Skip to content

Add CodeQL query to enforce OpenSSL return code handling #1867

Open
#2415
Open
Add CodeQL query to enforce OpenSSL return code handling#1867
#2415
Labels
enhancementNew feature or requestgood first issueIssue for new contributors
@SWilson4

Description

@SWilson4
SWilson4
opened on Jul 26, 2024

To prevent issues similar to #1862.

@trailofbits used the following query to detect #1862:

import  cpp

from  FunctionCall  call, Function f 
where
  f = call.getTarget()  and 
  // function name starts with EVP 
  f.getName().matches(  "EVP%"  )  and 
  // and the function does not return a pointer or void 
  not  f.getType() instanceof PointerType  and 
  not  f.getType() instanceof VoidType  and 
  // and the function is not guarded by the OQS_OPENSSL_GUARD macro 
  not  exists(MacroAccess m | 
    m.getLocation().subsumes(call.getLocation())  and 
    m.getMacroName() =  "OQS_OPENSSL_GUARD" 
  )
select call

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestgood first issueIssue for new contributors

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    liboqs planning
    Status
    Todo

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions