Changed python inventory subdirectory structure to add old and new inventory models. Added some example old models.

2026-04-25 08:45:14 +02:00 · 2023-09-15 12:17:12 -04:00
parent 50db4fd63e
commit 5fed923af0
19 changed files with 62 additions and 0 deletions
--- a/python/ql/src/experimental/cryptography/inventory/new_models/AllAsymmetricAlgorithms.ql
+++ b/python/ql/src/experimental/cryptography/inventory/new_models/AllAsymmetricAlgorithms.ql
--- a/python/ql/src/experimental/cryptography/inventory/new_models/AllCryptoAlgorithms.ql
+++ b/python/ql/src/experimental/cryptography/inventory/new_models/AllCryptoAlgorithms.ql
--- a/python/ql/src/experimental/cryptography/inventory/new_models/AsymmetricEncryptionAlgorithms.ql
+++ b/python/ql/src/experimental/cryptography/inventory/new_models/AsymmetricEncryptionAlgorithms.ql
--- a/python/ql/src/experimental/cryptography/inventory/new_models/AsymmetricKeyGenOperation.ql
+++ b/python/ql/src/experimental/cryptography/inventory/new_models/AsymmetricKeyGenOperation.ql
--- a/python/ql/src/experimental/cryptography/inventory/new_models/AsymmetricPaddingAlgorithms.ql
+++ b/python/ql/src/experimental/cryptography/inventory/new_models/AsymmetricPaddingAlgorithms.ql
--- a/python/ql/src/experimental/cryptography/inventory/new_models/AuthenticatedEncryptionAlgorithms.ql
+++ b/python/ql/src/experimental/cryptography/inventory/new_models/AuthenticatedEncryptionAlgorithms.ql
--- a/python/ql/src/experimental/cryptography/inventory/new_models/BlockModeAlgorithms.ql
+++ b/python/ql/src/experimental/cryptography/inventory/new_models/BlockModeAlgorithms.ql
--- a/python/ql/src/experimental/cryptography/inventory/new_models/BlockModeKnownIVsOrNonces.ql
+++ b/python/ql/src/experimental/cryptography/inventory/new_models/BlockModeKnownIVsOrNonces.ql
--- a/python/ql/src/experimental/cryptography/inventory/new_models/BlockModeUnknownIVsOrNonces.ql
+++ b/python/ql/src/experimental/cryptography/inventory/new_models/BlockModeUnknownIVsOrNonces.ql
--- a/python/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithms.ql
+++ b/python/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithms.ql
--- a/python/ql/src/experimental/cryptography/inventory/new_models/HashingAlgorithms.ql
+++ b/python/ql/src/experimental/cryptography/inventory/new_models/HashingAlgorithms.ql
--- a/python/ql/src/experimental/cryptography/inventory/new_models/KeyDerivationAlgorithms.ql
+++ b/python/ql/src/experimental/cryptography/inventory/new_models/KeyDerivationAlgorithms.ql
--- a/python/ql/src/experimental/cryptography/inventory/new_models/KeyExchangeAlgorithms.ql
+++ b/python/ql/src/experimental/cryptography/inventory/new_models/KeyExchangeAlgorithms.ql
--- a/python/ql/src/experimental/cryptography/inventory/new_models/SigningAlgorithms.ql
+++ b/python/ql/src/experimental/cryptography/inventory/new_models/SigningAlgorithms.ql
--- a/python/ql/src/experimental/cryptography/inventory/new_models/SymmetricEncryptionAlgorithms.ql
+++ b/python/ql/src/experimental/cryptography/inventory/new_models/SymmetricEncryptionAlgorithms.ql
--- a/python/ql/src/experimental/cryptography/inventory/new_models/SymmetricPaddingAlgorithms.ql
+++ b/python/ql/src/experimental/cryptography/inventory/new_models/SymmetricPaddingAlgorithms.ql
--- a/python/ql/src/experimental/cryptography/inventory/old_models/AllCryptoAlgorithms.ql
+++ b/python/ql/src/experimental/cryptography/inventory/old_models/AllCryptoAlgorithms.ql
@@ -0,0 +1,21 @@
+/**
+ * @name All Cryptographic Algorithms
+ * @description Finds all potential usage of cryptographic algorithms usage using the supported libraries.
+ * @kind problem
+ * @id py/quantum-readiness/cbom/classic-model/all-cryptographic-algorithms
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import python
+import semmle.python.Concepts
+
+from Cryptography::CryptographicOperation operation, string algName
+where
+  algName = operation.getAlgorithm().getName()
+  or
+  algName = operation.getBlockMode()
+select operation, "Use of algorithm " + algName
--- a/python/ql/src/experimental/cryptography/inventory/old_models/BlockModeAlgorithms.ql
+++ b/python/ql/src/experimental/cryptography/inventory/old_models/BlockModeAlgorithms.ql
@@ -0,0 +1,18 @@
+/**
+ * @name Block cipher mode of operation
+ * @description Finds all potential block cipher modes of operations using the supported libraries.
+ * @kind problem
+ * @id py/quantum-readiness/cbom/classic-model/block-cipher-mode
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import python
+import semmle.python.Concepts
+
+from Cryptography::CryptographicOperation operation, string algName
+where algName = operation.getBlockMode()
+select operation, "Use of algorithm " + algName
--- a/python/ql/src/experimental/cryptography/inventory/old_models/HashingAlgorithms.ql
+++ b/python/ql/src/experimental/cryptography/inventory/old_models/HashingAlgorithms.ql
@@ -0,0 +1,23 @@
+/**
+ * @name Hash Algorithms
+ * @description Finds all potential usage of cryptographic hash algorithms using the supported libraries.
+ * @kind problem
+ * @id py/quantum-readiness/cbom/classic-model/hash-algorithms
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import python
+import semmle.python.Concepts
+
+from Cryptography::CryptographicOperation operation, Cryptography::CryptographicAlgorithm algorithm
+where
+  algorithm = operation.getAlgorithm() and
+  (
+    algorithm instanceof Cryptography::HashingAlgorithm or
+    algorithm instanceof Cryptography::PasswordHashingAlgorithm
+  )
+select operation, "Use of algorithm " + operation.getAlgorithm().getName()