From 965d131b5a6a427cc95c6b29eea1552abc1bb5fb Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Fri, 1 Dec 2023 19:01:01 +0000
Subject: [PATCH] C++: Add more test cases.

---
 .../CustomCryptographicPrimitive.expected     |  1 +
 .../CWE/CWE-1240/library/tests_library.h      |  6 +++++
 .../CWE/CWE-1240/tests_not_crypto.cpp         | 22 +++++++++++++------
 3 files changed, 22 insertions(+), 7 deletions(-)
 create mode 100644 cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1240/library/tests_library.h

diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1240/CustomCryptographicPrimitive.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1240/CustomCryptographicPrimitive.expected
index 500d5be0a69..c057a0d022c 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1240/CustomCryptographicPrimitive.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1240/CustomCryptographicPrimitive.expected
@@ -1,3 +1,4 @@
+| library/tests_library.h:4:6:4:19 | do_aes_encrypt | This function, "do_aes_encrypt", may be a custom implementation of a cryptographic primitive. |
 | tests_crypto.cpp:11:6:11:18 | encryptString | This function, "encryptString", may be a custom implementation of a cryptographic primitive. |
 | tests_crypto.cpp:30:6:30:14 | MyEncrypt | This function, "MyEncrypt", may be a custom implementation of a cryptographic primitive. |
 | tests_crypto.cpp:83:6:83:18 | init_aes_sbox | This function, "init_aes_sbox", may be a custom implementation of a cryptographic primitive. |
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1240/library/tests_library.h b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1240/library/tests_library.h
new file mode 100644
index 00000000000..49eae1c3fa7
--- /dev/null
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1240/library/tests_library.h
@@ -0,0 +1,6 @@
+// Cryptography 'library' snippets.  Nothing in this file should be flagged by the query, because
+// it's in a library.
+
+void do_aes_encrypt(unsigned int *v) {
+	COMPUTE(v)
+}
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1240/tests_not_crypto.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1240/tests_not_crypto.cpp
index a026782d5d2..d902c8090b5 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1240/tests_not_crypto.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1240/tests_not_crypto.cpp
@@ -21,8 +21,23 @@ namespace std
 	extern ostream cout;
 }
 
+// this macro expands to some compute operations that look a bit like cryptography
+#define COMPUTE(v) \
+	v[0] ^= v[1] ^ v[2] ^ v[3] ^ v[4]; \
+	v[1] ^= v[2] ^ v[3] ^ v[4] ^ v[5]; \
+	v[2] ^= v[3] ^ v[4] ^ v[5] ^ v[6]; \
+	v[3] ^= v[4] ^ v[5] ^ v[6] ^ v[7];
+
 // ---
 
+#include "library/tests_library.h"
+
+bool isEnabledAes() {
+	// This function has "Aes" in it's name, but does not contain enough compute to
+	// be an encryption implementation.
+	return false;
+}
+
 uint32_t lookup[256];
 
 uint8_t computeCRC32(const uint8_t *data, size_t dataLen) {
@@ -79,13 +94,6 @@ void output_encrypt_decrypt_algorithms() {
 	std::cout << indent << "Chacha (" << yes_no_setting() << ")\n";
 }
 
-// this macro expands to some compute operations that look a bit like cryptography
-#define COMPUTE(v) \
-	v[0] ^= v[1] ^ v[2] ^ v[3] ^ v[4]; \
-	v[1] ^= v[2] ^ v[3] ^ v[4] ^ v[5]; \
-	v[2] ^= v[3] ^ v[4] ^ v[5] ^ v[6]; \
-	v[3] ^= v[4] ^ v[5] ^ v[6] ^ v[7];
-
 void wideStringCharsAt(int *v) {
 	// This function has "des" and "rsa" in the name.
 	COMPUTE(v)