hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: In fact it's just not good enough to get additional evidence from the declaring type.

Browse Source
This commit is contained in:
Geoffrey White
2021-05-18 14:30:48 +01:00
parent 88dc0861ac
commit cdf261b54b
3 changed files with 3 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
View File

@@ -31,8 +31,7 @@ Function getAnInsecureEncryptionFunction() {
Function getAdditionalEvidenceFunction() {
(
isEncryptionAdditionalEvidence(result.getName()) or
isEncryptionAdditionalEvidence(result.getAParameter().getName()) or
isEncryptionAdditionalEvidence(result.getDeclaringType().getName())
isEncryptionAdditionalEvidence(result.getAParameter().getName())
) and
exists(result.getACallToThisFunction())
}

2
cpp/ql/test/query-tests/Security/CWE/CWE-327/BrokenCryptoAlgorithm.expected
View File

@@ -7,9 +7,7 @@
| test2.cpp:182:38:182:45 | ALGO_DES | This macro invocation specifies a broken or weak cryptographic algorithm. |
| test2.cpp:185:38:185:44 | USE_DES | This enum constant access specifies a broken or weak cryptographic algorithm. |
| test2.cpp:238:2:238:20 | call to encrypt | This function call specifies a broken or weak cryptographic algorithm. |
| test2.cpp:240:2:240:28 | call to doSomethingElse | This function call specifies a broken or weak cryptographic algorithm. |
| test2.cpp:245:5:245:11 | call to encrypt | This function call specifies a broken or weak cryptographic algorithm. |
| test2.cpp:247:5:247:19 | call to doSomethingElse | This function call specifies a broken or weak cryptographic algorithm. |
| test.cpp:38:2:38:31 | ENCRYPT_WITH_DES(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
| test.cpp:39:2:39:31 | ENCRYPT_WITH_RC2(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
| test.cpp:41:2:41:32 | ENCRYPT_WITH_3DES(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |

4
cpp/ql/test/query-tests/Security/CWE/CWE-327/test2.cpp
View File

@@ -237,14 +237,14 @@ void do_classes(const char *data)
{
desEncrypt::encrypt(data); // BAD
aes256Encrypt::encrypt(data); // GOOD
desEncrypt::doSomethingElse(); // GOOD [FALSE POSITIVE]
desEncrypt::doSomethingElse(); // GOOD
aes256Encrypt::doSomethingElse(); // GOOD
desCipher dc;
aesCipher ac;
dc.encrypt(data); // BAD
ac.encrypt(data); // GOOD
dc.doSomethingElse(); // GOOD [FALSE POSITIVE]
dc.doSomethingElse(); // GOOD
ac.doSomethingElse(); // GOOD
}