C++: Exclude results in some common libraries.

Author: geoffw0

cpp/ql/src/experimental/Security/CWE/CWE-1240/CustomCryptographicPrimitive.ql

@@ -76,12 +76,34 @@ predicate computeHeuristic(Expr e) {
   computeHeuristicType(e.getUnspecifiedType())
 }
 
+/**
+ * Gets the name of an established cryptography library or likely third party directory.
+ */
+string encryptionLibraryName() {
+  result =
+    [
+      "libssh", "openssl", "boringssl", "mbed", "libsodium", "libsrtp", "third.?party", "library",
+      "deps"
+    ]
+}
+
+/**
+ * Holds if `f` is a file that is likely to be inside an established
+ * cryptography library.
+ */
+predicate isLibrary(File f) {
+  f.getAbsolutePath().regexpMatch("(?i).*(" + concat(encryptionLibraryName(), "|") + ").*")
+  or
+  // assume that any result that would be found outside the source location is in a crypto library
+  not exists(f.getFile().getRelativePath())
+}
+
 from Function f, int amount
 where
   likelyEncryptionFunction(f) and
   amount = strictcount(Expr e | computeHeuristic(e) and e.getEnclosingFunction() = f) and
   amount >= 8 and
-  exists(f.getFile().getRelativePath()) // exclude library files
+  not isLibrary(f.getFile())
 select f,
   "This function, \"" + f.getName() +
     "\", may be a custom implementation of a cryptographic primitive."

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1240/CustomCryptographicPrimitive.expected

@@ -1,4 +1,3 @@
-| library/tests_library.h:4:6:4:19 | do_aes_encrypt | This function, "do_aes_encrypt", may be a custom implementation of a cryptographic primitive. |
 | tests_crypto.cpp:11:6:11:18 | encryptString | This function, "encryptString", may be a custom implementation of a cryptographic primitive. |
 | tests_crypto.cpp:30:6:30:14 | MyEncrypt | This function, "MyEncrypt", may be a custom implementation of a cryptographic primitive. |
 | tests_crypto.cpp:83:6:83:18 | init_aes_sbox | This function, "init_aes_sbox", may be a custom implementation of a cryptographic primitive. |