C++: In fact it's just not good enough to get additional evidence from the declaring type.

geoffw0 · geoffw0 · commit cdf261b54b10 · 2021-05-18T14:31:19.000+01:00
diff --git a/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql b/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
@@ -31,8 +31,7 @@ Function getAnInsecureEncryptionFunction() {
 Function getAdditionalEvidenceFunction() {
   (
     isEncryptionAdditionalEvidence(result.getName()) or
-    isEncryptionAdditionalEvidence(result.getAParameter().getName()) or
-    isEncryptionAdditionalEvidence(result.getDeclaringType().getName())
+    isEncryptionAdditionalEvidence(result.getAParameter().getName())
   ) and
   exists(result.getACallToThisFunction())
 }
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-327/BrokenCryptoAlgorithm.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-327/BrokenCryptoAlgorithm.expected
@@ -7,9 +7,7 @@
 | test2.cpp:182:38:182:45 | ALGO_DES | This macro invocation specifies a broken or weak cryptographic algorithm. |
 | test2.cpp:185:38:185:44 | USE_DES | This enum constant access specifies a broken or weak cryptographic algorithm. |
 | test2.cpp:238:2:238:20 | call to encrypt | This function call specifies a broken or weak cryptographic algorithm. |
-| test2.cpp:240:2:240:28 | call to doSomethingElse | This function call specifies a broken or weak cryptographic algorithm. |
 | test2.cpp:245:5:245:11 | call to encrypt | This function call specifies a broken or weak cryptographic algorithm. |
-| test2.cpp:247:5:247:19 | call to doSomethingElse | This function call specifies a broken or weak cryptographic algorithm. |
 | test.cpp:38:2:38:31 | ENCRYPT_WITH_DES(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
 | test.cpp:39:2:39:31 | ENCRYPT_WITH_RC2(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
 | test.cpp:41:2:41:32 | ENCRYPT_WITH_3DES(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-327/test2.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-327/test2.cpp
@@ -237,14 +237,14 @@ void do_classes(const char *data)
 {
 	desEncrypt::encrypt(data); // BAD
 	aes256Encrypt::encrypt(data); // GOOD
-	desEncrypt::doSomethingElse(); // GOOD [FALSE POSITIVE]
+	desEncrypt::doSomethingElse(); // GOOD
 	aes256Encrypt::doSomethingElse(); // GOOD
 
 	desCipher dc;
 	aesCipher ac;
 	dc.encrypt(data); // BAD
 	ac.encrypt(data); // GOOD
-	dc.doSomethingElse(); // GOOD [FALSE POSITIVE]
+	dc.doSomethingElse(); // GOOD
 	ac.doSomethingElse(); // GOOD
 }
 

Original file line number	Diff line number	Diff line change
`@@ -31,8 +31,7 @@ Function getAnInsecureEncryptionFunction() {`
`31`	`31`	`Function getAdditionalEvidenceFunction() {`
`32`	`32`	`(`
`33`	`33`	`isEncryptionAdditionalEvidence(result.getName()) or`
`34`		`- isEncryptionAdditionalEvidence(result.getAParameter().getName()) or`
`35`		`- isEncryptionAdditionalEvidence(result.getDeclaringType().getName())`
	`34`	`+ isEncryptionAdditionalEvidence(result.getAParameter().getName())`
`36`	`35`	`) and`
`37`	`36`	`exists(result.getACallToThisFunction())`
`38`	`37`	`}`