Merge pull request #7881 from geoffw0/clrtxtperf

CPP: Fix performance for cpp/cleartext-transmission
2026-06-15 09:51:09 +02:00 · 2022-02-09 09:03:44 +00:00
parent 3206384884 6005f3d2d4
commit bbbb5268ce
1 changed files with 12 additions and 5 deletions
--- a/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
+++ b/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
@@ -168,6 +168,16 @@ class NetworkRecv extends NetworkSendRecv {
  override Recv target;
 }

+pragma[noinline]
+predicate encryptionFunction(Function f) {
+  f.getName().toLowerCase().regexpMatch(".*(crypt|encode|decode|hash|securezero).*")
+}
+
+pragma[noinline]
+predicate encryptionType(UserType t) {
+  t.getName().toLowerCase().regexpMatch(".*(crypt|encode|decode|hash|securezero).*")
+}
+
 /**
 * An expression that is an argument or return value from an encryption /
 * decryption call. This is quite inclusive to minimize false positives, for
@@ -177,10 +187,7 @@ class NetworkRecv extends NetworkSendRecv {
 class Encrypted extends Expr {
  Encrypted() {
    exists(FunctionCall fc |
-      fc.getTarget()
-          .getName()
-          .toLowerCase()
-          .regexpMatch(".*(crypt|encode|decode|hash|securezero).*") and
+      encryptionFunction(fc.getTarget()) and
      (
        this = fc or
        this = fc.getAnArgument()
@@ -189,7 +196,7 @@ class Encrypted extends Expr {
    or
    exists(Type t |
      this.getType().refersTo(t) and
-      t.getName().toLowerCase().regexpMatch(".*(crypt|encode|decode|hash|securezero).*")
+      encryptionType(t)
    )
  }
 }