hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-15 18:01:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7881 from geoffw0/clrtxtperf

Browse Source 
CPP: Fix performance for cpp/cleartext-transmission
This commit is contained in:
Mathias Vorreiter Pedersen
2022-02-09 09:03:44 +00:00
committed by GitHub
parent 3206384884 6005f3d2d4
commit bbbb5268ce
1 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
View File

@@ -168,6 +168,16 @@ class NetworkRecv extends NetworkSendRecv {
override Recv target; override Recv target;
} }
pragma[noinline]
predicate encryptionFunction(Function f) {
f.getName().toLowerCase().regexpMatch(".*(crypt|encode|decode|hash|securezero).*")
}
pragma[noinline]
predicate encryptionType(UserType t) {
t.getName().toLowerCase().regexpMatch(".*(crypt|encode|decode|hash|securezero).*")
}
/** /**
* An expression that is an argument or return value from an encryption / * An expression that is an argument or return value from an encryption /
* decryption call. This is quite inclusive to minimize false positives, for * decryption call. This is quite inclusive to minimize false positives, for
@@ -177,10 +187,7 @@ class NetworkRecv extends NetworkSendRecv {
class Encrypted extends Expr { class Encrypted extends Expr {
Encrypted() { Encrypted() {
exists(FunctionCall fc | exists(FunctionCall fc |
fc.getTarget() encryptionFunction(fc.getTarget()) and
.getName()
.toLowerCase()
.regexpMatch(".*(crypt|encode|decode|hash|securezero).*") and
( (
this = fc or this = fc or
this = fc.getAnArgument() this = fc.getAnArgument()
@@ -189,7 +196,7 @@ class Encrypted extends Expr {
or or
exists(Type t | exists(Type t |
this.getType().refersTo(t) and this.getType().refersTo(t) and
t.getName().toLowerCase().regexpMatch(".*(crypt|encode|decode|hash|securezero).*") encryptionType(t)
) )
} }
} }