hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Add basic test.

Browse Source
This commit is contained in:
Geoffrey White
2021-09-06 13:42:59 +01:00
parent 246302453f
commit cd5a5347fc
3 changed files with 64 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected Normal file
View File

@@ -0,0 +1,2 @@
| test3.cpp:39:3:39:6 | call to recv | test3.cpp:39:15:39:22 | password |
| test3.cpp:47:3:47:6 | call to recv | test3.cpp:47:15:47:22 | password |

1
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE/CWE-311/CleartextTransmission.ql

61
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test3.cpp Normal file
View File

@@ -0,0 +1,61 @@
typedef unsigned long size_t;
size_t strlen(const char *s);
void send(int a, const void *buf, size_t bufLen, int d);
void recv(int a, void *buf, size_t bufLen, int d);
void LogonUserA(int a, int b, const char *password, int d, int e, int f);
int val();
void test_send(const char *password1, const char *password2, const char *password_hash, const char *message)
{
{
LogonUserA(val(), val(), password1, val(), val(), val()); // proof `password` is plaintext
send(val(), password1, strlen(password1), val()); // BAD: `password` is sent plaintext (certainly) [NOT DETECTED]
}
{
send(val(), password2, strlen(password2), val()); // BAD: `password` is sent plaintext (probably) [NOT DETECTED]
}
{
send(val(), password_hash, strlen(password_hash), val()); // GOOD: `password` is sent encrypted
}
{
send(val(), message, strlen(message), val()); // GOOD: `message` is not a password
}
}
void test_receive()
{
{
char password[256];
recv(val(), password, 256, val()); // BAD: `password` is received plaintext (certainly)
LogonUserA(val(), val(), password, val(), val(), val()); // (proof `password` is plaintext)
}
{
char password[256];
recv(val(), password, 256, val()); // BAD: `password` is received plaintext (probably)
}
{
char password_hash[256];
recv(val(), password_hash, 256, val()); // GOOD: `password` is received encrypted
}
{
char message[256];
recv(val(), message, 256, val()); // GOOD: `message` is not a password
}
}