C++: Repair for function call macros.

Author: geoffw0

cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql

@@ -79,7 +79,10 @@ class InsecureFunctionCall extends FunctionCall {
       explain = "function call"
       or
       exists(MacroInvocation mi |
-        mi.getAnExpandedElement() = this.getAnArgument() and
+        (
+          mi.getAnExpandedElement() = this or
+          mi.getAnExpandedElement() = this.getAnArgument()
+        ) and
         mi.getMacro() = getAnInsecureEncryptionMacro() and
         blame = mi and
         explain = "macro invocation"
@@ -97,7 +100,10 @@ class InsecureFunctionCall extends FunctionCall {
       getTarget() = getAdditionalEvidenceFunction()
       or
       exists(MacroInvocation mi |
-        mi.getAnExpandedElement() = this.getAnArgument() and
+        (
+          mi.getAnExpandedElement() = this or
+          mi.getAnExpandedElement() = this.getAnArgument()
+        ) and
         mi.getMacro() = getAdditionalEvidenceMacro()
       )
       or

cpp/ql/test/query-tests/Security/CWE/CWE-327/BrokenCryptoAlgorithm.expected

@@ -24,3 +24,4 @@
 | test.cpp:92:2:92:17 | call to encryptTripleDES | This function call specifies a broken or weak cryptographic algorithm. |
 | test.cpp:101:2:101:15 | call to do_des_encrypt | This function call specifies a broken or weak cryptographic algorithm. |
 | test.cpp:102:2:102:12 | call to DES_Set_Key | This function call specifies a broken or weak cryptographic algorithm. |
+| test.cpp:121:2:121:24 | INIT_ENCRYPT_WITH_DES() | This macro invocation specifies a broken or weak cryptographic algorithm. |

cpp/ql/test/query-tests/Security/CWE/CWE-327/test.cpp

@@ -118,7 +118,7 @@ void my_implementation8();
 
 void test_macros2()
 {
-	INIT_ENCRYPT_WITH_DES(); // BAD [NOT DETECTED]
+	INIT_ENCRYPT_WITH_DES(); // BAD
 	INIT_ENCRYPT_WITH_AES(); // GOOD (good algorithm)
 
 	// ...