C++: Add support for class methods.

Author: geoffw0

cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql

@@ -19,7 +19,8 @@ import semmle.code.cpp.security.Encryption
 Function getAnInsecureEncryptionFunction() {
   (
     isInsecureEncryption(result.getName()) or
-    isInsecureEncryption(result.getAParameter().getName())
+    isInsecureEncryption(result.getAParameter().getName()) or
+    isInsecureEncryption(result.getDeclaringType().getName())
   ) and
   exists(result.getACallToThisFunction())
 }

cpp/ql/test/query-tests/Security/CWE/CWE-327/BrokenCryptoAlgorithm.expected

@@ -6,6 +6,8 @@
 | test2.cpp:175:28:175:34 | USE_DES | This enum constant access specifies a broken or weak cryptographic algorithm. |
 | test2.cpp:182:38:182:45 | ALGO_DES | This macro invocation specifies a broken or weak cryptographic algorithm. |
 | test2.cpp:185:38:185:44 | USE_DES | This enum constant access specifies a broken or weak cryptographic algorithm. |
+| test2.cpp:234:2:234:20 | call to encrypt | This function call specifies a broken or weak cryptographic algorithm. |
+| test2.cpp:239:5:239:11 | call to encrypt | This function call specifies a broken or weak cryptographic algorithm. |
 | test.cpp:38:2:38:31 | ENCRYPT_WITH_DES(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
 | test.cpp:39:2:39:31 | ENCRYPT_WITH_RC2(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
 | test.cpp:51:2:51:32 | DES_DO_ENCRYPTION(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |

cpp/ql/test/query-tests/Security/CWE/CWE-327/test2.cpp

@@ -231,12 +231,12 @@ class aesCipher
 
 void do_classes(const char *data)
 {
-	desEncrypt::encrypt(data); // BAD [NOT DETECTED]
+	desEncrypt::encrypt(data); // BAD
 	aes256Encrypt::encrypt(data); // GOOD
 
 	desCipher dc;
 	aesCipher ac;
-	dc.encrypt(data); // BAD [NOT DETECTED]
+	dc.encrypt(data); // BAD
 	ac.encrypt(data); // GOOD
 }