hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Support more routines as proof-of-encryption in cpp/cleartext-transmission.

Browse Source
This commit is contained in:
Geoffrey White
2021-12-06 16:44:13 +00:00
parent 974a8b1a9a
commit d77ba020f9
3 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
View File

@@ -85,6 +85,8 @@ edges
| test3.cpp:350:9:350:16 | password | test3.cpp:353:4:353:18 | call to decrypt_inplace |
| test3.cpp:350:9:350:16 | password | test3.cpp:353:20:353:27 | password |
| test3.cpp:366:8:366:15 | password | test3.cpp:368:15:368:22 | password |
| test3.cpp:366:8:366:15 | password | test3.cpp:374:3:374:18 | call to SecureZeroBuffer |
| test3.cpp:366:8:366:15 | password | test3.cpp:374:20:374:27 | password |
| test.cpp:41:23:41:43 | cleartext password! | test.cpp:48:21:48:27 | call to encrypt |
| test.cpp:41:23:41:43 | cleartext password! | test.cpp:48:29:48:39 | thePassword |
| test.cpp:66:23:66:43 | cleartext password! | test.cpp:76:21:76:27 | call to encrypt |
@@ -198,6 +200,8 @@ nodes
| test3.cpp:353:20:353:27 | password | semmle.label | password |
| test3.cpp:366:8:366:15 | password | semmle.label | password |
| test3.cpp:368:15:368:22 | password | semmle.label | password |
| test3.cpp:374:3:374:18 | call to SecureZeroBuffer | semmle.label | call to SecureZeroBuffer |
| test3.cpp:374:20:374:27 | password | semmle.label | password |
| test.cpp:41:23:41:43 | cleartext password! | semmle.label | cleartext password! |
| test.cpp:48:21:48:27 | call to encrypt | semmle.label | call to encrypt |
| test.cpp:48:29:48:39 | thePassword | semmle.label | thePassword |
@@ -229,4 +233,3 @@ subpaths
| test3.cpp:295:2:295:5 | call to send | test3.cpp:308:58:308:66 | password2 | test3.cpp:295:14:295:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@ | test3.cpp:308:58:308:66 | password2 | password2 |
| test3.cpp:300:2:300:5 | call to send | test3.cpp:308:58:308:66 | password2 | test3.cpp:300:14:300:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@ | test3.cpp:308:58:308:66 | password2 | password2 |
| test3.cpp:341:4:341:7 | call to recv | test3.cpp:339:9:339:16 | password | test3.cpp:341:16:341:23 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@ | test3.cpp:339:9:339:16 | password | password |
| test3.cpp:368:3:368:6 | call to recv | test3.cpp:366:8:366:15 | password | test3.cpp:368:15:368:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@ | test3.cpp:366:8:366:15 | password | password |

2
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test3.cpp
View File

@@ -365,7 +365,7 @@ void test_securezero()
{
char password[256];
recv(val(), password, 256, val()); // GOOD: password is (probably) encrypted [FALSE POSITIVE]
recv(val(), password, 256, val()); // GOOD: password is (probably) encrypted
DoDisguisedOperation(password, 256); // decryption (disguised)