hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Reimplement EC, MAC, key creation logic + consumer

Browse Source
This commit is contained in:
Nicolas Will
2025-04-15 23:00:12 -04:00
parent b9d0abda63
commit 1958c192ec
4 changed files with 834 additions and 471 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1168
java/ql/lib/experimental/Quantum/JCA.qll
View File

File diff suppressed because it is too large Load Diff

8
java/ql/lib/experimental/Quantum/Language.qll
View File

@@ -100,7 +100,7 @@ class ConstantDataSource extends Crypto::GenericConstantSourceInstance instanceo
// where typical algorithms are specified, but EC specifically means set up a
// default curve container, that will later be specified explicitly (or if not a default)
// curve is used.
this = any(Literal l | l.getValue() != "EC")
this.getValue() != "EC"
}
override DataFlow::Node getOutputNode() { result.asExpr() = this }
@@ -194,6 +194,12 @@ module ArtifactUniversalFlowConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
node1.(AdditionalFlowInputStep).getOutput() = node2
or
exists(MethodCall m |
m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and
node1.asExpr() = m.getQualifier() and
node2.asExpr() = m
)
}
}