C++: Support various functions / variants.

geoffw0 · geoffw0 · commit 3ba9e806357a · 2021-09-13T09:50:03.000+01:00
diff --git a/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql b/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
@@ -33,7 +33,10 @@ abstract class NetworkSendRecv extends FunctionCall {
  * note: functions such as `read` may be reading from a network source or a file. We could attempt to determine which, and sort results into `cpp/cleartext-transmission` and perhaps `cpp/cleartext-storage-file`. In practice it probably isn't very important which query reports a result as long as its reported exactly once.
  */
 class NetworkSend extends NetworkSendRecv {
-  NetworkSend() { this.getTarget().hasGlobalName("send") }
+  NetworkSend() {
+    this.getTarget()
+        .hasGlobalName(["send", "sendto", "sendmsg", "write", "writev", "pwritev", "pwritev2"])
+  }
 
   override Expr getDataExpr() { result = this.getArgument(1) }
 }
@@ -42,7 +45,12 @@ class NetworkSend extends NetworkSendRecv {
  * A function call that receives data over a network.
  */
 class NetworkRecv extends NetworkSendRecv {
-  NetworkRecv() { this.getTarget().hasGlobalName("recv") }
+  NetworkRecv() {
+    this.getTarget()
+        .hasGlobalName([
+            "recv", "recvfrom", "recvmsg", "read", "pread", "readv", "preadv", "preadv2"
+          ])
+  }
 
   override Expr getDataExpr() { result = this.getArgument(1) }
 }
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
@@ -4,3 +4,5 @@
 | test3.cpp:49:3:49:6 | call to recv | test3.cpp:49:15:49:22 | password |
 | test3.cpp:70:3:70:6 | call to send | test3.cpp:68:21:68:29 | password1 |
 | test3.cpp:77:3:77:6 | call to recv | test3.cpp:75:15:75:22 | password |
+| test3.cpp:95:3:95:6 | call to read | test3.cpp:95:12:95:19 | password |
+| test3.cpp:102:3:102:6 | call to read | test3.cpp:102:12:102:19 | password |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test3.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test3.cpp
@@ -92,14 +92,14 @@ void test_read()
 		char password[256];
 		int fd = val();
 
-		read(fd, password, 256); // BAD: `password` is received plaintext [NOT DETECTED]
+		read(fd, password, 256); // BAD: `password` is received plaintext
 	}
 
 	{
 		char password[256];
 		int fd = STDIN_FILENO;
 
-		read(fd, password, 256); // GOOD: `password` is received from stdin, not a network socket
+		read(fd, password, 256); // GOOD: `password` is received from stdin, not a network socket [FALSE POSITIVE]
 	}
 }
 

Original file line number	Diff line number	Diff line change
`@@ -92,14 +92,14 @@ void test_read()`
`92`	`92`	`char password[256];`
`93`	`93`	`int fd = val();`
`94`	`94`
`95`		- read(fd, password, 256); // BAD: `password` is received plaintext [NOT DETECTED]
	`95`	+ read(fd, password, 256); // BAD: `password` is received plaintext
`96`	`96`	`}`
`97`	`97`
`98`	`98`	`{`
`99`	`99`	`char password[256];`
`100`	`100`	`int fd = STDIN_FILENO;`
`101`	`101`
`102`		- read(fd, password, 256); // GOOD: `password` is received from stdin, not a network socket
	`102`	+ read(fd, password, 256); // GOOD: `password` is received from stdin, not a network socket [FALSE POSITIVE]
`103`	`103`	`}`
`104`	`104`	`}`
`105`	`105`