C++: Add CleartextTransmission query.

Author: geoffw0

cpp/ql/src/Security/CWE/CWE-311/CleartextStorage.inc.qhelp

@@ -9,7 +9,7 @@ storage.</p>
 </overview>
 <recommendation>
 
-<p>Ensure that sensitive information is always encrypted before being stored, especially before writing to a file.
+<p>Ensure that sensitive information is always encrypted before being stored or transmitted, especially before writing to a file.
 It may be wise to encrypt information before it is put into a buffer that may be readable in memory.</p>
 
 <p>In general, decrypt sensitive information only at the point where it is necessary for it to be used in

cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.qhelp

@@ -0,0 +1,5 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+<include src="CleartextStorage.inc.qhelp" /></qhelp>

cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql

@@ -0,0 +1,33 @@
+/**
+ * @name Cleartext transmission of sensitive information
+ * @description Transmitting sensitive information across a network in
+ *              cleartext can expose it to an attacker.
+ * @kind problem
+ * @problem.severity warning
+ * @security-severity 7.5 TODO
+ * @precision high
+ * @id cpp/cleartext-transmission
+ * @tags security
+ *       external/cwe/cwe-319
+ */
+
+import cpp
+import semmle.code.cpp.security.SensitiveExprs
+import semmle.code.cpp.security.FileWrite
+import semmle.code.cpp.dataflow.DataFlow
+import semmle.code.cpp.valuenumbering.GlobalValueNumbering
+
+// TODO: network send?
+
+/**
+ * TODO
+ */
+class NetworkRecv extends FunctionCall {
+  NetworkRecv() { this.getTarget().hasGlobalName("recv") }
+
+  Expr getData() { result = this.getArgument(1) }
+}
+
+from NetworkRecv recv, SensitiveExpr e
+where DataFlow::localFlow(DataFlow::exprNode(e), DataFlow::exprNode(recv.(NetworkRecv).getData()))
+select recv, e