hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 20:26:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

C++: Improve the regexps.

Browse Source
This commit is contained in:
Geoffrey White
2022-03-29 10:03:28 +01:00
parent 393819837c
commit b94ade3bdd
3 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cpp/ql/lib/semmle/code/cpp/security/PrivateData.qll
View File

@@ -21,13 +21,13 @@ private string privateNames() {
".*(" + ".*(" +
// Inspired by the list on https://cwe.mitre.org/data/definitions/359.html // Inspired by the list on https://cwe.mitre.org/data/definitions/359.html
// Government identifiers, such as Social Security Numbers // Government identifiers, such as Social Security Numbers
"social.*security|" + "social.?security|" +
// Contact information, such as home addresses and telephone numbers // Contact information, such as home addresses and telephone numbers
"postcode|zipcode|telephone|" + "post.?code|zip.?code|telephone|" +
// Geographic location - where the user is (or was) // Geographic location - where the user is (or was)
"latitude|longitude|" + "latitude|longitude|" +
// Financial data - such as credit card numbers, salary, bank accounts, and debts // Financial data - such as credit card numbers, salary, bank accounts, and debts
"credit.*card|salary|bank.*account|" + "credit.?card|salary|bank.?account|" +
// Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc. // Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc.
"email|mobile|employer|" + "email|mobile|employer|" +
// Health - medical conditions, insurance status, prescription records // Health - medical conditions, insurance status, prescription records

