C++: More test cases.

geoffw0 · geoffw0 · commit 133953303b6c · 2021-07-13T17:32:08.000+01:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextFileWrite.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextFileWrite.expected
@@ -1,3 +1,9 @@
+| test2.cpp:28:2:28:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:28:36:28:43 | password | this source. |
+| test2.cpp:29:2:29:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:29:37:29:45 | thepasswd | this source. |
+| test2.cpp:30:2:30:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:30:38:30:47 | accountkey | this source. |
+| test2.cpp:31:2:31:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:31:41:31:53 | password_hash | this source. |
+| test2.cpp:33:2:33:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:33:41:33:53 | password_file | this source. |
+| test2.cpp:34:2:34:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:34:41:34:53 | passwd_config | this source. |
 | test.cpp:45:3:45:7 | call to fputs | This write into file 'file' may contain unencrypted data from $@ | test.cpp:45:9:45:19 | thePassword | this source. |
 | test.cpp:70:35:70:35 | call to operator<< | This write into file 'mystream' may contain unencrypted data from $@ | test.cpp:70:38:70:48 | thePassword | this source. |
 | test.cpp:73:37:73:41 | call to write | This write into file 'mystream' may contain unencrypted data from $@ | test.cpp:73:43:73:53 | thePassword | this source. |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test2.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test2.cpp
@@ -0,0 +1,54 @@
+
+#define FILE int
+
+int fprintf(FILE *stream, const char *format, ...);
+char *strcpy(char *s1, const char *s2);
+
+char *crypt(char *input);
+
+struct myStruct
+{
+	// sensitive
+	char *password;
+	char *thepasswd;
+	char *accountkey;
+
+	// encrypted
+	char password_hash[64];
+	char *encrypted_passwd;
+
+	// not sensitive
+	char *password_file;
+	char *passwd_config;
+	
+};
+
+void tests(FILE *log, myStruct &s)
+{
+	fprintf(log, "password = %s\n", s.password); // BAD
+	fprintf(log, "thepasswd = %s\n", s.thepasswd); // BAD
+	fprintf(log, "accountkey = %s\n", s.accountkey); // BAD
+	fprintf(log, "password_hash = %s\n", s.password_hash); // GOOD
+	fprintf(log, "encrypted_passwd = %s\n", s.encrypted_passwd); // GOOD
+	fprintf(log, "password_file = %s\n", s.password_file); // GOOD
+	fprintf(log, "passwd_config = %s\n", s.passwd_config); // GOOD
+
+	{
+		char *cpy1 = s.password;
+		char *cpy2 = crypt(s.password);
+
+		fprintf(log, "cpy1 = %s\n", cpy1); // BAD
+		fprintf(log, "cpy2 = %s\n", cpy2); // GOOD
+	}
+
+	{
+		char buf[1024];
+
+		strcpy(buf, s.password);
+		fprintf(log, "buf = %s\n", buf); // BAD
+		
+		strcpy(buf, s.password_hash);
+		fprintf(log, "buf = %s\n", buf); // GOOD
+	}
+}
+
