C++: Add FP in query test.

MathiasVP · MathiasVP · commit e8c18a3883a0 · 2023-10-31T11:17:51.000Z
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/PotentiallyExposedSystemData.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/PotentiallyExposedSystemData.expected
@@ -10,6 +10,8 @@ edges
 | tests.cpp:131:14:131:35 | call to getenv indirection | tests.cpp:107:30:107:32 | msg indirection |
 | tests.cpp:132:14:132:35 | call to getenv indirection | tests.cpp:114:30:114:32 | msg indirection |
 | tests.cpp:133:14:133:35 | call to getenv indirection | tests.cpp:122:30:122:32 | msg indirection |
+| tests.cpp:139:17:139:22 | call to getenv indirection | tests.cpp:141:29:141:34 | secret indirection |
+| tests.cpp:139:17:139:22 | call to getenv indirection | tests.cpp:143:29:143:34 | secret indirection |
 | tests_passwd.cpp:16:8:16:15 | call to getpwnam indirection | tests_passwd.cpp:18:29:18:31 | pwd indirection |
 | tests_passwd.cpp:16:8:16:15 | call to getpwnam indirection | tests_passwd.cpp:19:26:19:28 | pwd indirection |
 nodes
@@ -37,6 +39,9 @@ nodes
 | tests.cpp:132:14:132:35 | call to getenv indirection | semmle.label | call to getenv indirection |
 | tests.cpp:133:14:133:35 | call to getenv indirection | semmle.label | call to getenv indirection |
 | tests.cpp:133:14:133:35 | call to getenv indirection | semmle.label | call to getenv indirection |
+| tests.cpp:139:17:139:22 | call to getenv indirection | semmle.label | call to getenv indirection |
+| tests.cpp:141:29:141:34 | secret indirection | semmle.label | secret indirection |
+| tests.cpp:143:29:143:34 | secret indirection | semmle.label | secret indirection |
 | tests_passwd.cpp:16:8:16:15 | call to getpwnam indirection | semmle.label | call to getpwnam indirection |
 | tests_passwd.cpp:18:29:18:31 | pwd indirection | semmle.label | pwd indirection |
 | tests_passwd.cpp:19:26:19:28 | pwd indirection | semmle.label | pwd indirection |
@@ -56,5 +61,7 @@ subpaths
 | tests.cpp:119:7:119:12 | buffer indirection | tests.cpp:132:14:132:35 | call to getenv indirection | tests.cpp:119:7:119:12 | buffer indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:132:14:132:35 | call to getenv indirection | call to getenv indirection |
 | tests.cpp:124:15:124:17 | msg indirection | tests.cpp:133:14:133:35 | call to getenv indirection | tests.cpp:124:15:124:17 | msg indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:133:14:133:35 | call to getenv indirection | call to getenv indirection |
 | tests.cpp:133:14:133:35 | call to getenv indirection | tests.cpp:133:14:133:35 | call to getenv indirection | tests.cpp:133:14:133:35 | call to getenv indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:133:14:133:35 | call to getenv indirection | call to getenv indirection |
+| tests.cpp:141:29:141:34 | secret indirection | tests.cpp:139:17:139:22 | call to getenv indirection | tests.cpp:141:29:141:34 | secret indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:139:17:139:22 | call to getenv indirection | call to getenv indirection |
+| tests.cpp:143:29:143:34 | secret indirection | tests.cpp:139:17:139:22 | call to getenv indirection | tests.cpp:143:29:143:34 | secret indirection | This operation potentially exposes sensitive system data from $@. | tests.cpp:139:17:139:22 | call to getenv indirection | call to getenv indirection |
 | tests_passwd.cpp:18:29:18:31 | pwd indirection | tests_passwd.cpp:16:8:16:15 | call to getpwnam indirection | tests_passwd.cpp:18:29:18:31 | pwd indirection | This operation potentially exposes sensitive system data from $@. | tests_passwd.cpp:16:8:16:15 | call to getpwnam indirection | call to getpwnam indirection |
 | tests_passwd.cpp:19:26:19:28 | pwd indirection | tests_passwd.cpp:16:8:16:15 | call to getpwnam indirection | tests_passwd.cpp:19:26:19:28 | pwd indirection | This operation potentially exposes sensitive system data from $@. | tests_passwd.cpp:16:8:16:15 | call to getpwnam indirection | call to getpwnam indirection |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/tests.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/tests.cpp
@@ -132,3 +132,13 @@ void test5()
 	myOutputFn4(getenv("SECRET_TOKEN")); // BAD: outputs the SECRET_TOKEN environment variable
 	myOutputFn5(getenv("SECRET_TOKEN")); // BAD: outputs the SECRET_TOKEN environment variable
 }
+
+void RtlZeroMemory(void* dst, size_t len);
+
+void test_clear_memory(char *username) {
+	char* secret = getenv("SECRET_TOKEN");
+
+	printf("%s", secret); // BAD
+	RtlZeroMemory(secret, 1024);
+	printf("%s", secret); // GOOD [FALSE POSITIVE]
+}
