C++: Repair funcion call in a function call.

geoffw0 · geoffw0 · commit b5c71fd1d796 · 2021-06-17T14:33:16.000+01:00
diff --git a/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql b/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
@@ -70,9 +70,12 @@ EnumConstant getAdditionalEvidenceEnumConst() { isEncryptionAdditionalEvidence(r
 predicate getInsecureEncryptionEvidence(FunctionCall fc, Element blame, string description) {
   // find use of an insecure algorithm name
   (
-    fc.getTarget() = getAnInsecureEncryptionFunction() and
-    blame = fc and
-    description = "call to " + fc.getTarget().getName()
+    exists(FunctionCall fc2 |
+      fc.getAChild*() = fc2 and
+      fc2.getTarget() = getAnInsecureEncryptionFunction() and
+      blame = fc2 and
+      description = "call to " + fc.getTarget().getName()
+    )
     or
     exists(MacroInvocation mi |
       (
@@ -93,7 +96,10 @@ predicate getInsecureEncryptionEvidence(FunctionCall fc, Element blame, string d
   ) and
   // find additional evidence that this function is related to encryption.
   (
-    fc.getTarget() = getAnAdditionalEvidenceFunction()
+    exists(FunctionCall fc2 |
+      fc.getAChild*() = fc2 and
+      fc2.getTarget() = getAnAdditionalEvidenceFunction()
+    )
     or
     exists(MacroInvocation mi |
       (
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-327/BrokenCryptoAlgorithm.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-327/BrokenCryptoAlgorithm.expected
@@ -10,6 +10,7 @@
 | test2.cpp:49:4:49:24 | call to my_des_implementation | This file makes use of a broken or weak cryptographic algorithm (specified by $@). | test2.cpp:304:20:304:37 | call to desEncryptor | call to desEncryptor |
 | test2.cpp:49:4:49:24 | call to my_des_implementation | This file makes use of a broken or weak cryptographic algorithm (specified by $@). | test2.cpp:308:5:308:19 | call to doDesEncryption | call to doDesEncryption |
 | test2.cpp:49:4:49:24 | call to my_des_implementation | This file makes use of a broken or weak cryptographic algorithm (specified by $@). | test2.cpp:309:9:309:23 | call to doDesEncryption | call to doDesEncryption |
+| test2.cpp:49:4:49:24 | call to my_des_implementation | This file makes use of a broken or weak cryptographic algorithm (specified by $@). | test2.cpp:403:26:403:45 | call to getEncryptionNameDES | call to doEncryption |
 | test.cpp:38:2:38:31 | ENCRYPT_WITH_DES(data,amount) | This file makes use of a broken or weak cryptographic algorithm (specified by $@). | test.cpp:38:2:38:31 | ENCRYPT_WITH_DES(data,amount) | invocation of macro ENCRYPT_WITH_DES |
 | test.cpp:38:2:38:31 | ENCRYPT_WITH_DES(data,amount) | This file makes use of a broken or weak cryptographic algorithm (specified by $@). | test.cpp:39:2:39:31 | ENCRYPT_WITH_RC2(data,amount) | invocation of macro ENCRYPT_WITH_RC2 |
 | test.cpp:38:2:38:31 | ENCRYPT_WITH_DES(data,amount) | This file makes use of a broken or weak cryptographic algorithm (specified by $@). | test.cpp:41:2:41:32 | ENCRYPT_WITH_3DES(data,amount) | invocation of macro ENCRYPT_WITH_3DES |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-327/test2.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-327/test2.cpp
@@ -400,6 +400,6 @@ void doEncryption(char *data, size_t len, const char *algorithmName);
 
 void test_fn_in_fn(char *data, size_t len)
 {
-	doEncryption(data, len, getEncryptionNameDES()); // BAD [NOT DETECTED]
+	doEncryption(data, len, getEncryptionNameDES()); // BAD
 	doEncryption(data, len, getEncryptionNameAES()); // GOOD
 }

Original file line number	Diff line number	Diff line change
`@@ -400,6 +400,6 @@ void doEncryption(char data, size_t len, const char algorithmName);`
`400`	`400`
`401`	`401`	`void test_fn_in_fn(char *data, size_t len)`
`402`	`402`	`{`
`403`		`- doEncryption(data, len, getEncryptionNameDES()); // BAD [NOT DETECTED]`
	`403`	`+ doEncryption(data, len, getEncryptionNameDES()); // BAD`
`404`	`404`	`doEncryption(data, len, getEncryptionNameAES()); // GOOD`
`405`	`405`	`}`