Moved Cpp into sub directory 'cryptography' instead of crypto. Added python models, inventory, and example alerts.

2026-04-27 17:55:19 +02:00 · 2023-09-15 12:12:01 -04:00
parent 7560db66fa
commit 50db4fd63e
73 changed files with 2763 additions and 44 deletions
--- a/cpp/ql/lib/experimental/crypto/Concepts.qll
+++ b/cpp/ql/lib/experimental/crypto/Concepts.qll
@@ -1,5 +0,0 @@
-import experimental.crypto.CryptoArtifact
-import experimental.crypto.CryptoAlgorithmNames
-
-import experimental.crypto.modules.OpenSSL as OpenSSL
-
--- a/cpp/ql/lib/experimental/cryptography/Concepts.qll
+++ b/cpp/ql/lib/experimental/cryptography/Concepts.qll
@@ -0,0 +1,5 @@
+import experimental.cryptography.CryptoArtifact
+import experimental.cryptography.CryptoAlgorithmNames
+
+import experimental.cryptography.modules.OpenSSL as OpenSSL
+
--- a/cpp/ql/lib/experimental/cryptography/CryptoAlgorithmNames.qll
+++ b/cpp/ql/lib/experimental/cryptography/CryptoAlgorithmNames.qll
--- a/cpp/ql/lib/experimental/cryptography/CryptoArtifact.qll
+++ b/cpp/ql/lib/experimental/cryptography/CryptoArtifact.qll
@@ -1,5 +1,5 @@
 import cpp
-private import experimental.crypto.CryptoAlgorithmNames
+private import experimental.cryptography.CryptoAlgorithmNames
 import semmle.code.cpp.ir.dataflow.TaintTracking


--- a/cpp/ql/lib/experimental/cryptography/modules/OpenSSL.qll
+++ b/cpp/ql/lib/experimental/cryptography/modules/OpenSSL.qll
@@ -1,11 +1,11 @@
 import cpp
-import experimental.crypto.CryptoAlgorithmNames
-import experimental.crypto.CryptoArtifact
-import experimental.crypto.utils.OpenSSL.CryptoFunction
-import experimental.crypto.utils.OpenSSL.AlgorithmSink
-import experimental.crypto.utils.OpenSSL.PassthroughFunction
-import experimental.crypto.utils.OpenSSL.CryptoAlgorithm
-import experimental.crypto.CryptoArtifact
+import experimental.cryptography.CryptoAlgorithmNames
+import experimental.cryptography.CryptoArtifact
+import experimental.cryptography.utils.OpenSSL.CryptoFunction
+import experimental.cryptography.utils.OpenSSL.AlgorithmSink
+import experimental.cryptography.utils.OpenSSL.PassthroughFunction
+import experimental.cryptography.utils.OpenSSL.CryptoAlgorithm
+import experimental.cryptography.CryptoArtifact
 // import semmle.code.cpp.ir.dataflow.TaintTracking
 import semmle.code.cpp.ir.dataflow.DataFlow

--- a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/AlgorithmSink.qll
+++ b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/AlgorithmSink.qll
@@ -7,8 +7,8 @@

 //TODO: enforce a hierarchy of AlgorithmSinkArgument, e.g., so I can get all Asymmetric SinkArguments that includes all the strictly RSA etc.
 import cpp
-import experimental.crypto.utils.OpenSSL.LibraryFunction
-import experimental.crypto.CryptoAlgorithmNames
+import experimental.cryptography.utils.OpenSSL.LibraryFunction
+import experimental.cryptography.CryptoAlgorithmNames

 predicate isAlgorithmSink(AlgorithmSinkArgument arg, string algType){
    arg.algType() = algType
--- a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/CryptoAlgorithm.qll
+++ b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/CryptoAlgorithm.qll
@@ -1,5 +1,5 @@
 import cpp
-import experimental.crypto.CryptoAlgorithmNames
+import experimental.cryptography.CryptoAlgorithmNames

 predicate isValidAlgorithmLiteral(Literal e){
    exists(getPossibleNidFromLiteral(e)) or e instanceof StringLiteral
--- a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/CryptoFunction.qll
+++ b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/CryptoFunction.qll
@@ -1,6 +1,6 @@
 import cpp
-import experimental.crypto.utils.OpenSSL.LibraryFunction
-import experimental.crypto.CryptoAlgorithmNames
+import experimental.cryptography.utils.OpenSSL.LibraryFunction
+import experimental.cryptography.CryptoAlgorithmNames

