C++: Add a test case with a template class.

Author: geoffw0

cpp/ql/test/query-tests/Security/CWE/CWE-327/BrokenCryptoAlgorithm.expected

@@ -8,6 +8,10 @@
 | test2.cpp:49:4:49:24 | call to my_des_implementation | This file makes use of a broken or weak cryptographic algorithm (specified by $@). | test2.cpp:185:38:185:44 | USE_DES | access of enum constant USE_DES |
 | test2.cpp:49:4:49:24 | call to my_des_implementation | This file makes use of a broken or weak cryptographic algorithm (specified by $@). | test2.cpp:238:2:238:20 | call to encrypt | call to encrypt |
 | test2.cpp:49:4:49:24 | call to my_des_implementation | This file makes use of a broken or weak cryptographic algorithm (specified by $@). | test2.cpp:245:5:245:11 | call to encrypt | call to encrypt |
+| test2.cpp:49:4:49:24 | call to my_des_implementation | This file makes use of a broken or weak cryptographic algorithm (specified by $@). | test2.cpp:279:9:279:15 | call to desEncryptor | call to desEncryptor |
+| test2.cpp:49:4:49:24 | call to my_des_implementation | This file makes use of a broken or weak cryptographic algorithm (specified by $@). | test2.cpp:300:20:300:37 | call to desEncryptor | call to desEncryptor |
+| test2.cpp:49:4:49:24 | call to my_des_implementation | This file makes use of a broken or weak cryptographic algorithm (specified by $@). | test2.cpp:304:5:304:19 | call to doDesEncryption | call to doDesEncryption |
+| test2.cpp:49:4:49:24 | call to my_des_implementation | This file makes use of a broken or weak cryptographic algorithm (specified by $@). | test2.cpp:305:9:305:23 | call to doDesEncryption | call to doDesEncryption |
 | test.cpp:38:2:38:31 | ENCRYPT_WITH_DES(data,amount) | This file makes use of a broken or weak cryptographic algorithm (specified by $@). | test.cpp:38:2:38:31 | ENCRYPT_WITH_DES(data,amount) | invocation of macro ENCRYPT_WITH_DES |
 | test.cpp:38:2:38:31 | ENCRYPT_WITH_DES(data,amount) | This file makes use of a broken or weak cryptographic algorithm (specified by $@). | test.cpp:39:2:39:31 | ENCRYPT_WITH_RC2(data,amount) | invocation of macro ENCRYPT_WITH_RC2 |
 | test.cpp:38:2:38:31 | ENCRYPT_WITH_DES(data,amount) | This file makes use of a broken or weak cryptographic algorithm (specified by $@). | test.cpp:41:2:41:32 | ENCRYPT_WITH_3DES(data,amount) | invocation of macro ENCRYPT_WITH_3DES |

cpp/ql/test/query-tests/Security/CWE/CWE-327/test2.cpp

@@ -260,3 +260,48 @@ void do_fn_ptr(char *data, size_t amount, keytype key)
 	impl = &my_aes_implementation; // GOOD
 	impl(data, amount, key);
 }
+
+// --- template classes ---
+
+class desEncryptor
+{
+public:
+	desEncryptor();
+
+	void doDesEncryption(char *data);
+};
+
+template <class C>
+class container
+{
+public:
+	container() {
+		obj = new C(); // GOOD [FALSE POSITIVE]
+	}
+
+	~container() {
+		delete obj;
+	}
+
+	C *obj;
+};
+
+template <class C>
+class templateDesEncryptor
+{
+public:
+	templateDesEncryptor();
+
+	void doDesEncryption(C &data);
+};
+
+void do_template_classes(char *data)
+{
+	desEncryptor *p = new desEncryptor(); // BAD
+	container<desEncryptor> c; // BAD [NOT DETECTED]
+	templateDesEncryptor<char *> t; // BAD [NOT DETECTED]
+
+	p->doDesEncryption(data); // BAD
+	c.obj->doDesEncryption(data); // BAD
+	t.doDesEncryption(data); // BAD [NOT DETECTED]
+}