Skip to content

Commit 1d58218

Browse files
geoffw0geoffw0
committed
C++: Exclude 'path'.
1 parent 86ee5fe commit 1d58218

File tree

3 files changed

+3
-3
lines changed

3 files changed

+3
-3
lines changed

cpp/ql/src/semmle/code/cpp/security/SensitiveExprs.qll

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,8 @@ private predicate suspicious(string s) {
1919
not (
2020
s.matches("%hash%") or
2121
s.matches("%crypt%") or
22-
s.matches("%file%")
22+
s.matches("%file%") or
23+
s.matches("%path%")
2324
)
2425
}
2526

cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextFileWrite.expected

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
| test2.cpp:43:2:43:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:43:36:43:43 | password | this source. |
22
| test2.cpp:44:2:44:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:44:37:44:45 | thepasswd | this source. |
3-
| test2.cpp:49:2:49:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:49:41:49:53 | password_path | this source. |
43
| test2.cpp:50:2:50:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:50:41:50:53 | passwd_config | this source. |
54
| test2.cpp:54:2:54:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:54:41:54:52 | widepassword | this source. |
65
| test2.cpp:55:2:55:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:55:40:55:51 | widepassword | this source. |

cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test2.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ void tests(FILE *log, myStruct &s)
4646
fprintf(log, "password_hash = %s\n", s.password_hash); // GOOD
4747
fprintf(log, "encrypted_passwd = %s\n", s.encrypted_passwd); // GOOD
4848
fprintf(log, "password_file = %s\n", s.password_file); // GOOD
49-
fprintf(log, "password_path = %s\n", s.password_path); // GOOD [FALSE POSITIVE]
49+
fprintf(log, "password_path = %s\n", s.password_path); // GOOD
5050
fprintf(log, "passwd_config = %s\n", s.passwd_config); // DUBIOUS [REPORTED]
5151
fprintf(log, "num_passwords = %i\n", s.num_passwords); // GOOD
5252
fprintf(log, "password_tries = %i\n", *(s.password_tries)); // GOOD

0 commit comments

Comments
 (0)