 predicate inferredOpenSSLCryptoFunctionCall(Call c , string normalized, string algType){
    inferredOpenSSLCryptoFunction(c.getTarget(), normalized, algType)
--- a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/DataBuilders.qll
+++ b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/DataBuilders.qll
@@ -5,8 +5,8 @@
 */

 import cpp
-import experimental.crypto.CryptoAlgorithmNames
-import experimental.crypto.utils.OpenSSL.CryptoFunction
+import experimental.cryptography.CryptoAlgorithmNames
+import experimental.cryptography.utils.OpenSSL.CryptoFunction


 private string basicNormalizeFunctionName(Function f, string algType) {
--- a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/LibraryFunction.qll
+++ b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/LibraryFunction.qll
--- a/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/PassthroughFunction.qll
+++ b/cpp/ql/lib/experimental/cryptography/utils/OpenSSL/PassthroughFunction.qll
@@ -1,5 +1,5 @@
 import cpp 
-import experimental.crypto.utils.OpenSSL.LibraryFunction
+import experimental.cryptography.utils.OpenSSL.LibraryFunction
 import semmle.code.cpp.ir.dataflow.DataFlow


--- a/cpp/ql/src/experimental/cryptography/example_alerts/UnknownAsymmetricKeyGen.ql
+++ b/cpp/ql/src/experimental/cryptography/example_alerts/UnknownAsymmetricKeyGen.ql
@@ -10,7 +10,7 @@
 */
 import cpp

-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts

 from AsymmetricKeyGeneration op, AsymmetricAlgorithm alg
 where 
--- a/cpp/ql/src/experimental/cryptography/example_alerts/WeakAsymmetricKeyGen.ql
+++ b/cpp/ql/src/experimental/cryptography/example_alerts/WeakAsymmetricKeyGen.ql
@@ -10,7 +10,7 @@
 */
 import cpp

-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts

 from AsymmetricKeyGeneration op, AsymmetricAlgorithm alg, Expr configSrc, int size
 where 
--- a/cpp/ql/src/experimental/cryptography/example_alerts/WeakBlockMode.ql
+++ b/cpp/ql/src/experimental/cryptography/example_alerts/WeakBlockMode.ql
@@ -9,7 +9,7 @@
 *       external/cwe/cwe-327
 */
 import cpp
-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts

 from BlockModeAlgorithm alg, string name, string msg, Expr confSink
 where
--- a/cpp/ql/src/experimental/cryptography/example_alerts/WeakEllipticCurve.ql
+++ b/cpp/ql/src/experimental/cryptography/example_alerts/WeakEllipticCurve.ql
@@ -9,7 +9,7 @@
 *       external/cwe/cwe-327
 */
 import cpp
-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts

 from EllipticCurveAlgorithm alg, string name, string msg, Expr confSink
 where
--- a/cpp/ql/src/experimental/cryptography/example_alerts/WeakEncryption.ql
+++ b/cpp/ql/src/experimental/cryptography/example_alerts/WeakEncryption.ql
@@ -10,7 +10,7 @@
 */

 import cpp
-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts


 from SymmetricEncryptionAlgorithm alg, Expr confSink, string msg
--- a/cpp/ql/src/experimental/cryptography/example_alerts/WeakHashes.ql
+++ b/cpp/ql/src/experimental/cryptography/example_alerts/WeakHashes.ql
@@ -11,7 +11,7 @@

 import cpp
 import semmle.code.cpp.dataflow.DataFlow as ASTDataFlow
-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts
  
 from HashAlgorithm alg, Expr confSink, string msg
 where 
--- a/cpp/ql/src/experimental/cryptography/inventory/new_models/AllAsymmetricAlgorithms.ql
+++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/AllAsymmetricAlgorithms.ql
@@ -11,7 +11,7 @@
 */

 import cpp
-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts

 from AsymmetricAlgorithm alg
 select alg, "Use of algorithm " + alg.getName()
--- a/cpp/ql/src/experimental/cryptography/inventory/new_models/AllCryptoAlgorithms.ql
+++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/AllCryptoAlgorithms.ql
@@ -11,7 +11,7 @@
 */

 import cpp
-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts

 from CryptographicAlgorithm alg
 select alg, "Use of algorithm " + alg.getName()
--- a/cpp/ql/src/experimental/cryptography/inventory/new_models/AsymmetricEncryptionAlgorithms.ql
+++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/AsymmetricEncryptionAlgorithms.ql
@@ -11,7 +11,7 @@
 */

 import cpp
-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts

 from AsymmetricEncryptionAlgorithm alg
 select alg, "Use of algorithm " + alg.getEncryptionName()
--- a/cpp/ql/src/experimental/cryptography/inventory/new_models/AsymmetricPaddingAlgorithms.ql
+++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/AsymmetricPaddingAlgorithms.ql
@@ -10,7 +10,7 @@
 */