2
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
View File

@@ -226,6 +226,7 @@ nodes
| test3.cpp:507:18:507:39 | social_security_number | semmle.label | social_security_number | | test3.cpp:507:18:507:39 | social_security_number | semmle.label | social_security_number |
| test3.cpp:508:18:508:33 | socialSecurityNo | semmle.label | socialSecurityNo | | test3.cpp:508:18:508:33 | socialSecurityNo | semmle.label | socialSecurityNo |
| test3.cpp:509:18:509:29 | homePostCode | semmle.label | homePostCode | | test3.cpp:509:18:509:29 | homePostCode | semmle.label | homePostCode |
| test3.cpp:510:18:510:28 | my_zip_code | semmle.label | my_zip_code |
| test3.cpp:511:18:511:26 | telephone | semmle.label | telephone | | test3.cpp:511:18:511:26 | telephone | semmle.label | telephone |
| test3.cpp:512:18:512:36 | mobile_phone_number | semmle.label | mobile_phone_number | | test3.cpp:512:18:512:36 | mobile_phone_number | semmle.label | mobile_phone_number |
| test3.cpp:513:18:513:22 | email | semmle.label | email | | test3.cpp:513:18:513:22 | email | semmle.label | email |
@@ -273,6 +274,7 @@ subpaths
| test3.cpp:507:2:507:5 | call to send | test3.cpp:507:18:507:39 | social_security_number | test3.cpp:507:18:507:39 | social_security_number | This operation transmits 'social_security_number', which may contain unencrypted sensitive data from $@ | test3.cpp:507:18:507:39 | social_security_number | social_security_number | | test3.cpp:507:2:507:5 | call to send | test3.cpp:507:18:507:39 | social_security_number | test3.cpp:507:18:507:39 | social_security_number | This operation transmits 'social_security_number', which may contain unencrypted sensitive data from $@ | test3.cpp:507:18:507:39 | social_security_number | social_security_number |
| test3.cpp:508:2:508:5 | call to send | test3.cpp:508:18:508:33 | socialSecurityNo | test3.cpp:508:18:508:33 | socialSecurityNo | This operation transmits 'socialSecurityNo', which may contain unencrypted sensitive data from $@ | test3.cpp:508:18:508:33 | socialSecurityNo | socialSecurityNo | | test3.cpp:508:2:508:5 | call to send | test3.cpp:508:18:508:33 | socialSecurityNo | test3.cpp:508:18:508:33 | socialSecurityNo | This operation transmits 'socialSecurityNo', which may contain unencrypted sensitive data from $@ | test3.cpp:508:18:508:33 | socialSecurityNo | socialSecurityNo |
| test3.cpp:509:2:509:5 | call to send | test3.cpp:509:18:509:29 | homePostCode | test3.cpp:509:18:509:29 | homePostCode | This operation transmits 'homePostCode', which may contain unencrypted sensitive data from $@ | test3.cpp:509:18:509:29 | homePostCode | homePostCode | | test3.cpp:509:2:509:5 | call to send | test3.cpp:509:18:509:29 | homePostCode | test3.cpp:509:18:509:29 | homePostCode | This operation transmits 'homePostCode', which may contain unencrypted sensitive data from $@ | test3.cpp:509:18:509:29 | homePostCode | homePostCode |
| test3.cpp:510:2:510:5 | call to send | test3.cpp:510:18:510:28 | my_zip_code | test3.cpp:510:18:510:28 | my_zip_code | This operation transmits 'my_zip_code', which may contain unencrypted sensitive data from $@ | test3.cpp:510:18:510:28 | my_zip_code | my_zip_code |
| test3.cpp:511:2:511:5 | call to send | test3.cpp:511:18:511:26 | telephone | test3.cpp:511:18:511:26 | telephone | This operation transmits 'telephone', which may contain unencrypted sensitive data from $@ | test3.cpp:511:18:511:26 | telephone | telephone | | test3.cpp:511:2:511:5 | call to send | test3.cpp:511:18:511:26 | telephone | test3.cpp:511:18:511:26 | telephone | This operation transmits 'telephone', which may contain unencrypted sensitive data from $@ | test3.cpp:511:18:511:26 | telephone | telephone |
| test3.cpp:512:2:512:5 | call to send | test3.cpp:512:18:512:36 | mobile_phone_number | test3.cpp:512:18:512:36 | mobile_phone_number | This operation transmits 'mobile_phone_number', which may contain unencrypted sensitive data from $@ | test3.cpp:512:18:512:36 | mobile_phone_number | mobile_phone_number | | test3.cpp:512:2:512:5 | call to send | test3.cpp:512:18:512:36 | mobile_phone_number | test3.cpp:512:18:512:36 | mobile_phone_number | This operation transmits 'mobile_phone_number', which may contain unencrypted sensitive data from $@ | test3.cpp:512:18:512:36 | mobile_phone_number | mobile_phone_number |
| test3.cpp:513:2:513:5 | call to send | test3.cpp:513:18:513:22 | email | test3.cpp:513:18:513:22 | email | This operation transmits 'email', which may contain unencrypted sensitive data from $@ | test3.cpp:513:18:513:22 | email | email | | test3.cpp:513:2:513:5 | call to send | test3.cpp:513:18:513:22 | email | test3.cpp:513:18:513:22 | email | This operation transmits 'email', which may contain unencrypted sensitive data from $@ | test3.cpp:513:18:513:22 | email | email |

2
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test3.cpp
View File

@@ -507,7 +507,7 @@ void tests2(person_info *pi)
send(val(), pi->social_security_number, strlen(pi->social_security_number), val()); // BAD send(val(), pi->social_security_number, strlen(pi->social_security_number), val()); // BAD
send(val(), pi->socialSecurityNo, strlen(pi->socialSecurityNo), val()); // BAD send(val(), pi->socialSecurityNo, strlen(pi->socialSecurityNo), val()); // BAD
send(val(), pi->homePostCode, strlen(pi->homePostCode), val()); // BAD send(val(), pi->homePostCode, strlen(pi->homePostCode), val()); // BAD
send(val(), pi->my_zip_code, strlen(pi->my_zip_code), val()); // BAD [NOT DETECTED] send(val(), pi->my_zip_code, strlen(pi->my_zip_code), val()); // BAD
send(val(), pi->telephone, strlen(pi->telephone), val()); // BAD send(val(), pi->telephone, strlen(pi->telephone), val()); // BAD
send(val(), pi->mobile_phone_number, strlen(pi->mobile_phone_number), val()); // BAD send(val(), pi->mobile_phone_number, strlen(pi->mobile_phone_number), val()); // BAD
send(val(), pi->email, strlen(pi->email), val()); // BAD send(val(), pi->email, strlen(pi->email), val()); // BAD