From aafa5762ad8b10d8e465fa6e28f977414372b091 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 16 Nov 2021 11:14:45 +0000 Subject: [PATCH 1/3] C++: Add a CWE tag associated with OWASP A8. --- cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql | 1 + 1 file changed, 1 insertion(+) diff --git a/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql b/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql index 40ca61b9d214..0d46312ab47f 100644 --- a/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql +++ b/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql @@ -7,6 +7,7 @@ * @id cpp/non-https-url * @tags security * external/cwe/cwe-319 + * external/cwe/cwe-345 */ import cpp From 5ef71e6ef3ea1929d4250536160e291ba0e30244 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 16 Nov 2021 13:02:56 +0000 Subject: [PATCH 2/3] C++: Add a few more sinks. --- cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql b/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql index 0d46312ab47f..a7a9033290d0 100644 --- a/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql +++ b/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql @@ -62,7 +62,7 @@ class HttpStringToUrlOpenConfig extends TaintTracking::Configuration { // accessed as a URL, for example using it in a network access. Some // URLs are only ever displayed or used for data processing. exists(FunctionCall fc | - fc.getTarget().hasGlobalOrStdName(["system", "gethostbyname", "getaddrinfo"]) and + fc.getTarget().hasGlobalOrStdName(["system", "gethostbyname", "gethostbyname2", "gethostbyname_r", "getaddrinfo", "X509_load_http", "X509_CRL_load_http"]) and sink.asExpr() = fc.getArgument(0) or fc.getTarget().hasGlobalOrStdName(["send", "URLDownloadToFile", "URLDownloadToCacheFile"]) and From ea9640a39d416c2831ca7f548b83e4a42bd863b3 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 16 Nov 2021 14:26:42 +0000 Subject: [PATCH 3/3] C++: Autoformat. --- cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql b/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql index a7a9033290d0..0ae7e12f90e2 100644 --- a/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql +++ b/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql @@ -62,7 +62,11 @@ class HttpStringToUrlOpenConfig extends TaintTracking::Configuration { // accessed as a URL, for example using it in a network access. Some // URLs are only ever displayed or used for data processing. exists(FunctionCall fc | - fc.getTarget().hasGlobalOrStdName(["system", "gethostbyname", "gethostbyname2", "gethostbyname_r", "getaddrinfo", "X509_load_http", "X509_CRL_load_http"]) and + fc.getTarget() + .hasGlobalOrStdName([ + "system", "gethostbyname", "gethostbyname2", "gethostbyname_r", "getaddrinfo", + "X509_load_http", "X509_CRL_load_http" + ]) and sink.asExpr() = fc.getArgument(0) or fc.getTarget().hasGlobalOrStdName(["send", "URLDownloadToFile", "URLDownloadToCacheFile"]) and