mirror of
https://github.com/github/codeql.git
synced 2026-04-29 10:45:15 +02:00
Merge pull request #2113 from raulgarciamsft/users/raulga/boost
Users/raulga/boost
This commit is contained in:
Jonas Jensen
@@ -0,0 +1,7 @@
|
||||
| test.cpp:25:32:25:65 | call to context | Usage of $@ with protocol $@ is not configured correctly: The option $@. | test.cpp:25:32:25:65 | call to context | boost::asio::ssl::context::context | test.cpp:25:32:25:64 | sslv23 | sslv23 | test.cpp:25:32:25:65 | call to context | no_sslv3 has not been set |
|
||||
| test.cpp:31:32:31:65 | call to context | Usage of $@ with protocol $@ is not configured correctly: The option $@. | test.cpp:31:32:31:65 | call to context | boost::asio::ssl::context::context | test.cpp:31:32:31:64 | sslv23 | sslv23 | test.cpp:31:32:31:65 | call to context | no_sslv3 has not been set |
|
||||
| test.cpp:31:32:31:65 | call to context | Usage of $@ with protocol $@ is not configured correctly: The option $@. | test.cpp:31:32:31:65 | call to context | boost::asio::ssl::context::context | test.cpp:31:32:31:64 | sslv23 | sslv23 | test.cpp:31:32:31:65 | call to context | no_tlsv1 has not been set |
|
||||
| test.cpp:31:32:31:65 | call to context | Usage of $@ with protocol $@ is not configured correctly: The option $@. | test.cpp:31:32:31:65 | call to context | boost::asio::ssl::context::context | test.cpp:31:32:31:64 | sslv23 | sslv23 | test.cpp:31:32:31:65 | call to context | no_tlsv1_1 has not been set |
|
||||
| test.cpp:36:32:36:62 | call to context | Usage of $@ with protocol $@ is not configured correctly: The option $@. | test.cpp:36:32:36:62 | call to context | boost::asio::ssl::context::context | test.cpp:36:32:36:61 | tls | tls | test.cpp:36:32:36:62 | call to context | no_tlsv1 has not been set |
|
||||
| test.cpp:36:32:36:62 | call to context | Usage of $@ with protocol $@ is not configured correctly: The option $@. | test.cpp:36:32:36:62 | call to context | boost::asio::ssl::context::context | test.cpp:36:32:36:61 | tls | tls | test.cpp:36:32:36:62 | call to context | no_tlsv1_1 has not been set |
|
||||
| test.cpp:41:32:41:62 | call to context | Usage of $@ with protocol $@ is not configured correctly: The option $@. | test.cpp:41:32:41:62 | call to context | boost::asio::ssl::context::context | test.cpp:41:32:41:61 | tls | tls | test.cpp:43:6:43:16 | call to set_options | no_tlsv1_2 was set |
|
||||
@@ -0,0 +1 @@
|
||||
Likely Bugs/Protocols/boostorg/TlsSettingsMisconfiguration.ql
|
||||
@@ -0,0 +1,24 @@
|
||||
| test.cpp:50:38:50:69 | sslv2 | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:50:38:50:70 | call to context | boost::asio::ssl::context::context | test.cpp:50:38:50:69 | sslv2 | sslv2 | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
|
||||
| test.cpp:51:39:51:77 | sslv2_client | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:51:39:51:78 | call to context | boost::asio::ssl::context::context | test.cpp:51:39:51:77 | sslv2_client | sslv2_client | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
|
||||
| test.cpp:52:39:52:77 | sslv2_server | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:52:39:52:78 | call to context | boost::asio::ssl::context::context | test.cpp:52:39:52:77 | sslv2_server | sslv2_server | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
|
||||
| test.cpp:54:38:54:69 | sslv3 | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:54:38:54:70 | call to context | boost::asio::ssl::context::context | test.cpp:54:38:54:69 | sslv3 | sslv3 | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
|
||||
| test.cpp:55:39:55:77 | sslv3_client | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:55:39:55:78 | call to context | boost::asio::ssl::context::context | test.cpp:55:39:55:77 | sslv3_client | sslv3_client | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
|
||||
| test.cpp:56:39:56:77 | sslv3_server | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:56:39:56:78 | call to context | boost::asio::ssl::context::context | test.cpp:56:39:56:77 | sslv3_server | sslv3_server | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
|
||||
| test.cpp:58:38:58:69 | tlsv1 | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:58:38:58:70 | call to context | boost::asio::ssl::context::context | test.cpp:58:38:58:69 | tlsv1 | tlsv1 | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
|
||||
| test.cpp:59:39:59:77 | tlsv1_client | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:59:39:59:78 | call to context | boost::asio::ssl::context::context | test.cpp:59:39:59:77 | tlsv1_client | tlsv1_client | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
