hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ginsbach/OverlayLocalJava
codeql/cpp/ql/test/query-tests/Security/CWE/CWE-327/test.cpp
Geoffrey White e5147c2a1f C++: Exclude functions that don't involve buffers.
2021-06-17 14:33:16 +01:00

125 lines
4.6 KiB
C++
Raw Permalink Blame History

typedef unsigned long size_t;
// --- simple encryption macro invocations ---
void my_implementation1(void *data, size_t amount);
void my_implementation2(void *data, size_t amount);
void my_implementation3(void *data, size_t amount);
void my_implementation4(void *data, size_t amount);
void my_implementation5(void *data, size_t amount);
void my_implementation6(const char *str);
#define ENCRYPT_WITH_DES(data, amount) my_implementation1(data, amount)
#define ENCRYPT_WITH_RC2(data, amount) my_implementation2(data, amount)
#define ENCRYPT_WITH_AES(data, amount) my_implementation3(data, amount)
#define ENCRYPT_WITH_3DES(data, amount) my_implementation4(data, amount)
#define ENCRYPT_WITH_TRIPLE_DES(data, amount) my_implementation4(data, amount)
#define ENCRYPT_WITH_RC20(data, amount) my_implementation5(data, amount)
#define ENCRYPT_WITH_DES_REMOVED(data, amount)
#define DESENCRYPT(data, amount) my_implementation1(data, amount)
#define RC2ENCRYPT(data, amount) my_implementation2(data, amount)
#define AESENCRYPT(data, amount) my_implementation3(data, amount)
#define DES3ENCRYPT(data, amount) my_implementation4(data, amount)
#define DES_DO_ENCRYPTION(data, amount) my_implementation1(data, amount)
#define RUN_DES_ENCODING(data, amount) my_implementation1(data, amount)
#define DES_ENCODE(data, amount) my_implementation1(data, amount)
#define DES_SET_KEY(data, amount) my_implementation1(data, amount)
#define DES(str) my_implementation6(str)
#define DESMOND(str) my_implementation6(str)
#define ANODES(str) my_implementation6(str)
#define SORT_ORDER_DES (1)
void test_macros(void *data, size_t amount, const char *str)
{
ENCRYPT_WITH_DES(data, amount); // BAD
ENCRYPT_WITH_RC2(data, amount); // BAD
ENCRYPT_WITH_AES(data, amount); // GOOD (good algorithm)
ENCRYPT_WITH_3DES(data, amount); // BAD
ENCRYPT_WITH_TRIPLE_DES(data, amount); // BAD
ENCRYPT_WITH_RC20(data, amount); // GOOD (if there ever is an RC20 algorithm, we have no reason to believe it's weak)
ENCRYPT_WITH_DES_REMOVED(data, amount); // GOOD (implementation has been deleted)
DESENCRYPT(data, amount); // BAD [NOT DETECTED]
RC2ENCRYPT(data, amount); // BAD [NOT DETECTED]
AESENCRYPT(data, amount); // GOOD (good algorithm)
DES3ENCRYPT(data, amount); // BAD [NOT DETECTED]
DES_DO_ENCRYPTION(data, amount); // BAD
RUN_DES_ENCODING(data, amount); // BAD
DES_ENCODE(data, amount); // BAD
DES_SET_KEY(data, amount); // BAD
DES(str); // GOOD (probably nothing to do with encryption)
DESMOND(str); // GOOD (probably nothing to do with encryption)
ANODES(str); // GOOD (probably nothing to do with encryption)
int ord = SORT_ORDER_DES; // GOOD (probably nothing to do with encryption)
}
// --- simple encryption function calls ---
void encryptDES(void *data, size_t amount);
void encryptRC2(void *data, size_t amount);
void encryptAES(void *data, size_t amount);
void encrypt3DES(void *data, size_t amount);
void encryptTripleDES(void *data, size_t amount);
void DESEncrypt(void *data, size_t amount);
void RC2Encrypt(void *data, size_t amount);
void AESEncrypt(void *data, size_t amount);
void DES3Encrypt(void *data, size_t amount);
void DoDESEncryption(void *data, size_t amount);
void encryptDes(void *data, size_t amount);
void do_des_encrypt(void *data, size_t amount);
void DES_Set_Key(const char *key);
void DESSetKey(const char *key);
int Des();
void Desmond(const char *str);
void Anodes(int i);
void ConDes();
void test_functions(void *data, size_t amount, const char *str)
{
encryptDES(data, amount); // BAD
encryptRC2(data, amount); // BAD
encryptAES(data, amount); // GOOD (good algorithm)
encrypt3DES(data, amount); // BAD
encryptTripleDES(data, amount); // BAD
DESEncrypt(data, amount); // BAD [NOT DETECTED]
RC2Encrypt(data, amount); // BAD [NOT DETECTED]
AESEncrypt(data, amount); // GOOD (good algorithm)
DES3Encrypt(data, amount); // BAD [NOT DETECTED]
DoDESEncryption(data, amount); // BAD [NOT DETECTED]
encryptDes(data, amount); // BAD [NOT DETECTED]
do_des_encrypt(data, amount); // BAD
DES_Set_Key(str); // BAD [NOT DETECTED]
DESSetKey(str); // BAD [NOT DETECTED]
Des(); // GOOD (probably nothing to do with encryption)
Desmond(str); // GOOD (probably nothing to do with encryption)
Anodes(1); // GOOD (probably nothing to do with encryption)
ConDes(); // GOOD (probably nothing to do with encryption)
}
// --- macros for functions with no arguments ---
void my_implementation7();
void my_implementation8();
#define INIT_ENCRYPT_WITH_DES() my_implementation7()
#define INIT_ENCRYPT_WITH_AES() my_implementation8()
void test_macros2()
{
INIT_ENCRYPT_WITH_DES(); // BAD [NOT DETECTED]
INIT_ENCRYPT_WITH_AES(); // GOOD (good algorithm)
// ...
}
Reference in New Issue View Git Blame Copy Permalink