hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2023-02-10 09:23:37 +00:00
parent 8f15abc285 1bd223b8c8
commit e1aef3127c
697 changed files with 97120 additions and 9636 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-805/semmle/tests/BufferAccessWithIncorrectLengthValue.expected Normal file
View File

@@ -0,0 +1 @@
| test.cpp:27:5:27:21 | call to X509_NAME_oneline | Access beyond the bounds of the allocated memory is possible, the size argument used is greater than the size of the buffer. |

1
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-805/semmle/tests/BufferAccessWithIncorrectLengthValue.qlref Normal file
View File

@@ -0,0 +1 @@
experimental/Security/CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql

31
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-805/semmle/tests/test.cpp Normal file
View File

@@ -0,0 +1,31 @@
struct X509_NAME {};
struct SSL {};
struct X509 {};
char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
X509 *SSL_get_peer_certificate(const SSL *ssl);
X509_NAME *X509_get_subject_name(const X509 *x);
char *strcasestr(char *a, char *b);
bool goodTest1(SSL *ssl,char *text)
{
X509 *peer;
char buf[256];
if( peer = SSL_get_peer_certificate(ssl))
{
X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof(buf)); // GOOD
if((char*)strcasestr(buf,text)) return true;
}
return false;
}
bool badTest1(SSL *ssl,char *text)
{
X509 *peer;
char buf[256];
if( peer = SSL_get_peer_certificate(ssl))
{
X509_NAME_oneline(X509_get_subject_name(peer),buf,1024); // BAD
if((char*)strcasestr(buf,text)) return true;
}
return false;
}