 import cpp
-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts

 // TODO: currently not modeled for any API
 from AsymmetricPadding alg
--- a/cpp/ql/src/experimental/cryptography/inventory/new_models/AuthenticatedEncryptionAlgorithms.ql
+++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/AuthenticatedEncryptionAlgorithms.ql
@@ -11,7 +11,7 @@
 */

 import cpp
-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts

 from AuthenticatedEncryptionAlgorithm alg
 select alg, "Use of algorithm " + alg.getAuthticatedEncryptionName()
--- a/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeAlgorithms.ql
+++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeAlgorithms.ql
@@ -11,7 +11,7 @@
 */

 import cpp
-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts

 from BlockModeAlgorithm alg
 select alg, "Use of algorithm " + alg.getBlockModeName()
--- a/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeKnownIVsOrNonces.ql
+++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeKnownIVsOrNonces.ql
@@ -11,7 +11,7 @@
 */

 import cpp
-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts

 // TODO: currently not modeled for any API
 from BlockModeAlgorithm alg
--- a/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeUnknownIVsOrNonces.ql
+++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeUnknownIVsOrNonces.ql
@@ -11,7 +11,7 @@
 */

 import cpp
-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts

 // TODO: currently not modeled for any API
 from BlockModeAlgorithm alg
--- a/cpp/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithmSize.ql
+++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithmSize.ql
@@ -11,7 +11,7 @@
 */

 import cpp
-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts

 from EllipticCurveAlgorithm alg, string size
 where
--- a/cpp/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithms.ql
+++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithms.ql
@@ -11,7 +11,7 @@
 */

 import cpp
-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts

 from EllipticCurveAlgorithm alg
 select alg, "Use of algorithm " + alg.getCurveName()
--- a/cpp/ql/src/experimental/cryptography/inventory/new_models/HashingAlgorithms.ql
+++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/HashingAlgorithms.ql
@@ -11,7 +11,7 @@
 */

 import cpp
-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts

 from HashAlgorithm alg
 select alg, "Use of algorithm " + alg.getName()
--- a/cpp/ql/src/experimental/cryptography/inventory/new_models/KeyExchangeAlgorithms.ql
+++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/KeyExchangeAlgorithms.ql
@@ -11,7 +11,7 @@
 */

 import cpp
-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts

 from KeyExchangeAlgorithm alg
 select alg, "Use of algorithm " + alg.getName()
--- a/cpp/ql/src/experimental/cryptography/inventory/new_models/KnownAsymmetricKeyGeneration.ql
+++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/KnownAsymmetricKeyGeneration.ql
@@ -11,7 +11,7 @@
 */

 import cpp
-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts

 from AsymmetricKeyGeneration op, CryptographicAlgorithm alg, Expr configSrc
 where
--- a/cpp/ql/src/experimental/cryptography/inventory/new_models/SigningAlgorithms.ql
+++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/SigningAlgorithms.ql
@@ -11,7 +11,7 @@
 */

 import cpp
-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts

 // TODO: currently not modeled for any API
 from SigningAlgorithm alg
--- a/cpp/ql/src/experimental/cryptography/inventory/new_models/SymmetricEncryptionAlgorithms.ql
+++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/SymmetricEncryptionAlgorithms.ql
@@ -11,7 +11,7 @@
 */

 import cpp
-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts

 from SymmetricEncryptionAlgorithm alg
 select alg, "Use of algorithm " + alg.getEncryptionName()
--- a/cpp/ql/src/experimental/cryptography/inventory/new_models/SymmetricPaddingAlgorithms.ql
+++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/SymmetricPaddingAlgorithms.ql
@@ -10,7 +10,7 @@
 */

 import cpp
-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts

 // TODO: currently not modeled for any API
 from SymmetricPadding alg
--- a/cpp/ql/src/experimental/cryptography/inventory/new_models/UnknownAsymmetricKeyGeneration.ql
+++ b/cpp/ql/src/experimental/cryptography/inventory/new_models/UnknownAsymmetricKeyGeneration.ql
@@ -11,7 +11,7 @@
 */

 import cpp
-import experimental.crypto.Concepts
+import experimental.cryptography.Concepts

 from AsymmetricKeyGeneration op, CryptographicAlgorithm alg
 where
--- a/cpp/ql/src/experimental/cryptography/inventory/old_models/readme.md
+++ b/cpp/ql/src/experimental/cryptography/inventory/old_models/readme.md