C++: Only look for sensitive strings in appropriate parameters.

2026-04-29 10:45:15 +02:00 · 2022-03-07 09:47:11 +00:00
parent f1d6234483
commit cb33ed4fc2
1 changed files with 7 additions and 1 deletions
--- a/cpp/ql/src/Security/CWE/CWE-497/SystemData.qll
+++ b/cpp/ql/src/Security/CWE/CWE-497/SystemData.qll
@@ -311,6 +311,12 @@ class RegQuery extends SystemData {
  override Expr getAnExpr() { regQuery(this, TReturnData(result)) }

  override predicate isSensitive() {
-    this.(FunctionCall).getAnArgument().getValue().toLowerCase().regexpMatch(".*(pass|token|key).*")
+    exists(Expr e |
+      (
+        regQuery(this, TSubKeyName(e)) or
+        regQuery(this, TValueName(e))
+      ) and
+      e.getValue().toLowerCase().regexpMatch(".*(pass|token|key).*")
+    )
  }
 }