hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

pr fixes

Browse Source
This commit is contained in:
dilanbhalla
2020-08-10 15:14:12 -07:00
parent 48e540fa9a
commit dcfbb86674
4 changed files with 59 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-359/semmle/tests/PrivateCleartextWrite.expected
View File

@@ -1,6 +1,21 @@
| test.cpp:50:9:50:18 | theZipcode | This write may contain unencrypted data |
| test.cpp:66:24:66:30 | medical | This write may contain unencrypted data |
| test.cpp:70:24:70:27 | temp | This write may contain unencrypted data |
| test.cpp:74:24:74:28 | buff5 | This write may contain unencrypted data |
| test.cpp:87:37:87:46 | theZipcode | This write may contain unencrypted data |
| test.cpp:90:42:90:51 | theZipcode | This write may contain unencrypted data |
edges
| test.cpp:77:16:77:22 | medical | test.cpp:78:24:78:27 | temp |
| test.cpp:81:17:81:20 | call to func | test.cpp:82:24:82:28 | buff5 |
| test.cpp:81:22:81:28 | medical | test.cpp:81:17:81:20 | call to func |
nodes
| test.cpp:57:9:57:18 | theZipcode | semmle.label | theZipcode |
| test.cpp:74:24:74:30 | medical | semmle.label | medical |
| test.cpp:77:16:77:22 | medical | semmle.label | medical |
| test.cpp:78:24:78:27 | temp | semmle.label | temp |
| test.cpp:81:17:81:20 | call to func | semmle.label | call to func |
| test.cpp:81:22:81:28 | medical | semmle.label | medical |
| test.cpp:82:24:82:28 | buff5 | semmle.label | buff5 |
| test.cpp:96:37:96:46 | theZipcode | semmle.label | theZipcode |
| test.cpp:99:42:99:51 | theZipcode | semmle.label | theZipcode |
#select
| test.cpp:57:9:57:18 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@ | test.cpp:57:9:57:18 | theZipcode | this source. |
| test.cpp:74:24:74:30 | medical | This write into the external location 'medical' may contain unencrypted data from $@ | test.cpp:74:24:74:30 | medical | this source. |
| test.cpp:78:24:78:27 | temp | This write into the external location 'temp' may contain unencrypted data from $@ | test.cpp:77:16:77:22 | medical | this source. |
| test.cpp:82:24:82:28 | buff5 | This write into the external location 'buff5' may contain unencrypted data from $@ | test.cpp:81:22:81:28 | medical | this source. |
| test.cpp:96:37:96:46 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@ | test.cpp:96:37:96:46 | theZipcode | this source. |
| test.cpp:99:42:99:51 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@ | test.cpp:99:42:99:51 | theZipcode | this source. |

53
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-359/semmle/tests/test.cpp
View File

@@ -4,7 +4,7 @@
typedef int streamsize;
size_t fwrite(const void *ptr, size_t size, size_t nmemb, FILE *stream);
int fputs(const char *s, FILE *stream);
int fputs(const char *s, FILE *stream);
int fputc(int c, FILE *stream);
int fprintf(FILE *stream, const char *format, ...);
int sprintf(char *s, const char *format, ...);
@@ -12,37 +12,44 @@ size_t strlen(const char *s);
namespace std
{
template<class charT> struct char_traits;
template <class charT>
struct char_traits;
template <class charT, class traits = char_traits<charT> >
class basic_ostream /*: virtual public basic_ios<charT,traits> - not needed for this test */ {
public:
typedef charT char_type;
basic_ostream<charT,traits>& write(const char_type* s, streamsize n);
};
template <class charT, class traits = char_traits<charT>>
class basic_ostream /*: virtual public basic_ios<charT,traits> - not needed for this test */
{
public:
typedef charT char_type;
basic_ostream<charT, traits> &write(const char_type *s, streamsize n);
};
template <class charT, class traits = char_traits<charT> >
class basic_ofstream : public basic_ostream<charT,traits> {
public:
};
template <class charT, class traits = char_traits<charT>>
class basic_ofstream : public basic_ostream<charT, traits>
{
public:
};
template<class charT, class traits> basic_ostream<charT,traits>& operator<<(basic_ostream<charT,traits>&, const charT*);
template <class charT, class traits>
basic_ostream<charT, traits> &operator<<(basic_ostream<charT, traits> &, const charT *);
typedef basic_ostream<char> ostream;
typedef basic_ofstream<char> ofstream;
};
typedef basic_ostream<char> ostream;
typedef basic_ofstream<char> ofstream;
}; // namespace std
using namespace std;
char *encrypt(char *buffer) {
char *encrypt(char *buffer)
{
return buffer;
}
char *func(char *buffer) {
char *func(char *buffer)
{
return buffer;
}
// test for CleartextFileWrite
void file() {
void file()
{
char *theZipcode = "cleartext zipcode!";
FILE *file;
@@ -55,7 +62,8 @@ void file() {
}
// test for CleartextBufferWrite
int main(int argc, char** argv) {
int main(int argc, char **argv)
{
char *medical = "medical";
char *buff1;
char *buff2;
@@ -75,11 +83,12 @@ int main(int argc, char** argv) {
char *buff6 = encrypt(medical);
// GOOD: encrypt first
sprintf(buff4, "%s", buff6);
sprintf(buff4, "%s", buff6);
}
// test for CleartextFileWrite
void stream() {
void stream()
{
char *theZipcode = "cleartext zipcode!";
ofstream mystream;