mirror of
https://github.com/github/codeql.git
synced 2026-04-27 17:55:19 +02:00
Crypto: Code scanning warning corrections.
This commit is contained in:
REDMOND\brodes
@@ -1,69 +0,0 @@
|
||||
/**
|
||||
* In OpenSSL, flow between 'context' parameters is often used to
|
||||
* store state/config of how an operation will eventually be performed.
|
||||
* Tracing algorithms and configurations to operations therefore
|
||||
* requires tracing context parameters for many OpenSSL apis.
|
||||
*
|
||||
* This library provides a dataflow analysis to track context parameters
|
||||
* between any two functions accepting openssl context parameters.
|
||||
* The dataflow takes into consideration flowing through duplication and copy calls
|
||||
* as well as flow through flow killers (free/reset calls).
|
||||
*
|
||||
* TODO: we may need to revisit 'free' as a dataflow killer, depending on how
|
||||
* we want to model use after frees.
|
||||
*
|
||||
* This library also provides classes to represent context Types and relevant
|
||||
* arguments/expressions.
|
||||
*/
|
||||
|
||||
import semmle.code.cpp.dataflow.new.DataFlow
|
||||
|
||||
/**
|
||||
* An openSSL CTX type, which is type for which the stripped underlying type
|
||||
* matches the pattern 'evp_%ctx_%st'.
|
||||
* This includes types like:
|
||||
* - EVP_CIPHER_CTX
|
||||
* - EVP_MD_CTX
|
||||
* - EVP_PKEY_CTX
|
||||
*/
|
||||
class CtxType extends Type {
|
||||
CtxType() {
|
||||
// It is possible for users to use the underlying type of the CTX variables
|
||||
// these have a name matching 'evp_%ctx_%st
|
||||
this.getUnspecifiedType().stripType().getName().matches("evp_%ctx_%st")
|
||||
or
|
||||
// In principal the above check should be sufficient, but in case of build mode none issues
|
||||
// i.e., if a typedef cannot be resolved,
|
||||
// or issues with properly stubbing test cases, we also explicitly check for the wrapping type defs
|
||||
// i.e., patterns matching 'EVP_%_CTX'
|
||||
exists(Type base | base = this or base = this.(DerivedType).getBaseType() |
|
||||
base.getName().matches("EVP_%_CTX")
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A pointer to a CtxType
|
||||
*/
|
||||
class CtxPointerExpr extends Expr {
|
||||
CtxPointerExpr() {
|
||||
this.getType() instanceof CtxType and
|
||||
this.getType() instanceof PointerType
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A call argument of type CtxPointerExpr.
|
||||
*/
|
||||
class CtxPointerArgument extends CtxPointerExpr {
|
||||
CtxPointerArgument() { exists(Call c | c.getAnArgument() = this) }
|
||||
|
||||
Call getCall() { result.getAnArgument() = this }
|
||||
}
|
||||
|
||||
/**
|
||||
* A call returning a CtxPointerExpr.
|
||||
*/
|
||||
private class CtxPointerReturn extends CtxPointerExpr instanceof Call {
|
||||
Call getCall() { result = this }
|
||||
}
|
||||
@@ -154,8 +154,7 @@ class EvpCipherUpdateCall extends OperationStep {
|
||||
}
|
||||
|
||||
/**
|
||||
* see: https://docs.openssl.org/master/man3/EVP_EncryptInit/#synopsis
|
||||
* Base configuration for all EVP cipher operations.
|
||||
* A base configuration for all EVP cipher operations.
|
||||
*/
|
||||
abstract class EvpCipherOperationFinalStep extends OperationStep {
|
||||
override DataFlow::Node getInput(IOType type) {
|
||||
|
||||
@@ -56,7 +56,7 @@ class EvpDigestUpdateCall extends OperationStep {
|
||||
/**
|
||||
* A base class for final digest operations.
