Support multi-dimensional arrays

2026-05-01 11:45:14 +02:00 · 2021-08-13 20:52:27 +02:00
parent df0f9ee3a5
commit 4e69081c22
2 changed files with 55 additions and 3 deletions
--- a/java/ql/src/experimental/semmle/code/java/security/StaticInitializationVectorQuery.qll
+++ b/java/ql/src/experimental/semmle/code/java/security/StaticInitializationVectorQuery.qll
@@ -3,13 +3,17 @@ import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.dataflow.TaintTracking2

 /**
- * Holds if `array` is initialized only with constants, for example,
- * `new byte[8]` or `new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 }`.
+ * Holds if `array` is initialized only with constants.
 */
 private predicate initializedWithConstants(ArrayCreationExpr array) {
+  // creating an array without an initializer, for example `new byte[8]`
  not exists(array.getInit())
  or
-  forex(Expr element | element = array.getInit().getAChildExpr() |
+  // creating a multidimensional array with an initializer like `{ new byte[8], new byte[16] }`
+  array.getInit().getAnInit().getAChildExpr() instanceof IntegerLiteral
+  or
+  // creating an array wit an initializer like `new byte[] { 1, 2 }`
+  forex(Expr element | element = array.getInit().getAnInit() |
    element instanceof CompileTimeConstantExpr
  )
 }
--- a/java/ql/test/experimental/query-tests/security/CWE-1204/StaticInitializationVector.java
+++ b/java/ql/test/experimental/query-tests/security/CWE-1204/StaticInitializationVector.java
@@ -50,6 +50,54 @@ public class StaticInitializationVector {
        return cipher.doFinal();
    }

+    // BAD: AES-GCM with static IV from a multidimensional byte array
+    public byte[] encryptWithOneOfStaticIvs01(byte[] key, byte[] plaintext) throws Exception {
+        byte[][] staticIvs = new byte[][] {
+            { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 },
+            { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 42 }
+        };
+
+        GCMParameterSpec ivSpec = new GCMParameterSpec(128, staticIvs[1]);
+        SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
+
+        Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
+        cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $staticInitializationVector
+        cipher.update(plaintext);
+        return cipher.doFinal();
+    }
+
+    // BAD: AES-GCM with static IV from a multidimensional byte array
+    public byte[] encryptWithOneOfStaticIvs02(byte[] key, byte[] plaintext) throws Exception {
+        byte[][] staticIvs = new byte[][] {
+            new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5 },
+            new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 42 }
+        };
+
+        GCMParameterSpec ivSpec = new GCMParameterSpec(128, staticIvs[1]);
+        SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
+
+        Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
+        cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $staticInitializationVector
+        cipher.update(plaintext);
+        return cipher.doFinal();
+    }
+
+    // BAD: AES-GCM with static IV from a multidimensional byte array
+    public byte[] encryptWithOneOfStaticZeroIvs(byte[] key, byte[] plaintext) throws Exception {
+        byte[][] ivs = new byte[][] {
+            new byte[8],
+            new byte[16]
+        };
+
+        GCMParameterSpec ivSpec = new GCMParameterSpec(128, ivs[1]);
+        SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
+
+        Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
+        cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $staticInitializationVector
+        cipher.update(plaintext);
+        return cipher.doFinal();
+    }
+
    // GOOD: AES-GCM with a random IV
    public byte[] encryptWithRandomIv(byte[] key, byte[] plaintext) throws Exception {
        byte[] iv = new byte[16];