From a770bddff07b33a1a77df1ddcba9561cf1e7507a Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 22 Mar 2024 10:46:35 +0100 Subject: [PATCH 1/3] C++: Add precision to `cpp/boost/tls-settings-misconfiguration` and `cpp/boost/use-of-deprecated-hardcoded-security-protocol` Also clean up the names of the queries while here. --- .../src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql | 3 ++- .../Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql b/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql index f20b299da60c..f61cd06888c9 100644 --- a/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql +++ b/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql @@ -1,8 +1,9 @@ /** - * @name Boost_asio TLS Settings Misconfiguration + * @name boost::asio TLS settings misconfiguration * @description Using the TLS or SSLv23 protocol from the boost::asio library, but not disabling deprecated protocols, or disabling minimum-recommended protocols. * @kind problem * @problem.severity error + * @precision medium * @security-severity 7.5 * @id cpp/boost/tls-settings-misconfiguration * @tags security diff --git a/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql b/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql index 4df70695179b..085a46a9d3f1 100644 --- a/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql +++ b/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql @@ -1,8 +1,9 @@ /** - * @name boost::asio Use of deprecated hardcoded Protocol + * @name boost::asio use of deprecated hardcoded protocol * @description Using a deprecated hard-coded protocol using the boost::asio library. * @kind problem * @problem.severity error + * @precision medium * @security-severity 7.5 * @id cpp/boost/use-of-deprecated-hardcoded-security-protocol * @tags security From adfb3c3d500d63b45eb27efe0440331ed1e49af8 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 22 Mar 2024 11:22:11 +0100 Subject: [PATCH 2/3] C++: Simplify `cpp/boost/tls-settings-misconfiguration` --- .../src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql b/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql index f61cd06888c9..f5d1a09d04e9 100644 --- a/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql +++ b/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql @@ -43,10 +43,9 @@ predicate isOptionSet(ConstructorCall cc, int flag, FunctionCall fcSetOptions) { ExistsAnyFlow::flow(source, sink) and f.getACallToThisFunction() = fcSetOptions and contextSetOptions = fcSetOptions.getQualifier() and - forall(Expr optionArgument, Expr optionArgumentSource | + forex(Expr optionArgument | optionArgument = fcSetOptions.getArgument(0) and - BoostorgAsio::SslOptionFlow::flow(DataFlow::exprNode(optionArgumentSource), - DataFlow::exprNode(optionArgument)) + BoostorgAsio::SslOptionFlow::flowTo(DataFlow::exprNode(optionArgument)) | optionArgument.getValue().toInt().bitShiftRight(16).bitAnd(flag) = flag ) From 453cdfa513a4e7a74f20afefe8c73103217eed2b Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 22 Mar 2024 15:51:42 +0100 Subject: [PATCH 3/3] C++: Add change note --- cpp/ql/src/change-notes/2024-03-22-boost-ssl.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 cpp/ql/src/change-notes/2024-03-22-boost-ssl.md diff --git a/cpp/ql/src/change-notes/2024-03-22-boost-ssl.md b/cpp/ql/src/change-notes/2024-03-22-boost-ssl.md new file mode 100644 index 000000000000..d4a4e0a73073 --- /dev/null +++ b/cpp/ql/src/change-notes/2024-03-22-boost-ssl.md @@ -0,0 +1,4 @@ +--- +category: queryMetadata +--- +* `@precision medium` metadata was added to the `cpp/boost/tls-settings-misconfiguration` and `cpp/boost/use-of-deprecated-hardcoded-security-protocol` queries, and these queries are now included in the security-extended suite. The `@name` metadata of these queries were also updated.