hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Crypto: Tweaks to bad crypto ordering queries.

Browse Source
This commit is contained in:
REDMOND\brodes
2025-10-15 14:20:40 -04:00
parent 9a6aac1300
commit 15e266db94
2 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/experimental/quantum/Examples/BadMacOrderDecryptToMac.ql
View File

@@ -23,4 +23,4 @@ where
macOp.getAnInputArtifact().asElement() = sink.getNode().asExpr()
)
select sink, src, sink,
"MAC order potentially wrong: observed decrypt output to MAC implying the MAC is on plaintext, and not a cipher."
"MAC order potentially wrong: observed a potential decrypt operation output to MAC implying the MAC is on plaintext, and not a cipher."

10
java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql
View File

@@ -16,7 +16,13 @@ import experimental.quantum.Language
// might not be known.
// TODO: can we approximate a message source better?
module CommonDataFlowNodeConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { exists(source.asParameter()) }
predicate isSource(DataFlow::Node source) {
exists(source.asParameter())
or
exists(Crypto::GenericSourceNode other |
other.asElement() = CryptoInput::dfn_to_element(source)
)
}
predicate isSink(DataFlow::Node sink) {
sink = any(Crypto::FlowAwareElement other).getInputNode()
@@ -41,7 +47,7 @@ module CommonDataFlowNodeConfig implements DataFlow::ConfigSig {
}
}
module CommonDataFlowNodeFlow = DataFlow::Global<CommonDataFlowNodeConfig>;
module CommonDataFlowNodeFlow = TaintTracking::Global<CommonDataFlowNodeConfig>;
from DataFlow::Node src, DataFlow::Node sink1, DataFlow::Node sink2
where