|
||||
| test.cpp:60:39:60:77 | tlsv1_server | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:60:39:60:78 | call to context | boost::asio::ssl::context::context | test.cpp:60:39:60:77 | tlsv1_server | tlsv1_server | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
|
||||
| test.cpp:62:39:62:71 | tlsv11 | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:62:39:62:72 | call to context | boost::asio::ssl::context::context | test.cpp:62:39:62:71 | tlsv11 | tlsv11 | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
|
||||
| test.cpp:63:40:63:79 | tlsv11_client | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:63:40:63:80 | call to context | boost::asio::ssl::context::context | test.cpp:63:40:63:79 | tlsv11_client | tlsv11_client | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
|
||||
| test.cpp:64:40:64:79 | tlsv11_server | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:64:40:64:80 | call to context | boost::asio::ssl::context::context | test.cpp:64:40:64:79 | tlsv11_server | tlsv11_server | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
|
||||
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:85:22:85:53 | sslv2 | sslv2 | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
|
||||
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:86:22:86:60 | sslv2_client | sslv2_client | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
|
||||
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:87:22:87:60 | sslv2_server | sslv2_server | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
|
||||
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:89:22:89:53 | sslv3 | sslv3 | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
|
||||
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:90:22:90:60 | sslv3_client | sslv3_client | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
|
||||
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:91:22:91:60 | sslv3_server | sslv3_server | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
|
||||
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:93:22:93:53 | tlsv1 | tlsv1 | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
|
||||
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:94:22:94:60 | tlsv1_client | tlsv1_client | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
|
||||
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:95:22:95:60 | tlsv1_server | tlsv1_server | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
|
||||
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:97:22:97:54 | tlsv11 | tlsv11 | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
|
||||
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:98:22:98:61 | tlsv11_client | tlsv11_client | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
|
||||
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:99:22:99:61 | tlsv11_server | tlsv11_server | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
|
||||
@@ -0,0 +1 @@
|
||||
Likely Bugs/Protocols/boostorg/UseOfDeprecatedHardcodedProtocol.ql
|
||||
@@ -0,0 +1,112 @@
|
||||
|
||||
#define SSL_OP_ALL 0x80000BFFU
|
||||
#define SSL_OP_NO_SSLv2 0
|
||||
#define SSL_OP_NO_SSLv3 0x02000000U
|
||||
#define SSL_OP_NO_TLSv1 0x04000000U
|
||||
#define SSL_OP_NO_TLSv1_1 0x10000000U
|
||||
#define SSL_OP_NO_TLSv1_2 0x08000000U
|
||||
#define SSL_OP_NO_TLSv1_3 0x20000000U
|
||||
|
||||
namespace boost {
|
||||
namespace asio {
|
||||
namespace ssl {
|
||||
|
||||
class context
|
||||
{
|
||||
public:
|
||||
/// Different methods supported by a context.
|
||||
enum method
|
||||
{
|
||||
/// Generic SSL version 2.
|
||||
sslv2,
|
||||
|
||||
/// SSL version 2 client.
|
||||
sslv2_client,
|
||||
|
||||
/// SSL version 2 server.
|
||||
sslv2_server,
|
||||
|
||||
/// Generic SSL version 3.
|
||||
sslv3,
|
||||
|
||||
/// SSL version 3 client.
|
||||
sslv3_client,
|
||||
|
||||
/// SSL version 3 server.
|
||||
sslv3_server,
|
||||
|
||||
/// Generic TLS version 1.
|
||||
tlsv1,
|
||||
|
||||
/// TLS version 1 client.
|
||||
tlsv1_client,
|
||||
|
||||
/// TLS version 1 server.
|
||||
tlsv1_server,
|
||||
|
||||
/// Generic SSL/TLS.
|
||||
sslv23,
|
||||
|
||||
/// SSL/TLS client.
|
||||
sslv23_client,
|
||||
|
||||
/// SSL/TLS server.
|
||||
sslv23_server,
|
||||
|
||||
/// Generic TLS version 1.1.
|
||||
tlsv11,
|
||||
|
||||
/// TLS version 1.1 client.
|
||||
tlsv11_client,
|
||||
|
||||
/// TLS version 1.1 server.
