-12 14:51:47 +01:00
parent b6d5f7c315
commit 9404d0676d
3 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
View File

@@ -23,7 +23,10 @@ Function getAnInsecureFunction() {
}
class InsecureFunctionCall extends InsecureCryptoSpec, FunctionCall {
InsecureFunctionCall() { this.getTarget() = getAnInsecureFunction() }
InsecureFunctionCall() {
// the function name suggests it relates to an insecure crypto algorithm.
this.getTarget() = getAnInsecureFunction()
}
override string description() { result = "function call" }
@@ -38,7 +41,12 @@ Macro getAnInsecureMacro() {
}
class InsecureMacroSpec extends InsecureCryptoSpec, MacroInvocation {
InsecureMacroSpec() { this.getMacro() = getAnInsecureMacro() }
InsecureMacroSpec() {
// the macro name suggests it relates to an insecure crypto algorithm.
this.getMacro() = getAnInsecureMacro() and
// the macro invocation generates something.
exists(this.getAGeneratedElement())
}
override string description() { result = "macro invocation" }