C++: Support more routines as proof-of-encryption in cpp/cleartext-transmission.

2026-04-21 06:55:31 +02:00 · 2021-12-06 16:44:13 +00:00
parent 974a8b1a9a
commit d77ba020f9
3 changed files with 13 additions and 5 deletions
--- a/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
+++ b/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
@@ -147,13 +147,18 @@ class NetworkRecv extends NetworkSendRecv {
 }

 /**
- * An expression that is an argument or return value from an encryption or
- * decryption call.
+ * An expression that is an argument or return value from an encryption /
+ * decryption call. This is quite inclusive to minimize false positives, for
+ * example `SecureZeroMemory` is not an encryption routine but a clue that
+ * encryption may be present.
 */
 class Encrypted extends Expr {
  Encrypted() {
    exists(FunctionCall fc |
-      fc.getTarget().getName().toLowerCase().regexpMatch(".*(crypt|encode|decode).*") and
+      fc.getTarget()
+          .getName()
+          .toLowerCase()
+          .regexpMatch(".*(crypt|encode|decode|hash|securezero).*") and
      (
        this = fc or
        this = fc.getAnArgument()