hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

C++: Add test cases based on some remaining real world FPs.

Browse Source
This commit is contained in:
Geoffrey White
2022-02-02 16:15:59 +00:00
parent 7bb11b837c
commit cc20969bdd
2 changed files with 45 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
View File

@@ -89,6 +89,10 @@ edges
| test3.cpp:398:18:398:25 | password | test3.cpp:400:15:400:23 | & ... | | test3.cpp:398:18:398:25 | password | test3.cpp:400:15:400:23 | & ... |
| test3.cpp:398:18:398:25 | password | test3.cpp:400:16:400:23 | password | | test3.cpp:398:18:398:25 | password | test3.cpp:400:16:400:23 | password |
| test3.cpp:398:18:398:25 | password | test3.cpp:400:33:400:40 | password | | test3.cpp:398:18:398:25 | password | test3.cpp:400:33:400:40 | password |
| test3.cpp:429:7:429:14 | password | test3.cpp:431:8:431:15 | password |
| test3.cpp:436:7:436:14 | password | test3.cpp:439:8:439:15 | password |
| test3.cpp:436:7:436:14 | password | test3.cpp:440:8:440:15 | password |
| test3.cpp:448:7:448:14 | password | test3.cpp:452:10:452:17 | password |
| test.cpp:41:23:41:43 | cleartext password! | test.cpp:48:21:48:27 | call to encrypt | | test.cpp:41:23:41:43 | cleartext password! | test.cpp:48:21:48:27 | call to encrypt |
| test.cpp:41:23:41:43 | cleartext password! | test.cpp:48:29:48:39 | thePassword | | test.cpp:41:23:41:43 | cleartext password! | test.cpp:48:29:48:39 | thePassword |
| test.cpp:66:23:66:43 | cleartext password! | test.cpp:76:21:76:27 | call to encrypt | | test.cpp:66:23:66:43 | cleartext password! | test.cpp:76:21:76:27 | call to encrypt |
@@ -208,6 +212,13 @@ nodes
| test3.cpp:400:15:400:23 | & ... | semmle.label | & ... | | test3.cpp:400:15:400:23 | & ... | semmle.label | & ... |
| test3.cpp:400:16:400:23 | password | semmle.label | password | | test3.cpp:400:16:400:23 | password | semmle.label | password |
| test3.cpp:400:33:400:40 | password | semmle.label | password | | test3.cpp:400:33:400:40 | password | semmle.label | password |
| test3.cpp:429:7:429:14 | password | semmle.label | password |
| test3.cpp:431:8:431:15 | password | semmle.label | password |
| test3.cpp:436:7:436:14 | password | semmle.label | password |
| test3.cpp:439:8:439:15 | password | semmle.label | password |
| test3.cpp:440:8:440:15 | password | semmle.label | password |
| test3.cpp:448:7:448:14 | password | semmle.label | password |
| test3.cpp:452:10:452:17 | password | semmle.label | password |
| test.cpp:41:23:41:43 | cleartext password! | semmle.label | cleartext password! | | test.cpp:41:23:41:43 | cleartext password! | semmle.label | cleartext password! |
| test.cpp:48:21:48:27 | call to encrypt | semmle.label | call to encrypt | | test.cpp:48:21:48:27 | call to encrypt | semmle.label | call to encrypt |
| test.cpp:48:29:48:39 | thePassword | semmle.label | thePassword | | test.cpp:48:29:48:39 | thePassword | semmle.label | thePassword |
@@ -238,3 +249,7 @@ subpaths
| test3.cpp:300:2:300:5 | call to send | test3.cpp:308:58:308:66 | password2 | test3.cpp:300:14:300:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@ | test3.cpp:308:58:308:66 | password2 | password2 | | test3.cpp:300:2:300:5 | call to send | test3.cpp:308:58:308:66 | password2 | test3.cpp:300:14:300:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@ | test3.cpp:308:58:308:66 | password2 | password2 |
| test3.cpp:341:4:341:7 | call to recv | test3.cpp:339:9:339:16 | password | test3.cpp:341:16:341:23 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@ | test3.cpp:339:9:339:16 | password | password | | test3.cpp:341:4:341:7 | call to recv | test3.cpp:339:9:339:16 | password | test3.cpp:341:16:341:23 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@ | test3.cpp:339:9:339:16 | password | password |
| test3.cpp:388:3:388:6 | call to recv | test3.cpp:386:8:386:15 | password | test3.cpp:388:15:388:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@ | test3.cpp:386:8:386:15 | password | password | | test3.cpp:388:3:388:6 | call to recv | test3.cpp:386:8:386:15 | password | test3.cpp:388:15:388:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@ | test3.cpp:386:8:386:15 | password | password |
| test3.cpp:431:2:431:6 | call to fgets | test3.cpp:429:7:429:14 | password | test3.cpp:431:8:431:15 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@ | test3.cpp:429:7:429:14 | password | password |
| test3.cpp:439:2:439:6 | call to fgets | test3.cpp:436:7:436:14 | password | test3.cpp:439:8:439:15 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@ | test3.cpp:436:7:436:14 | password | password |
| test3.cpp:440:2:440:6 | call to fgets | test3.cpp:436:7:436:14 | password | test3.cpp:440:8:440:15 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@ | test3.cpp:436:7:436:14 | password | password |
| test3.cpp:452:2:452:5 | call to recv | test3.cpp:448:7:448:14 | password | test3.cpp:452:10:452:17 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@ | test3.cpp:448:7:448:14 | password | password |

30
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test3.cpp
View File

@@ -421,3 +421,33 @@ void test_member_password()
decrypt_inplace(p.password); // proof that `password` was in fact encrypted decrypt_inplace(p.password); // proof that `password` was in fact encrypted
} }
} }
extern FILE *stdin;
void test_stdin_param(FILE *stream)
{
char password[128];
fgets(password, 128, stream); // GOOD: from standard input (see call below) [FALSE POSITIVE]
}
void test_stdin()
{
char password[128];
FILE *f = stdin;
fgets(password, 128, stdin); // GOOD: from standard input [FALSE POSITIVE]
fgets(password, 128, f); // GOOD: from standard input [FALSE POSITIVE]
test_stdin_param(stdin);
}
int open(const char *filename, int b);
void test_tty()
{
char password[256];
int f;
f = open("/dev/tty", val());
recv(f, password, 256, val()); // GOOD: from terminal [FALSE POSITIVE]
}