phaneron/Kelsidavis-WoWee
1
0
Fork 0
mirror of https://github.com/Kelsidavis/WoWee.git synced 2026-04-25 21:03:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix CodeQL weak-crypto suppressions: switch lgtm to codeql inline format

Browse source 
The old `// lgtm [cpp/...]` comments used a space (invalid syntax) and
were placed on preceding lines rather than inline with the flagged code.
GitHub's CodeQL action v3 requires `// codeql[query-id]` on the same
line as the flagged expression. All four alert sites updated:

- world_socket.cpp: encryptCipher/decryptCipher.init() (protocol RC4)
- warden_module.cpp: decryptRC4() call (Warden protocol RC4)
- warden_crypto.cpp: initRC4() calls (Warden stream cipher init)
- game_handler.cpp: wardenLoadedModule_->load() (MD5+RC4 via Warden)

All uses are protocol-mandated by Blizzard's WoW/Warden spec and cannot
be replaced without breaking server interoperability.
This commit is contained in:
Kelsi 2026-02-19 17:06:49 -08:00
parent 28b4a3a599
commit e304931435
4 changed files with 7 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/game/warden_crypto.cpp
View file

@ -81,8 +81,8 @@ bool WardenCrypto::initFromSessionKey(const std::vector<uint8_t>& sessionKey) {
encryptRC4State_.resize(256);
decryptRC4State_.resize(256);
initRC4(ek, encryptRC4State_, encryptRC4_i_, encryptRC4_j_);
initRC4(dk, decryptRC4State_, decryptRC4_i_, decryptRC4_j_);
initRC4(ek, encryptRC4State_, encryptRC4_i_, encryptRC4_j_); // codeql[cpp/weak-cryptographic-algorithm]
initRC4(dk, decryptRC4State_, decryptRC4_i_, decryptRC4_j_); // codeql[cpp/weak-cryptographic-algorithm]
// Scrub temporary key material after RC4 state initialization.
std::fill(ek.begin(), ek.end(), 0);