From 434c4bca9c72c6e9e33dbbf5a3119646d178c1cd Mon Sep 17 00:00:00 2001
From: Slavomir <gagliardetto@users.noreply.github.com>
Date: Mon, 21 Sep 2020 12:38:13 +0200
Subject: [PATCH] Add taint-tracking for `crypto` package

---
 ql/src/semmle/go/frameworks/Stdlib.qll        |  1 +
 ql/src/semmle/go/frameworks/stdlib/Crypto.qll | 23 +++++++++++++++++++
 .../go/frameworks/StdlibTaintFlow/Crypto.go   | 20 ++++++++++++++++
 3 files changed, 44 insertions(+)
 create mode 100644 ql/src/semmle/go/frameworks/stdlib/Crypto.qll
 create mode 100644 ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Crypto.go

diff --git a/ql/src/semmle/go/frameworks/Stdlib.qll b/ql/src/semmle/go/frameworks/Stdlib.qll
index 44dddef19d5..ae3485b66f4 100644
--- a/ql/src/semmle/go/frameworks/Stdlib.qll
+++ b/ql/src/semmle/go/frameworks/Stdlib.qll
@@ -13,6 +13,7 @@ import semmle.go.frameworks.stdlib.CompressGzip
 import semmle.go.frameworks.stdlib.CompressLzw
 import semmle.go.frameworks.stdlib.CompressZlib
 import semmle.go.frameworks.stdlib.Fmt
+import semmle.go.frameworks.stdlib.Crypto
 import semmle.go.frameworks.stdlib.Mime
 import semmle.go.frameworks.stdlib.MimeMultipart
 import semmle.go.frameworks.stdlib.MimeQuotedprintable
diff --git a/ql/src/semmle/go/frameworks/stdlib/Crypto.qll b/ql/src/semmle/go/frameworks/stdlib/Crypto.qll
new file mode 100644
index 00000000000..0e9650dff2b
--- /dev/null
+++ b/ql/src/semmle/go/frameworks/stdlib/Crypto.qll
@@ -0,0 +1,23 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `crypto` package.
+ */
+
+import go
+
+/** Provides models of commonly used functions in the `crypto` package. */
+module Crypto {
+  private class MethodModels extends TaintTracking::FunctionModel, Method {
+    FunctionInput inp;
+    FunctionOutput outp;
+
+    MethodModels() {
+      // signature: func (Decrypter).Decrypt(rand io.Reader, msg []byte, opts DecrypterOpts) (plaintext []byte, err error)
+      this.implements("crypto", "Decrypter", "Decrypt") and
+      (inp.isParameter(1) and outp.isResult(0))
+    }
+
+    override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
+      input = inp and output = outp
+    }
+  }
+}
diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Crypto.go b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Crypto.go
new file mode 100644
index 00000000000..8a3e7fc2979
--- /dev/null
+++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Crypto.go
@@ -0,0 +1,20 @@
+// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT.
+
+package main
+
+import "crypto"
+
+func TaintStepTest_CryptoDecrypterDecrypt_B0I0O0(sourceCQL interface{}) interface{} {
+	fromByte656 := sourceCQL.([]byte)
+	var mediumObjCQL crypto.Decrypter
+	intoByte414, _ := mediumObjCQL.Decrypt(nil, fromByte656, nil)
+	return intoByte414
+}
+
+func RunAllTaints_Crypto() {
+	{
+		source := newSource(0)
+		out := TaintStepTest_CryptoDecrypterDecrypt_B0I0O0(source)
+		sink(0, out)
+	}
+}