C++: Add more test cases.

geoffw0 · geoffw0 · commit 012840e60229 · 2021-05-18T14:26:12.000+01:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-327/BrokenCryptoAlgorithm.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-327/BrokenCryptoAlgorithm.expected
@@ -6,8 +6,10 @@
 | test2.cpp:175:28:175:34 | USE_DES | This enum constant access specifies a broken or weak cryptographic algorithm. |
 | test2.cpp:182:38:182:45 | ALGO_DES | This macro invocation specifies a broken or weak cryptographic algorithm. |
 | test2.cpp:185:38:185:44 | USE_DES | This enum constant access specifies a broken or weak cryptographic algorithm. |
-| test2.cpp:234:2:234:20 | call to encrypt | This function call specifies a broken or weak cryptographic algorithm. |
-| test2.cpp:239:5:239:11 | call to encrypt | This function call specifies a broken or weak cryptographic algorithm. |
+| test2.cpp:238:2:238:20 | call to encrypt | This function call specifies a broken or weak cryptographic algorithm. |
+| test2.cpp:240:2:240:28 | call to doSomethingElse | This function call specifies a broken or weak cryptographic algorithm. |
+| test2.cpp:245:5:245:11 | call to encrypt | This function call specifies a broken or weak cryptographic algorithm. |
+| test2.cpp:247:5:247:19 | call to doSomethingElse | This function call specifies a broken or weak cryptographic algorithm. |
 | test.cpp:38:2:38:31 | ENCRYPT_WITH_DES(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
 | test.cpp:39:2:39:31 | ENCRYPT_WITH_RC2(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
 | test.cpp:41:2:41:32 | ENCRYPT_WITH_3DES(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-327/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-327/test.cpp
@@ -107,3 +107,19 @@ void test_functions(void *data, size_t amount, const char *str)
 	Anodes(1); // GOOD (probably nothing to do with encryption)
 	ConDes(); // GOOD (probably nothing to do with encryption)
 }
+
+// --- macros for functions with no arguments ---
+
+void my_implementation7();
+void my_implementation8();
+
+#define INIT_ENCRYPT_WITH_DES() my_implementation7()
+#define INIT_ENCRYPT_WITH_AES() my_implementation8()
+
+void test_macros2()
+{
+	INIT_ENCRYPT_WITH_DES(); // BAD [NOT DETECTED]
+	INIT_ENCRYPT_WITH_AES(); // GOOD (good algorithm)
+	
+	// ...
+}
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-327/test2.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-327/test2.cpp
@@ -209,35 +209,43 @@ class desEncrypt
 {
 public:
 	static void encrypt(const char *data);
+	static void doSomethingElse();
 };
 
 class aes256Encrypt
 {
 public:
 	static void encrypt(const char *data);
+	static void doSomethingElse();
 };
 
 class desCipher
 {
 public:
 	void encrypt(const char *data);
+	void doSomethingElse();
 };
 
 class aesCipher
 {
 public:
 	void encrypt(const char *data);
+	void doSomethingElse();
 };
 
 void do_classes(const char *data)
 {
 	desEncrypt::encrypt(data); // BAD
 	aes256Encrypt::encrypt(data); // GOOD
+	desEncrypt::doSomethingElse(); // GOOD [FALSE POSITIVE]
+	aes256Encrypt::doSomethingElse(); // GOOD
 
 	desCipher dc;
 	aesCipher ac;
 	dc.encrypt(data); // BAD
 	ac.encrypt(data); // GOOD
+	dc.doSomethingElse(); // GOOD [FALSE POSITIVE]
+	ac.doSomethingElse(); // GOOD
 }
 
 // --- function pointer ---
