aws-samples · aastjais · May 6, 2024 · May 6, 2024 · May 6, 2024 · May 15, 2024
diff --git a/cpp/src/detectors/do-not-disable-html-autoescape/compliant.cpp b/cpp/src/detectors/do-not-disable-html-autoescape/compliant.cpp
@@ -0,0 +1,20 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+// {fact rule=do-not-disable-html-autoescape@v1.0 defects=0}
+#include <iostream>
+
+void doNotDisableHtmlAutoEscapeComplaint() {
+	   char* query = getenv("QUERY_STRING");
+	   puts("<p>Query results for ");
+	   // Compliant: Escape HTML characters before adding to a page
+	   char* query_escaped = escape_html(query);
+	   puts(query_escaped);
+	   free(query_escaped);
+
+	   puts("\n<p>\n");
+	   puts(do_search(query));
+	 }
+// {/fact}
diff --git a/cpp/src/detectors/do-not-disable-html-autoescape/non-compliant.cpp b/cpp/src/detectors/do-not-disable-html-autoescape/non-compliant.cpp
@@ -0,0 +1,17 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+// {fact rule=do-not-disable-html-autoescape@v1.0 defects=1}
+#include <iostream>
+
+void doNotDisableHtmlAutoEscapeNoncomplaint() {
+	   char* query = getenv("QUERY_STRING");
+	   puts("<p>Query results for ");
+	   // Noncompliant: Printing out an HTTP parameter with no escaping
+	   puts(query);
+	   puts("\n<p>\n");
+	   puts(do_search(query));
+	 }
+// {/fact}
diff --git a/cpp/src/detectors/improper-restriction-on-memory-buffer/compliant.cpp b/cpp/src/detectors/improper-restriction-on-memory-buffer/compliant.cpp
@@ -0,0 +1,16 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+// {fact rule=improper-restriction-on-memory-buffer@v1.0 defects=0}
+#include <iostream>
+
+ void improperRestrictionOnMemoryBufferCompliant() {
+	     char buffer[20];
+	     const char* data = "ThisIsALongString";
+	     // Compliant: `strncpy` used to prevent buffer overflow
+	     strncpy(buffer, data, sizeof(buffer) - 1);
+	     buffer[sizeof(buffer) - 1] = '\0';  // Null-terminate the string
+	 }    
+// {/fact}
diff --git a/cpp/src/detectors/improper-restriction-on-memory-buffer/non-compliant.cpp b/cpp/src/detectors/improper-restriction-on-memory-buffer/non-compliant.cpp
@@ -0,0 +1,15 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+// {fact rule=improper-restriction-on-memory-buffer@v1.0 defects=1}
+#include <iostream>
+
+ void improperRestrictionOnMemoryBufferNoncompliant() {
+	     char buffer[10];
+	     const char* data = "ThisIsALongString";
+	     // Noncompliant: Buffer overflow may occur no size check
+	     strcpy(buffer, data);
+	 }	    
+// {/fact}
diff --git a/cpp/src/detectors/insecure-cryptography/compliant.cpp b/cpp/src/detectors/insecure-cryptography/compliant.cpp
@@ -0,0 +1,16 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+// {fact rule=insecure-cryptography@v1.0 defects=0}
+#include <iostream>
+
+ void insecureCryptographyCompliant1(EVP_PKEY_CTX *ctx)
+	 {
+
+	     // Compliant: 2048 bits for an RSA key
+	     EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048);
+
+	 }
+// {/fact}
diff --git a/cpp/src/detectors/insecure-cryptography/non-compliant.cpp b/cpp/src/detectors/insecure-cryptography/non-compliant.cpp
@@ -0,0 +1,15 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+// {fact rule=insecure-cryptography@v1.0 defects=1}
+#include <iostream>
+
+ void insecureCryptographyNoncompliant1(EVP_PKEY_CTX *ctx)
+	 {
+
+	     // Noncompliant: only 1024 bits for an RSA key
+	     EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 1024);  
+	 }	    
+// {/fact}