Skip to content

Commit bb27200

Browse files
geoffw0geoffw0
committed
C++: More test cases.
1 parent b91914b commit bb27200

1 file changed

Lines changed: 73 additions & 1 deletion

File tree

  • cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests

cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test3.cpp

Lines changed: 73 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ typedef unsigned long size_t;
55
int stdout_fileno = STDOUT_FILENO;
66

77
size_t strlen(const char *s);
8-
8+
int snprintf(char *s, size_t n, const char *format, ...);
99
void send(int fd, const void *buf, size_t bufLen, int d);
1010
void recv(int fd, void *buf, size_t bufLen, int d);
1111
void read(int fd, void *buf, size_t bufLen);
@@ -474,3 +474,75 @@ void test_tty()
474474
recv(f, password, 256, val()); // GOOD: from terminal or stdin
475475
}
476476
}
477+
478+
// ---
479+
480+
struct person_info
481+
{
482+
// sensitive
483+
char *social_security_number;
484+
char *socialSecurityNo;
485+
char *homePostCode;
486+
char *my_zip_code;
487+
char *telephone;
488+
char *mobile_phone_number;
489+
char *email;
490+
char *my_credit_card_number;
491+
char *my_bank_account_no;
492+
char *employerName;
493+
char medical_info[8 * 1024];
494+
char *license_key;
495+
double my_latitude;
496+
double home_longitude;
497+
int newSalary;
498+
499+
// not sensitive
500+
char *license_key_hash;
501+
char *my_zip_file;
502+
};
503+
504+
void tests2(person_info *pi)
505+
{
506+
// direct cases
507+
send(val(), pi->social_security_number, strlen(pi->social_security_number), val()); // BAD [NOT DETECTED]
508+
send(val(), pi->socialSecurityNo, strlen(pi->socialSecurityNo), val()); // BAD [NOT DETECTED]
509+
send(val(), pi->homePostCode, strlen(pi->homePostCode), val()); // BAD [NOT DETECTED]
510+
send(val(), pi->my_zip_code, strlen(pi->my_zip_code), val()); // BAD [NOT DETECTED]
511+
send(val(), pi->telephone, strlen(pi->telephone), val()); // BAD [NOT DETECTED]
512+
send(val(), pi->mobile_phone_number, strlen(pi->mobile_phone_number), val()); // BAD [NOT DETECTED]
513+
send(val(), pi->email, strlen(pi->email), val()); // BAD [NOT DETECTED]
514+
send(val(), pi->my_credit_card_number, strlen(pi->my_credit_card_number), val()); // BAD [NOT DETECTED]
515+
send(val(), pi->my_bank_account_no, strlen(pi->my_bank_account_no), val()); // BAD [NOT DETECTED]
516+
send(val(), pi->employerName, strlen(pi->employerName), val()); // BAD [NOT DETECTED]
517+
send(val(), pi->medical_info, strlen(pi->medical_info), val()); // BAD [NOT DETECTED]
518+
send(val(), pi->license_key, strlen(pi->license_key), val()); // BAD [NOT DETECTED]
519+
send(val(), pi->license_key_hash, strlen(pi->license_key_hash), val()); // GOOD
520+
send(val(), pi->my_zip_file, strlen(pi->my_zip_file), val()); // GOOD
521+
522+
// indirect cases
523+
{
524+
char buffer[1024];
525+
526+
snprintf(buffer, 1024, "lat = %f\n", pi->my_latitude);
527+
send(val(), buffer, strlen(buffer), val()); // BAD [NOT DETECTED]
528+
}
529+
{
530+
char buffer[1024];
531+
532+
snprintf(buffer, 1024, "long = %f\n", pi->home_longitude);
533+
send(val(), buffer, strlen(buffer), val()); // BAD [NOT DETECTED]
534+
}
535+
{
536+
char buffer[1024];
537+
538+
snprintf(buffer, 1024, "salary = %i\n", pi->newSalary);
539+
send(val(), buffer, strlen(buffer), val()); // BAD [NOT DETECTED]
540+
}
541+
{
542+
char buffer[1024];
543+
int sal = pi->newSalary;
544+
545+
snprintf(buffer, 1024, "salary = %i\n", sal);
546+
send(val(), buffer, strlen(buffer), val()); // BAD [NOT DETECTED]
547+
}
548+
}

0 commit comments

Comments
 (0)