Skip to content

Commit 041c2c7

Browse files
geoffw0geoffw0
committed
C++: Separate two test cases slightly so that we get clearer test coverage of the interprocedural / multi-path cases.
1 parent 23d4d03 commit 041c2c7

File tree

2 files changed

+38
-51
lines changed

2 files changed

+38
-51
lines changed

cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected

Lines changed: 29 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -56,37 +56,26 @@ edges
5656
| test3.cpp:278:20:278:23 | data | test3.cpp:280:14:280:17 | data |
5757
| test3.cpp:283:20:283:23 | data | test3.cpp:283:20:283:23 | data |
5858
| test3.cpp:283:20:283:23 | data | test3.cpp:285:14:285:17 | data |
59-
| test3.cpp:288:20:288:23 | data | test3.cpp:288:20:288:23 | data |
6059
| test3.cpp:288:20:288:23 | data | test3.cpp:290:14:290:17 | data |
6160
| test3.cpp:293:20:293:23 | data | test3.cpp:293:20:293:23 | data |
6261
| test3.cpp:293:20:293:23 | data | test3.cpp:295:14:295:17 | data |
6362
| test3.cpp:298:20:298:23 | data | test3.cpp:300:14:300:17 | data |
64-
| test3.cpp:308:41:308:48 | password | test3.cpp:312:3:312:17 | call to encrypt_inplace |
65-
| test3.cpp:308:41:308:48 | password | test3.cpp:312:19:312:26 | password |
66-
| test3.cpp:308:41:308:48 | password | test3.cpp:313:11:313:18 | password |
67-
| test3.cpp:308:41:308:48 | password | test3.cpp:314:11:314:18 | password |
68-
| test3.cpp:308:41:308:48 | password | test3.cpp:316:11:316:18 | password |
69-
| test3.cpp:308:41:308:48 | password | test3.cpp:317:11:317:18 | password |
70-
| test3.cpp:308:41:308:48 | password | test3.cpp:324:11:324:14 | data |
71-
| test3.cpp:308:41:308:48 | password | test3.cpp:325:11:325:14 | data |
72-
| test3.cpp:313:11:313:18 | password | test3.cpp:278:20:278:23 | data |
73-
| test3.cpp:313:11:313:18 | password | test3.cpp:313:11:313:18 | ref arg password |
74-
| test3.cpp:313:11:313:18 | ref arg password | test3.cpp:314:11:314:18 | password |
75-
| test3.cpp:313:11:313:18 | ref arg password | test3.cpp:324:11:324:14 | data |
76-
| test3.cpp:313:11:313:18 | ref arg password | test3.cpp:325:11:325:14 | data |
77-
| test3.cpp:314:11:314:18 | password | test3.cpp:283:20:283:23 | data |
78-
| test3.cpp:314:11:314:18 | password | test3.cpp:314:11:314:18 | ref arg password |
79-
| test3.cpp:314:11:314:18 | ref arg password | test3.cpp:324:11:324:14 | data |
80-
| test3.cpp:314:11:314:18 | ref arg password | test3.cpp:325:11:325:14 | data |
81-
| test3.cpp:316:11:316:18 | password | test3.cpp:283:20:283:23 | data |
82-
| test3.cpp:316:11:316:18 | password | test3.cpp:316:11:316:18 | ref arg password |
83-
| test3.cpp:316:11:316:18 | ref arg password | test3.cpp:317:11:317:18 | password |
84-
| test3.cpp:316:11:316:18 | ref arg password | test3.cpp:324:11:324:14 | data |
85-
| test3.cpp:316:11:316:18 | ref arg password | test3.cpp:325:11:325:14 | data |
86-
| test3.cpp:317:11:317:18 | password | test3.cpp:288:20:288:23 | data |
87-
| test3.cpp:317:11:317:18 | password | test3.cpp:317:11:317:18 | ref arg password |
88-
| test3.cpp:317:11:317:18 | ref arg password | test3.cpp:324:11:324:14 | data |
89-
| test3.cpp:317:11:317:18 | ref arg password | test3.cpp:325:11:325:14 | data |
63+
| test3.cpp:308:41:308:49 | password1 | test3.cpp:312:3:312:17 | call to encrypt_inplace |
64+
| test3.cpp:308:41:308:49 | password1 | test3.cpp:312:19:312:27 | password1 |
65+
| test3.cpp:308:41:308:49 | password1 | test3.cpp:313:11:313:19 | password1 |
66+
| test3.cpp:308:41:308:49 | password1 | test3.cpp:314:11:314:19 | password1 |
67+
| test3.cpp:308:41:308:49 | password1 | test3.cpp:316:11:316:19 | password1 |
68+
| test3.cpp:308:41:308:49 | password1 | test3.cpp:317:11:317:19 | password1 |
69+
| test3.cpp:308:58:308:66 | password2 | test3.cpp:324:11:324:14 | data |
70+
| test3.cpp:308:58:308:66 | password2 | test3.cpp:325:11:325:14 | data |
71+
| test3.cpp:313:11:313:19 | password1 | test3.cpp:278:20:278:23 | data |
72+
| test3.cpp:313:11:313:19 | password1 | test3.cpp:313:11:313:19 | ref arg password1 |
73+
| test3.cpp:313:11:313:19 | ref arg password1 | test3.cpp:314:11:314:19 | password1 |
74+
| test3.cpp:314:11:314:19 | password1 | test3.cpp:283:20:283:23 | data |
75+
| test3.cpp:316:11:316:19 | password1 | test3.cpp:283:20:283:23 | data |
76+
| test3.cpp:316:11:316:19 | password1 | test3.cpp:316:11:316:19 | ref arg password1 |
77+
| test3.cpp:316:11:316:19 | ref arg password1 | test3.cpp:317:11:317:19 | password1 |
78+
| test3.cpp:317:11:317:19 | password1 | test3.cpp:288:20:288:23 | data |
9079
| test3.cpp:324:11:324:14 | data | test3.cpp:293:20:293:23 | data |
9180
| test3.cpp:324:11:324:14 | data | test3.cpp:324:11:324:14 | ref arg data |
9281
| test3.cpp:324:11:324:14 | ref arg data | test3.cpp:325:11:325:14 | data |
@@ -181,24 +170,22 @@ nodes
181170
| test3.cpp:283:20:283:23 | data | semmle.label | data |
182171
| test3.cpp:285:14:285:17 | data | semmle.label | data |
183172
| test3.cpp:288:20:288:23 | data | semmle.label | data |
184-
| test3.cpp:288:20:288:23 | data | semmle.label | data |
185173
