C++: More test cases and correct an existing one.

geoffw0 · geoffw0 · commit 86ee5fea4003 · 2021-07-22T15:47:06.000+01:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextFileWrite.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextFileWrite.expected
@@ -1,8 +1,13 @@
-| test2.cpp:35:2:35:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:35:36:35:43 | password | this source. |
-| test2.cpp:36:2:36:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:36:37:36:45 | thepasswd | this source. |
-| test2.cpp:41:2:41:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:41:41:41:53 | passwd_config | this source. |
-| test2.cpp:45:2:45:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:45:39:45:49 | call to getPassword | this source. |
-| test2.cpp:53:3:53:9 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:50:18:50:25 | password | this source. |
+| test2.cpp:43:2:43:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:43:36:43:43 | password | this source. |
+| test2.cpp:44:2:44:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:44:37:44:45 | thepasswd | this source. |
+| test2.cpp:49:2:49:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:49:41:49:53 | password_path | this source. |
+| test2.cpp:50:2:50:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:50:41:50:53 | passwd_config | this source. |
+| test2.cpp:54:2:54:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:54:41:54:52 | widepassword | this source. |
+| test2.cpp:55:2:55:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:55:40:55:51 | widepassword | this source. |
+| test2.cpp:57:2:57:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:57:39:57:49 | call to getPassword | this source. |
+| test2.cpp:65:3:65:9 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:62:18:62:25 | password | this source. |
+| test2.cpp:79:2:79:8 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:79:36:79:43 | password | this source. |
+| test2.cpp:84:4:84:10 | call to fprintf | This write into file 'log' may contain unencrypted data from $@ | test2.cpp:84:50:84:63 | passwd_config2 | this source. |
 | test.cpp:45:3:45:7 | call to fputs | This write into file 'file' may contain unencrypted data from $@ | test.cpp:45:9:45:19 | thePassword | this source. |
 | test.cpp:70:35:70:35 | call to operator<< | This write into file 'mystream' may contain unencrypted data from $@ | test.cpp:70:38:70:48 | thePassword | this source. |
 | test.cpp:73:37:73:41 | call to write | This write into file 'mystream' may contain unencrypted data from $@ | test.cpp:73:43:73:53 | thePassword | this source. |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test2.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test2.cpp
@@ -1,6 +1,10 @@
 
 #define FILE int
 
+typedef unsigned long size_t;
+
+FILE *fopen(const char *filename, const char *mode);
+int snprintf(char *s, size_t n, const char *format, ...);
 int fprintf(FILE *stream, const char *format, ...);
 char *strcpy(char *s1, const char *s2);
 
@@ -12,18 +16,22 @@ struct myStruct
 	char *password;
 	char *thepasswd;
 	char *accountkey;
+	wchar_t *widepassword;
 
 	// encrypted
 	char password_hash[64];
 	char *encrypted_passwd;
 
 	// not sensitive
 	char *password_file;
+	char *password_path;
 	int num_passwords;
+	int *password_tries;
 	bool have_passwd;
 
 	// dubious
 	char *passwd_config;
+	char *passwd_config2;
 };
 
 char *getPassword();
@@ -38,12 +46,16 @@ void tests(FILE *log, myStruct &s)
 	fprintf(log, "password_hash = %s\n", s.password_hash); // GOOD
 	fprintf(log, "encrypted_passwd = %s\n", s.encrypted_passwd); // GOOD
 	fprintf(log, "password_file = %s\n", s.password_file); // GOOD
+	fprintf(log, "password_path = %s\n", s.password_path); // GOOD [FALSE POSITIVE]
 	fprintf(log, "passwd_config = %s\n", s.passwd_config); // DUBIOUS [REPORTED]
 	fprintf(log, "num_passwords = %i\n", s.num_passwords); // GOOD
+	fprintf(log, "password_tries = %i\n", *(s.password_tries)); // GOOD
 	fprintf(log, "have_passwd = %i\n", s.have_passwd); // GOOD
+	fprintf(log, "widepassword = %ls\n", s.widepassword); // BAD
+	fprintf(log, "widepassword = %S\n", s.widepassword); // BAD
 
-	fprintf(log, "getPassword() = %i\n", getPassword()); // BAD
-	fprintf(log, "getPasswordHash() = %i\n", getPasswordHash()); // GOOD
+	fprintf(log, "getPassword() = %s\n", getPassword()); // BAD
+	fprintf(log, "getPasswordHash() = %s\n", getPasswordHash()); // GOOD
 	fprintf(log, "getPasswordMaxChars() = %i\n", getPasswordMaxChars()); // GOOD
 
 	{
@@ -63,4 +75,20 @@ void tests(FILE *log, myStruct &s)
 		strcpy(buf, s.password_hash);
 		fprintf(log, "buf = %s\n", buf); // GOOD
 	}
+
+	fprintf(log, "password = %p\n", s.password); // GOOD [FALSE POSITIVE]
+
+	{
+		if (fopen(s.passwd_config2, "rt") == 0)
+		{
+			fprintf(log, "could not open file '%s'.\n", s.passwd_config2); // GOOD [FALSE POSITIVE]
+		}
+	}
+
+	{
+		char buffer[1024];
+
+		snprintf(buffer, 1024, "password = %s", s.password);
+		fprintf(log, "log: %s", buffer); // BAD [NOT DETECTED]
+	}
 }
