Move to stdlib and expand crypto/cypher package taint-tracking

2026-01-29 22:32:58 +01:00 · 2020-09-21 12:41:48 +02:00
parent 434c4bca9c
commit 742319c071
3 changed files with 109 additions and 12 deletions
--- a/ql/src/semmle/go/frameworks/Stdlib.qll
+++ b/ql/src/semmle/go/frameworks/Stdlib.qll
@@ -14,6 +14,7 @@ import semmle.go.frameworks.stdlib.CompressLzw
 import semmle.go.frameworks.stdlib.CompressZlib
 import semmle.go.frameworks.stdlib.Fmt
 import semmle.go.frameworks.stdlib.Crypto
+import semmle.go.frameworks.stdlib.CryptoCipher
 import semmle.go.frameworks.stdlib.Mime
 import semmle.go.frameworks.stdlib.MimeMultipart
 import semmle.go.frameworks.stdlib.MimeQuotedprintable
@@ -509,15 +510,3 @@ module Log {
    override predicate mayReturnNormally() { none() }
  }
 }
-
-/** Provides models of some functions in the `crypto/cipher` package. */
-module CryptoCipher {
-  private class AeadOpenFunction extends TaintTracking::FunctionModel, Method {
-    AeadOpenFunction() { this.hasQualifiedName("crypto/cipher", "AEAD", "Open") }
-
-    override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
-      inp.isParameter(2) and
-      outp.isResult(0)
-    }
-  }
-}
--- a/ql/src/semmle/go/frameworks/stdlib/CryptoCipher.qll
+++ b/ql/src/semmle/go/frameworks/stdlib/CryptoCipher.qll
@@ -0,0 +1,38 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `crypto/cipher` package.
+ */
+
+import go
+
+/** Provides models of commonly used functions in the `crypto/cipher` package. */
+module CryptoCipher {
+  private class MethodModels extends TaintTracking::FunctionModel, Method {
+    FunctionInput inp;
+    FunctionOutput outp;
+
+    MethodModels() {
+      // signature: func (StreamReader).Read(dst []byte) (n int, err error)
+      this.hasQualifiedName("crypto/cipher", "StreamReader", "Read") and
+      (inp.isReceiver() and outp.isParameter(0))
+      or
+      // signature: func (StreamWriter).Write(src []byte) (n int, err error)
+      this.hasQualifiedName("crypto/cipher", "StreamWriter", "Write") and
+      (inp.isParameter(0) and outp.isReceiver())
+      or
+      // signature: func (Block).Decrypt(dst []byte, src []byte)
+      this.implements("crypto/cipher", "Block", "Decrypt") and
+      (inp.isParameter(1) and outp.isParameter(0))
+      or
+      // signature: func (AEAD).Open(dst []byte, nonce []byte, ciphertext []byte, additionalData []byte) ([]byte, error)
+      this.implements("crypto/cipher", "AEAD", "Open") and
+      (
+        inp.isParameter(2) and
+        (outp.isParameter(0) or outp.isResult(0))
+      )
+    }
+
+    override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
+      input = inp and output = outp
+    }
+  }
+}
--- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/CryptoCipher.go
+++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/CryptoCipher.go
@@ -0,0 +1,70 @@
+// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT.
+
+package main
+
+import "crypto/cipher"
+
+func TaintStepTest_CryptoCipherStreamReaderRead_B0I0O0(sourceCQL interface{}) interface{} {
+	fromStreamReader656 := sourceCQL.(cipher.StreamReader)
+	var intoByte414 []byte
+	fromStreamReader656.Read(intoByte414)
+	return intoByte414
+}
+
+func TaintStepTest_CryptoCipherStreamWriterWrite_B0I0O0(sourceCQL interface{}) interface{} {
+	fromByte518 := sourceCQL.([]byte)
+	var intoStreamWriter650 cipher.StreamWriter
+	intoStreamWriter650.Write(fromByte518)
+	return intoStreamWriter650
+}
+
+func TaintStepTest_CryptoCipherBlockDecrypt_B0I0O0(sourceCQL interface{}) interface{} {
+	fromByte784 := sourceCQL.([]byte)
+	var intoByte957 []byte
+	var mediumObjCQL cipher.Block
+	mediumObjCQL.Decrypt(intoByte957, fromByte784)
+	return intoByte957
+}
+
+func TaintStepTest_CryptoCipherAEADOpen_B0I0O0(sourceCQL interface{}) interface{} {
+	fromByte520 := sourceCQL.([]byte)
+	var intoByte443 []byte
+	var mediumObjCQL cipher.AEAD
+	mediumObjCQL.Open(intoByte443, nil, fromByte520, nil)
+	return intoByte443
+}
+
+func TaintStepTest_CryptoCipherAEADOpen_B0I0O1(sourceCQL interface{}) interface{} {
+	fromByte127 := sourceCQL.([]byte)
+	var mediumObjCQL cipher.AEAD
+	intoByte483, _ := mediumObjCQL.Open(nil, nil, fromByte127, nil)
+	return intoByte483
+}
+
+func RunAllTaints_CryptoCipher() {
+	{
+		source := newSource(0)
+		out := TaintStepTest_CryptoCipherStreamReaderRead_B0I0O0(source)
+		sink(0, out)
+	}
+	{
+		source := newSource(1)
+		out := TaintStepTest_CryptoCipherStreamWriterWrite_B0I0O0(source)
+		sink(1, out)
+	}
+	{
+		source := newSource(2)
+		out := TaintStepTest_CryptoCipherBlockDecrypt_B0I0O0(source)
+		sink(2, out)
+	}
+	{
+		source := newSource(3)
+		out := TaintStepTest_CryptoCipherAEADOpen_B0I0O0(source)
+		sink(3, out)
+	}
+	{
+		source := newSource(4)
+		out := TaintStepTest_CryptoCipherAEADOpen_B0I0O1(source)
+		sink(4, out)
+	}
+}