|
||||
tlsv11_server,
|
||||
|
||||
/// Generic TLS version 1.2.
|
||||
tlsv12,
|
||||
|
||||
/// TLS version 1.2 client.
|
||||
tlsv12_client,
|
||||
|
||||
/// TLS version 1.2 server.
|
||||
tlsv12_server,
|
||||
|
||||
/// Generic TLS version 1.3.
|
||||
tlsv13,
|
||||
|
||||
/// TLS version 1.3 client.
|
||||
tlsv13_client,
|
||||
|
||||
/// TLS version 1.3 server.
|
||||
tlsv13_server,
|
||||
|
||||
/// Generic TLS.
|
||||
tls,
|
||||
|
||||
/// TLS client.
|
||||
tls_client,
|
||||
|
||||
/// TLS server.
|
||||
tls_server
|
||||
};
|
||||
|
||||
/// Bitmask type for SSL options.
|
||||
typedef long options;
|
||||
|
||||
static const long default_workarounds = SSL_OP_ALL;
|
||||
static const long no_sslv2 = SSL_OP_NO_SSLv2;
|
||||
static const long no_sslv3 = SSL_OP_NO_SSLv3;
|
||||
static const long no_tlsv1 = SSL_OP_NO_TLSv1;
|
||||
static const long no_tlsv1_1 = SSL_OP_NO_TLSv1_1;
|
||||
static const long no_tlsv1_2 = SSL_OP_NO_TLSv1_2;
|
||||
static const long no_tlsv1_3 = SSL_OP_NO_TLSv1_3;
|
||||
|
||||
/// Constructor.
|
||||
explicit context(method m) {}
|
||||
|
||||
void context::set_options(context::options o) {}
|
||||
|
||||
};
|
||||
}
|
||||
}
|
||||
}
|
||||
110
cpp/ql/test/query-tests/Likely Bugs/Protocols/boostorg/test.cpp
Normal file
110
cpp/ql/test/query-tests/Likely Bugs/Protocols/boostorg/test.cpp
Normal file
@@ -0,0 +1,110 @@
|
||||
#include "asio/boost_simulation.hpp"
|
||||
|
||||
void SetOptionsNoOldTls(boost::asio::ssl::context& ctx)
|
||||
{
|
||||
ctx.set_options(boost::asio::ssl::context::no_tlsv1);
|
||||
ctx.set_options(boost::asio::ssl::context::no_tlsv1_1);
|
||||
}
|
||||
|
||||
void TestProperConfiguration_inter_CorrectUsage01()
|
||||
{
|
||||
boost::asio::ssl::context ctx(boost::asio::ssl::context::tls_client);
|
||||
SetOptionsNoOldTls(ctx);
|
||||
}
|
||||
|
||||
void TestProperConfiguration_inter_CorrectUsage02()
|
||||
{
|
||||
boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23);
|
||||
ctx.set_options(boost::asio::ssl::context::no_tlsv1 |
|
||||
boost::asio::ssl::context::no_tlsv1_1 |
|
||||
boost::asio::ssl::context::no_sslv3);
|
||||
}
|
||||
|
||||
void TestProperConfiguration_inter_IncorrectUsage01()
|
||||
{
|
||||
boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23); // BUG - missing disable SSLv3
|
||||
SetOptionsNoOldTls(ctx);
|
||||
}
|
||||
|
||||
void TestProperConfiguration_IncorrectUsage01()
|
||||
{
|
||||
boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23); // BUG
|
||||
}
|
||||
|
||||
void TestProperConfiguration_IncorrectUsage02()
|
||||
{
|
||||
boost::asio::ssl::context ctx(boost::asio::ssl::context::tls); // BUG
|
||||
}
|
||||
|
||||
void TestProperConfiguration_IncorrectUsage03()
|
||||
{
|
||||
boost::asio::ssl::context ctx(boost::asio::ssl::context::tls); // BUG
|
||||
SetOptionsNoOldTls(ctx);
|
||||
ctx.set_options(boost::asio::ssl::context::no_tlsv1 |
|
||||
boost::asio::ssl::context::no_tlsv1_2 ); // BUG - disabling TLS 1.2
|
||||
}
|
||||
|
||||
void TestHardcodedProtocols()
|
||||
{
|
||||
//////////////////////// Banned Hardcoded algorithms
|
||||
boost::asio::ssl::context cxt_sslv2(boost::asio::ssl::context::sslv2); // BUG
|
||||
boost::asio::ssl::context cxt_sslv2c(boost::asio::ssl::context::sslv2_client); // BUG
|
||||
