Skip to content

Commit b94ade3

Browse files
geoffw0geoffw0
committed
C++: Improve the regexps.
1 parent 3938198 commit b94ade3

File tree

3 files changed

+6
-4
lines changed

3 files changed

+6
-4
lines changed

cpp/ql/lib/semmle/code/cpp/security/PrivateData.qll

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,13 +21,13 @@ private string privateNames() {
2121
".*(" +
2222
// Inspired by the list on https://cwe.mitre.org/data/definitions/359.html
2323
// Government identifiers, such as Social Security Numbers
24-
"social.*security|" +
24+
"social.?security|" +
2525
// Contact information, such as home addresses and telephone numbers
26-
"postcode|zipcode|telephone|" +
26+
"post.?code|zip.?code|telephone|" +
2727
// Geographic location - where the user is (or was)
2828
"latitude|longitude|" +
2929
// Financial data - such as credit card numbers, salary, bank accounts, and debts
30-
"credit.*card|salary|bank.*account|" +
30+
"credit.?card|salary|bank.?account|" +
3131
// Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc.
3232
"email|mobile|employer|" +
3333
// Health - medical conditions, insurance status, prescription records

cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -226,6 +226,7 @@ nodes
226226
| test3.cpp:507:18:507:39 | social_security_number | semmle.label | social_security_number |
227227
| test3.cpp:508:18:508:33 | socialSecurityNo | semmle.label | socialSecurityNo |
228228
| test3.cpp:509:18:509:29 | homePostCode | semmle.label | homePostCode |
229+
| test3.cpp:510:18:510:28 | my_zip_code | semmle.label | my_zip_code |
229230
| test3.cpp:511:18:511:26 | telephone | semmle.label | telephone |
230231
| test3.cpp:512:18:512:36 | mobile_phone_number | semmle.label | mobile_phone_number |
231232
| test3.cpp:513:18:513:22 | email | semmle.label | email |
@@ -273,6 +274,7 @@ subpaths
273274
| test3.cpp:507:2:507:5 | call to send | test3.cpp:507:18:507:39 | social_security_number | test3.cpp:507:18:507:39 | social_security_number | This operation transmits 'social_security_number', which may contain unencrypted sensitive data from $@ | test3.cpp:507:18:507:39 | social_security_number | social_security_number |
274275
| test3.cpp:508:2:508:5 | call to send | test3.cpp:508:18:508:33 | socialSecurityNo | test3.cpp:508:18:508:33 | socialSecurityNo | This operation transmits 'socialSecurityNo', which may contain unencrypted sensitive data from $@ | test3.cpp:508:18:508:33 | socialSecurityNo | socialSecurityNo |
275276
| test3.cpp:509:2:509:5 | call to send | test3.cpp:509:18:509:29 | homePostCode | test3.cpp:509:18:509:29 | homePostCode | This operation transmits 'homePostCode', which may contain unencrypted sensitive data from $@ | test3.cpp:509:18:509:29 | homePostCode | homePostCode |
277+
| test3.cpp:510:2:510:5 | call to send | test3.cpp:510:18:510:28 | my_zip_code | test3.cpp:510:18:510:28 | my_zip_code | This operation transmits 'my_zip_code', which may contain unencrypted sensitive data from $@ | test3.cpp:510:18:510:28 | my_zip_code | my_zip_code |
276278
| test3.cpp:511:2:511:5 | call to send | test3.cpp:511:18:511:26 | telephone | test3.cpp:511:18:511:26 | telephone | This operation transmits 'telephone', which may contain unencrypted sensitive data from $@ | test3.cpp:511:18:511:26 | telephone | telephone |
277279
| test3.cpp:512:2:512:5 | call to send | test3.cpp:512:18:512:36 | mobile_phone_number | test3.cpp:512:18:512:36 | mobile_phone_number | This operation transmits 'mobile_phone_number', which may contain unencrypted sensitive data from $@ | test3.cpp:512:18:512:36 | mobile_phone_number | mobile_phone_number |
278280
| test3.cpp:513:2:513:5 | call to send | test3.cpp:513:18:513:22 | email | test3.cpp:513:18:513:22 | email | This operation transmits 'email', which may contain unencrypted sensitive data from $@ | test3.cpp:513:18:513:22 | email | email |

cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/test3.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -507,7 +507,7 @@ void tests2(person_info *pi)
507507
send(val(), pi->social_security_number, strlen(pi->social_security_number), val()); // BAD
508508
send(val(), pi->socialSecurityNo, strlen(pi->socialSecurityNo), val()); // BAD
509509
send(val(), pi->homePostCode, strlen(pi->homePostCode), val()); // BAD
510-
send(val(), pi->my_zip_code, strlen(pi->my_zip_code), val()); // BAD [NOT DETECTED]
510+
send(val(), pi->my_zip_code, strlen(pi->my_zip_code), val()); // BAD
511511
send(val(), pi->telephone, strlen(pi->telephone), val()); // BAD
512512
send(val(), pi->mobile_phone_number, strlen(pi->mobile_phone_number), val()); // BAD
513513
send(val(), pi->email, strlen(pi->email), val()); // BAD

0 commit comments

Comments
 (0)