| test3.cpp:290:14:290:17 | data | semmle.label | data |
186174
| test3.cpp:293:20:293:23 | data | semmle.label | data |
187175
| test3.cpp:293:20:293:23 | data | semmle.label | data |
188176
| test3.cpp:295:14:295:17 | data | semmle.label | data |
189177
| test3.cpp:298:20:298:23 | data | semmle.label | data |
190178
| test3.cpp:300:14:300:17 | data | semmle.label | data |
191-
| test3.cpp:308:41:308:48 | password | semmle.label | password |
179+
| test3.cpp:308:41:308:49 | password1 | semmle.label | password1 |
180+
| test3.cpp:308:58:308:66 | password2 | semmle.label | password2 |
192181
| test3.cpp:312:3:312:17 | call to encrypt_inplace | semmle.label | call to encrypt_inplace |
193-
| test3.cpp:312:19:312:26 | password | semmle.label | password |
194-
| test3.cpp:313:11:313:18 | password | semmle.label | password |
195-
| test3.cpp:313:11:313:18 | ref arg password | semmle.label | ref arg password |
196-
| test3.cpp:314:11:314:18 | password | semmle.label | password |
197-
| test3.cpp:314:11:314:18 | ref arg password | semmle.label | ref arg password |
198-
| test3.cpp:316:11:316:18 | password | semmle.label | password |
199-
| test3.cpp:316:11:316:18 | ref arg password | semmle.label | ref arg password |
200-
| test3.cpp:317:11:317:18 | password | semmle.label | password |
201-
| test3.cpp:317:11:317:18 | ref arg password | semmle.label | ref arg password |
182+
| test3.cpp:312:19:312:27 | password1 | semmle.label | password1 |
183+
| test3.cpp:313:11:313:19 | password1 | semmle.label | password1 |
184+
| test3.cpp:313:11:313:19 | ref arg password1 | semmle.label | ref arg password1 |
185+
| test3.cpp:314:11:314:19 | password1 | semmle.label | password1 |
186+
| test3.cpp:316:11:316:19 | password1 | semmle.label | password1 |
187+
| test3.cpp:316:11:316:19 | ref arg password1 | semmle.label | ref arg password1 |
188+
| test3.cpp:317:11:317:19 | password1 | semmle.label | password1 |
202189
| test3.cpp:324:11:324:14 | data | semmle.label | data |
203190
| test3.cpp:324:11:324:14 | ref arg data | semmle.label | ref arg data |
204191
| test3.cpp:325:11:325:14 | data | semmle.label | data |
@@ -216,10 +203,8 @@ nodes
216203
| test.cpp:76:29:76:39 | thePassword | semmle.label | thePassword |
217204
subpaths
218205
| test3.cpp:138:24:138:32 | password1 | test3.cpp:117:28:117:33 | buffer | test3.cpp:119:9:119:14 | buffer | test3.cpp:138:21:138:22 | call to id |
219-
| test3.cpp:313:11:313:18 | password | test3.cpp:278:20:278:23 | data | test3.cpp:278:20:278:23 | data | test3.cpp:313:11:313:18 | ref arg password |
220-
| test3.cpp:314:11:314:18 | password | test3.cpp:283:20:283:23 | data | test3.cpp:283:20:283:23 | data | test3.cpp:314:11:314:18 | ref arg password |
221-
| test3.cpp:316:11:316:18 | password | test3.cpp:283:20:283:23 | data | test3.cpp:283:20:283:23 | data | test3.cpp:316:11:316:18 | ref arg password |
222-
| test3.cpp:317:11:317:18 | password | test3.cpp:288:20:288:23 | data | test3.cpp:288:20:288:23 | data | test3.cpp:317:11:317:18 | ref arg password |
206+
| test3.cpp:313:11:313:19 | password1 | test3.cpp:278:20:278:23 | data | test3.cpp:278:20:278:23 | data | test3.cpp:313:11:313:19 | ref arg password1 |
207+
| test3.cpp:316:11:316:19 | password1 | test3.cpp:283:20:283:23 | data | test3.cpp:283:20:283:23 | data | test3.cpp:316:11:316:19 | ref arg password1 |
223208
| test3.cpp:324:11:324:14 | data | test3.cpp:293:20:293:23 | data | test3.cpp:293:20:293:23 | data | test3.cpp:324:11:324:14 | ref arg data |
224209
#select
225210
| test3.cpp:22:3:22:6 | call to send | test3.cpp:17:28:17:36 | password1 | test3.cpp:22:15:22:23 | password1 | This operation transmits 'password1', which may contain unencrypted sensitive data from $@ | test3.cpp:17:28:17:36 | password1 | password1 |
@@ -238,4 +223,6 @@ subpaths
238223
| test3.cpp:241:2:241:6 | call to fgets | test3.cpp:239:7:239:14 | password | test3.cpp:241:8:241:15 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@ | test3.cpp:239:7:239:14 | password | password |
239224
| test3.cpp:242:2:242:6 | call to fgets | test3.cpp:239:7:239:14 | password | test3.cpp:242:8:242:15 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@ | test3.cpp:239:7:239:14 | password | password |
240225
| test3.cpp:272:3:272:6 | call to send | test3.cpp:268:19:268:26 | password | test3.cpp:272:15:272:18 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@ | test3.cpp:268:19:268:26 | password | password |
226+
| test3.cpp:295:2:295:5 | call to send | test3.cpp:308:58:308:66 | password2 | test3.cpp:295:14:295:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@ | test3.cpp:308:58:308:66 | password2 | password2 |
227+
| test3.cpp:300:2:300:5 | call to send | test3.cpp:308:58:308:66 | password2 | test3.cpp:300:14:300:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@ | test3.cpp:308:58:308:66 | password2 | password2 |
241228
| test3.cpp:341:4:341:7 | call to recv | test3.cpp:339:9:339:16 | password | test3.cpp:341:16:341:23 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@ | test3.cpp:339:9:339:16 | password | password |

cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test3.cpp

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -292,34 +292,34 @@ void target3(char *data)
292292

293293
void target4(char *data)
294294
{
295-
send(val(), data, strlen(data), val()); // BAD: data is a plaintext password [NOT DETECTED]
295+
send(val(), data, strlen(data), val()); // BAD: data is a plaintext password
296296
}
297297

298298
void target5(char *data)
299299
{
300-
send(val(), data, strlen(data), val()); // BAD: from one source this is a plaintext password [NOT DETECTED]
300+
send(val(), data, strlen(data), val()); // BAD: from one source this is a plaintext password
301301
}
302302

303303
void target6(char *data)
304304
{
305305
send(val(), data, strlen(data), val()); // GOOD: not a password
306306
}
307307

308-
void test_multiple_sources_source(char *password)
308+
void test_multiple_sources_source(char *password1, char *password2)
309309
{
310310
if (cond())
311311
{
312-
encrypt_inplace(password);
313-
target1(password);
314-
target2(password);
312+
encrypt_inplace(password1);
313+
target1(password1);
314+
target2(password1);
315315
} else {
316-
target2(password);
317-
target3(password);
316+
target2(password1);
317+
target3(password1);
318318
}
319319

320320
if (cond())
321321
{
322-
char *data = password;
322+
char *data = password2;
323323

324324
target4(data);
325325
target5(data);

0 commit comments

Comments
 (0)