boost::asio::ssl::context cxt_sslv2s(boost::asio::ssl::context::sslv2_server); // BUG
|
||||
|
||||
boost::asio::ssl::context cxt_sslv3(boost::asio::ssl::context::sslv3); // BUG
|
||||
boost::asio::ssl::context cxt_sslv3c(boost::asio::ssl::context::sslv3_client); // BUG
|
||||
boost::asio::ssl::context cxt_sslv3s(boost::asio::ssl::context::sslv3_server); // BUG
|
||||
|
||||
boost::asio::ssl::context cxt_tlsv1(boost::asio::ssl::context::tlsv1); // BUG
|
||||
boost::asio::ssl::context cxt_tlsv1c(boost::asio::ssl::context::tlsv1_client); // BUG
|
||||
boost::asio::ssl::context cxt_tlsv1s(boost::asio::ssl::context::tlsv1_server); // BUG
|
||||
|
||||
boost::asio::ssl::context cxt_tlsv11(boost::asio::ssl::context::tlsv11); // BUG
|
||||
boost::asio::ssl::context cxt_tlsv11c(boost::asio::ssl::context::tlsv11_client); // BUG
|
||||
boost::asio::ssl::context cxt_tlsv11s(boost::asio::ssl::context::tlsv11_server); // BUG
|
||||
|
||||
////////////////////// Hardcoded algorithms
|
||||
|
||||
boost::asio::ssl::context cxt_tlsv12(boost::asio::ssl::context::tlsv12); // BUG
|
||||
boost::asio::ssl::context cxt_tlsv12c(boost::asio::ssl::context::tlsv12_client); // BUG
|
||||
boost::asio::ssl::context cxt_tlsv12s(boost::asio::ssl::context::tlsv12_server); // BUG
|
||||
|
||||
boost::asio::ssl::context cxt_tlsv13(boost::asio::ssl::context::tlsv13); // BUG
|
||||
boost::asio::ssl::context cxt_tlsv13c(boost::asio::ssl::context::tlsv13_client); // BUG
|
||||
boost::asio::ssl::context cxt_tlsv13s(boost::asio::ssl::context::tlsv13_server); // BUG
|
||||
}
|
||||
|
||||
void InterProceduralTest(boost::asio::ssl::context::method m)
|
||||
{
|
||||
boost::asio::ssl::context cxt1(m); // BUG - Multiple hits (sink)
|
||||
}
|
||||
|
||||
void TestHardcodedProtocols_inter()
|
||||
{
|
||||
//////////////////////// Banned Hardcoded algorithms
|
||||
InterProceduralTest(boost::asio::ssl::context::sslv2); // BUG
|
||||
InterProceduralTest(boost::asio::ssl::context::sslv2_client); // BUG
|
||||
InterProceduralTest(boost::asio::ssl::context::sslv2_server); // BUG
|
||||
|
||||
InterProceduralTest(boost::asio::ssl::context::sslv3); // BUG
|
||||
InterProceduralTest(boost::asio::ssl::context::sslv3_client); // BUG
|
||||
InterProceduralTest(boost::asio::ssl::context::sslv3_server); // BUG
|
||||
|
||||
InterProceduralTest(boost::asio::ssl::context::tlsv1); // BUG
|
||||
InterProceduralTest(boost::asio::ssl::context::tlsv1_client); // BUG
|
||||
InterProceduralTest(boost::asio::ssl::context::tlsv1_server); // BUG
|
||||
|
||||
InterProceduralTest(boost::asio::ssl::context::tlsv11); // BUG
|
||||
InterProceduralTest(boost::asio::ssl::context::tlsv11_client); // BUG
|
||||
InterProceduralTest(boost::asio::ssl::context::tlsv11_server); // BUG
|
||||
|
||||
////////////////////// Hardcoded algorithms
|
||||
|
||||
InterProceduralTest(boost::asio::ssl::context::tlsv12); // BUG
|
||||
InterProceduralTest(boost::asio::ssl::context::tlsv12_client); // BUG
|
||||
InterProceduralTest(boost::asio::ssl::context::tlsv12_server); // BUG
|
||||
|
||||
InterProceduralTest(boost::asio::ssl::context::tlsv13); // BUG
|
||||
InterProceduralTest(boost::asio::ssl::context::tlsv13_client); // BUG
|
||||
InterProceduralTest(boost::asio::ssl::context::tlsv13_server); // BUG
|
||||
}
|
||||
Reference in New Issue
Block a user