C++: Add more test cases.

geoffw0 · geoffw0 · commit 965d131b5a6a · 2023-12-05T17:59:26.000Z
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1240/CustomCryptographicPrimitive.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1240/CustomCryptographicPrimitive.expected
@@ -1,3 +1,4 @@
+| library/tests_library.h:4:6:4:19 | do_aes_encrypt | This function, "do_aes_encrypt", may be a custom implementation of a cryptographic primitive. |
 | tests_crypto.cpp:11:6:11:18 | encryptString | This function, "encryptString", may be a custom implementation of a cryptographic primitive. |
 | tests_crypto.cpp:30:6:30:14 | MyEncrypt | This function, "MyEncrypt", may be a custom implementation of a cryptographic primitive. |
 | tests_crypto.cpp:83:6:83:18 | init_aes_sbox | This function, "init_aes_sbox", may be a custom implementation of a cryptographic primitive. |
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1240/library/tests_library.h b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1240/library/tests_library.h
@@ -0,0 +1,6 @@
+// Cryptography 'library' snippets.  Nothing in this file should be flagged by the query, because
+// it's in a library.
+
+void do_aes_encrypt(unsigned int *v) {
+	COMPUTE(v)
+}
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1240/tests_not_crypto.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1240/tests_not_crypto.cpp
@@ -21,8 +21,23 @@ namespace std
 	extern ostream cout;
 }
 
+// this macro expands to some compute operations that look a bit like cryptography
+#define COMPUTE(v) \
+	v[0] ^= v[1] ^ v[2] ^ v[3] ^ v[4]; \
+	v[1] ^= v[2] ^ v[3] ^ v[4] ^ v[5]; \
+	v[2] ^= v[3] ^ v[4] ^ v[5] ^ v[6]; \
+	v[3] ^= v[4] ^ v[5] ^ v[6] ^ v[7];
+
 // ---
 
+#include "library/tests_library.h"
+
+bool isEnabledAes() {
+	// This function has "Aes" in it's name, but does not contain enough compute to
+	// be an encryption implementation.
+	return false;
+}
+
 uint32_t lookup[256];
 
 uint8_t computeCRC32(const uint8_t *data, size_t dataLen) {
@@ -79,13 +94,6 @@ void output_encrypt_decrypt_algorithms() {
 	std::cout << indent << "Chacha (" << yes_no_setting() << ")\n";
 }
 
-// this macro expands to some compute operations that look a bit like cryptography
-#define COMPUTE(v) \
-	v[0] ^= v[1] ^ v[2] ^ v[3] ^ v[4]; \
-	v[1] ^= v[2] ^ v[3] ^ v[4] ^ v[5]; \
-	v[2] ^= v[3] ^ v[4] ^ v[5] ^ v[6]; \
-	v[3] ^= v[4] ^ v[5] ^ v[6] ^ v[7];
-
 void wideStringCharsAt(int *v) {
 	// This function has "des" and "rsa" in the name.
 	COMPUTE(v)