|
||||
*/
|
||||
abstract class EVPFinalDigestOperationStep extends OperationStep {
|
||||
abstract class EvpFinalDigestOperationStep extends OperationStep {
|
||||
override OperationStepType getStepType() { result = FinalStep() }
|
||||
}
|
||||
|
||||
@@ -64,7 +64,7 @@ abstract class EVPFinalDigestOperationStep extends OperationStep {
|
||||
* A call to `EVP_Q_digest`
|
||||
* https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis
|
||||
*/
|
||||
class EvpQDigestOperation extends EVPFinalDigestOperationStep {
|
||||
class EvpQDigestOperation extends EvpFinalDigestOperationStep {
|
||||
EvpQDigestOperation() { this.(Call).getTarget().getName() = "EVP_Q_digest" }
|
||||
|
||||
override DataFlow::Node getInput(IOType type) {
|
||||
@@ -83,7 +83,7 @@ class EvpQDigestOperation extends EVPFinalDigestOperationStep {
|
||||
}
|
||||
}
|
||||
|
||||
class EvpDigestOperation extends EVPFinalDigestOperationStep {
|
||||
class EvpDigestOperation extends EvpFinalDigestOperationStep {
|
||||
EvpDigestOperation() { this.(Call).getTarget().getName() = "EVP_Digest" }
|
||||
|
||||
override DataFlow::Node getInput(IOType type) {
|
||||
@@ -100,7 +100,7 @@ class EvpDigestOperation extends EVPFinalDigestOperationStep {
|
||||
/**
|
||||
* A call to EVP_DigestFinal variants
|
||||
*/
|
||||
class EvpDigestFinalCall extends EVPFinalDigestOperationStep {
|
||||
class EvpDigestFinalCall extends EvpFinalDigestOperationStep {
|
||||
EvpDigestFinalCall() {
|
||||
this.(Call).getTarget().getName() in [
|
||||
"EVP_DigestFinal", "EVP_DigestFinal_ex", "EVP_DigestFinalXOF"
|
||||
@@ -122,7 +122,7 @@ class EvpDigestFinalCall extends EVPFinalDigestOperationStep {
|
||||
/**
|
||||
* An openssl digest final hash operation instance
|
||||
*/
|
||||
class EvpDigestFinalOperationInstance extends Crypto::HashOperationInstance instanceof EVPFinalDigestOperationStep
|
||||
class EvpDigestFinalOperationInstance extends Crypto::HashOperationInstance instanceof EvpFinalDigestOperationStep
|
||||
{
|
||||
override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() {
|
||||
super.getPrimaryAlgorithmValueConsumer() = result
|
||||
|
||||
@@ -6,8 +6,6 @@ import semmle.code.cpp.dataflow.new.DataFlow
|
||||
// even if only importing the operation by itself.
|
||||
import EVPPKeyCtxInitializer
|
||||
|
||||
//TODO: this needs to just be ctx type definitions
|
||||
// private import experimental.quantum.OpenSSL.CtxTypes
|
||||
/**
|
||||
* An openSSL CTX type, which is type for which the stripped underlying type
|
||||
* matches the pattern 'evp_%ctx_%st'.
|
||||
@@ -51,13 +49,6 @@ class CtxPointerArgument extends CtxPointerExpr {
|
||||
Call getCall() { result.getAnArgument() = this }
|
||||
}
|
||||
|
||||
/**
|
||||
* A call returning a CtxPointerExpr.
|
||||
*/
|
||||
private class CtxPointerReturn extends CtxPointerExpr instanceof Call {
|
||||
Call getCall() { result = this }
|
||||
}
|
||||
|
||||
/**
|
||||
* The type of inputs and ouputs for an `OperationStep`.
|
||||
*/
|
||||
@@ -330,9 +321,6 @@ abstract class OperationStep extends Call {
|
||||
* we will use both cases as primary inputs.
|
||||
*/
|
||||
class AvcContextCreationStep extends OperationStep instanceof OpenSslAlgorithmValueConsumer {
|
||||
DataFlow::Node output;
|
||||
DataFlow::Node input;
|
||||
|
||||
override DataFlow::Node getOutput(IOType type) {
|
||||
type = ContextIO() and result = super.getResultNode()
|
||||
}
|
||||
@@ -477,7 +465,7 @@ module OperationStepFlowConfig implements DataFlow::ConfigSig {
|
||||
// is defined.
|
||||
exists(OperationStep s | s.getAnInput() = node1 and s.getAnOutput() = node2)
|
||||
// TODO: consideration for additional alises defined as follows:
|
||||
// if an output from an operation step itself flows from teh output of another operation step
|
||||
// if an output from an operation step itself flows from the output of another operation step
|
||||
// then the source of that flow's outputs (all of them) are potential aliases
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user