Merge pull request #5101 from NateD-MSFT/patch-1

Robert Marsh · web-flow · commit 649bd03db6f6 · 2021-02-04T16:59:07.000-08:00
Add KeGetCurrentProcessorNumberEx to CWE-457 whitelist
diff --git a/cpp/ql/src/Security/CWE/CWE-457/InitializationFunctions.qll b/cpp/ql/src/Security/CWE/CWE-457/InitializationFunctions.qll
@@ -353,7 +353,9 @@ class InitializationFunction extends Function {
           // Destination range is zeroed out on failure, assuming first two parameters are valid
           "memcpy_s",
           // This zeroes the memory unconditionally
-          "SeCreateAccessState"
+          "SeCreateAccessState",
+          // Argument initialization is optional, but always succeeds
+          "KeGetCurrentProcessorNumberEx"
         ]
     )
   }

Original file line number	Diff line number	Diff line change
`@@ -353,7 +353,9 @@ class InitializationFunction extends Function {`
`353`	`353`	`// Destination range is zeroed out on failure, assuming first two parameters are valid`
`354`	`354`	`"memcpy_s",`
`355`	`355`	`// This zeroes the memory unconditionally`
`356`		`- "SeCreateAccessState"`
	`356`	`+ "SeCreateAccessState",`
	`357`	`+ // Argument initialization is optional, but always succeeds`
	`358`	`+ "KeGetCurrentProcessorNumberEx"`
`357`	`359`	`]`
`358`	`360`	`)`
`359`	`361`	`}`