hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Crypto: Update crypto stubs location under 'crypto' and associate codeowners on any test/stubs/crypto. Minor fix to HashAlgorithmValueConsumer (remove library detector logic).

Browse Source
This commit is contained in:
REDMOND\brodes
2025-05-30 09:35:33 -04:00
committed by Nicolas Will
parent a9bdcc72eb
commit 6b267479be
7 changed files with 5 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CODEOWNERS
View File

@@ -18,6 +18,7 @@
# Experimental CodeQL cryptography
**/experimental/**/quantum/ @github/ps-codeql
/shared/quantum/ @github/ps-codeql
**/test/stubs/crypto/ @github/ps-codeql
# CodeQL tools and associated docs
/docs/codeql/codeql-cli/ @github/codeql-cli-reviewers

11
cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll
View File

@@ -3,18 +3,14 @@ private import experimental.quantum.Language
private import semmle.code.cpp.dataflow.new.DataFlow
private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances
private import experimental.quantum.OpenSSL.LibraryDetector
abstract class HashAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { }
/**
* EVP_Q_Digest directly consumes algorithm constant values
*/
class EVP_Q_Digest_Algorithm_Consumer extends OpenSSLAlgorithmValueConsumer {
EVP_Q_Digest_Algorithm_Consumer() {
isPossibleOpenSSLFunction(this.(Call).getTarget()) and
this.(Call).getTarget().getName() = "EVP_Q_digest"
}
class EVP_Q_Digest_Algorithm_Consumer extends HashAlgorithmValueConsumer {
EVP_Q_Digest_Algorithm_Consumer() { this.(Call).getTarget().getName() = "EVP_Q_digest" }
override Crypto::ConsumerInputDataFlowNode getInputNode() {
result.asExpr() = this.(Call).getArgument(1)
@@ -35,13 +31,12 @@ class EVP_Q_Digest_Algorithm_Consumer extends OpenSSLAlgorithmValueConsumer {
* The EVP digest algorithm getters
* https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis
*/
class EVPDigestAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer {
class EVPDigestAlgorithmValueConsumer extends HashAlgorithmValueConsumer {
DataFlow::Node valueArgNode;
DataFlow::Node resultNode;
EVPDigestAlgorithmValueConsumer() {
resultNode.asExpr() = this and
isPossibleOpenSSLFunction(this.(Call).getTarget()) and
(
this.(Call).getTarget().getName() in [
"EVP_get_digestbyname", "EVP_get_digestbynid", "EVP_get_digestbyobj"

2
cpp/ql/test/experimental/library-tests/quantum/openssl/options
View File

@@ -1 +1 @@
semmle-extractor-options: -I ../../../../stubs
semmle-extractor-options: -I ../../../../stubs/crypto

0
cpp/ql/test/stubs/openssl/alg_macro_stubs.h → cpp/ql/test/stubs/crypto/openssl/alg_macro_stubs.h
View File

0
cpp/ql/test/stubs/openssl/evp_stubs.h → cpp/ql/test/stubs/crypto/openssl/evp_stubs.h
View File

0
cpp/ql/test/stubs/openssl/license.txt → cpp/ql/test/stubs/crypto/openssl/license.txt
View File

0
cpp/ql/test/stubs/openssl/rand_stubs.h → cpp/ql/test/stubs/crypto/openssl/rand_stubs.h
View File