Crypto: Update crypto stubs location under 'crypto' and associate codeowners on any test/stubs/crypto. Minor fix to HashAlgorithmValueConsumer (remove library detector logic).

2025-12-16 16:53:25 +01:00 · 2025-05-30 09:35:33 -04:00
parent a9bdcc72eb
commit 6b267479be
7 changed files with 5 additions and 9 deletions
--- a/1
+++ b/1
@@ -18,6 +18,7 @@
 # Experimental CodeQL cryptography
 **/experimental/**/quantum/ @github/ps-codeql
 /shared/quantum/ @github/ps-codeql
 **/test/stubs/crypto/ @github/ps-codeql
 # CodeQL tools and associated docs
 /docs/codeql/codeql-cli/ @github/codeql-cli-reviewers
--- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll
+++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll
@@ -3,18 +3,14 @@ private import experimental.quantum.Language
 private import semmle.code.cpp.dataflow.new.DataFlow
 private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
 private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances
 private import experimental.quantum.OpenSSL.LibraryDetector
 abstract class HashAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { }
 /**
 * EVP_Q_Digest directly consumes algorithm constant values
 */
-class EVP_Q_Digest_Algorithm_Consumer extends OpenSSLAlgorithmValueConsumer {
+class EVP_Q_Digest_Algorithm_Consumer extends HashAlgorithmValueConsumer {
-  EVP_Q_Digest_Algorithm_Consumer() {
+  EVP_Q_Digest_Algorithm_Consumer() { this.(Call).getTarget().getName() = "EVP_Q_digest" }
    isPossibleOpenSSLFunction(this.(Call).getTarget()) and
    this.(Call).getTarget().getName() = "EVP_Q_digest"
  }
  override Crypto::ConsumerInputDataFlowNode getInputNode() {
    result.asExpr() = this.(Call).getArgument(1)
@@ -35,13 +31,12 @@ class EVP_Q_Digest_Algorithm_Consumer extends OpenSSLAlgorithmValueConsumer {
 * The EVP digest algorithm getters
 * https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis
 */
-class EVPDigestAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer {
+class EVPDigestAlgorithmValueConsumer extends HashAlgorithmValueConsumer {
  DataFlow::Node valueArgNode;
  DataFlow::Node resultNode;
  EVPDigestAlgorithmValueConsumer() {
    resultNode.asExpr() = this and
    isPossibleOpenSSLFunction(this.(Call).getTarget()) and
    (
      this.(Call).getTarget().getName() in [
          "EVP_get_digestbyname", "EVP_get_digestbynid", "EVP_get_digestbyobj"
--- a/cpp/ql/test/experimental/library-tests/quantum/openssl/options
+++ b/cpp/ql/test/experimental/library-tests/quantum/openssl/options
@@ -1 +1 @@
-semmle-extractor-options: -I ../../../../stubs
+semmle-extractor-options: -I ../../../../stubs/crypto
--- a/cpp/ql/test/stubs/crypto/openssl/alg_macro_stubs.h
+++ b/cpp/ql/test/stubs/crypto/openssl/alg_macro_stubs.h
--- a/cpp/ql/test/stubs/crypto/openssl/evp_stubs.h
+++ b/cpp/ql/test/stubs/crypto/openssl/evp_stubs.h
--- a/cpp/ql/test/stubs/crypto/openssl/license.txt
+++ b/cpp/ql/test/stubs/crypto/openssl/license.txt
--- a/cpp/ql/test/stubs/crypto/openssl/rand_stubs.h
+++ b/cpp/ql/test/stubs/crypto/openssl/rand_stubs.h
		`@@ -1 +1 @@`
			`semmle-extractor-options: -I ../../../../stubs`				`semmle-extractor-options: -I ../../../../stubs/crypto`