+
+void doNotDisableHtmlAutoEscapeComplaint() {
+ char* query = getenv("QUERY_STRING");
+ puts("Query results for ");
+ // Compliant: Escape HTML characters before adding to a page
+ char* query_escaped = escape_html(query);
+ puts(query_escaped);
+ free(query_escaped);
+
+ puts("\n
\n");
+ puts(do_search(query));
+ }
+// {/fact}
\ No newline at end of file
diff --git a/cpp/src/detectors/do-not-disable-html-autoescape/non-compliant.cpp b/cpp/src/detectors/do-not-disable-html-autoescape/non-compliant.cpp
new file mode 100644
index 0000000..081c98d
--- /dev/null
+++ b/cpp/src/detectors/do-not-disable-html-autoescape/non-compliant.cpp
@@ -0,0 +1,17 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+// {fact rule=do-not-disable-html-autoescape@v1.0 defects=1}
+#include
+
+void doNotDisableHtmlAutoEscapeNoncomplaint() {
+ char* query = getenv("QUERY_STRING");
+ puts("Query results for ");
+ // Noncompliant: Printing out an HTTP parameter with no escaping
+ puts(query);
+ puts("\n
\n");
+ puts(do_search(query));
+ }
+// {/fact}
\ No newline at end of file
diff --git a/cpp/src/detectors/improper-restriction-on-memory-buffer/compliant.cpp b/cpp/src/detectors/improper-restriction-on-memory-buffer/compliant.cpp
new file mode 100644
index 0000000..aa69347
--- /dev/null
+++ b/cpp/src/detectors/improper-restriction-on-memory-buffer/compliant.cpp
@@ -0,0 +1,16 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+// {fact rule=improper-restriction-on-memory-buffer@v1.0 defects=0}
+#include
+
+ void improperRestrictionOnMemoryBufferCompliant() {
+ char buffer[20];
+ const char* data = "ThisIsALongString";
+ // Compliant: `strncpy` used to prevent buffer overflow
+ strncpy(buffer, data, sizeof(buffer) - 1);
+ buffer[sizeof(buffer) - 1] = '\0'; // Null-terminate the string
+ }
+// {/fact}
\ No newline at end of file
diff --git a/cpp/src/detectors/improper-restriction-on-memory-buffer/non-compliant.cpp b/cpp/src/detectors/improper-restriction-on-memory-buffer/non-compliant.cpp
new file mode 100644
index 0000000..6aabc66
--- /dev/null
+++ b/cpp/src/detectors/improper-restriction-on-memory-buffer/non-compliant.cpp
@@ -0,0 +1,15 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+// {fact rule=improper-restriction-on-memory-buffer@v1.0 defects=1}
+#include
+
+ void improperRestrictionOnMemoryBufferNoncompliant() {
+ char buffer[10];
+ const char* data = "ThisIsALongString";
+ // Noncompliant: Buffer overflow may occur no size check
+ strcpy(buffer, data);
+ }
+// {/fact}
\ No newline at end of file
diff --git a/cpp/src/detectors/insecure-cryptography/compliant.cpp b/cpp/src/detectors/insecure-cryptography/compliant.cpp
new file mode 100644
index 0000000..d8bbc74
--- /dev/null
+++ b/cpp/src/detectors/insecure-cryptography/compliant.cpp
@@ -0,0 +1,16 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+// {fact rule=insecure-cryptography@v1.0 defects=0}
+#include
+
+ void insecureCryptographyCompliant1(EVP_PKEY_CTX *ctx)
+ {
+
+ // Compliant: 2048 bits for an RSA key
+ EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048);
+
+ }
+// {/fact}
\ No newline at end of file
diff --git a/cpp/src/detectors/insecure-cryptography/non-compliant.cpp b/cpp/src/detectors/insecure-cryptography/non-compliant.cpp
new file mode 100644
index 0000000..f10d552
--- /dev/null
+++ b/cpp/src/detectors/insecure-cryptography/non-compliant.cpp
@@ -0,0 +1,15 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+// {fact rule=insecure-cryptography@v1.0 defects=1}
+#include
+
+ void insecureCryptographyNoncompliant1(EVP_PKEY_CTX *ctx)
+ {
+
+ // Noncompliant: only 1024 bits for an RSA key
+ EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 1024);
+ }
+// {/fact}
\ No newline at end of file