From 742319c071a3cba80bcac74dff93f56b7d8bada2 Mon Sep 17 00:00:00 2001 From: Slavomir Date: Mon, 21 Sep 2020 12:41:48 +0200 Subject: [PATCH] Move to stdlib and expand `crypto/cypher` package taint-tracking --- ql/src/semmle/go/frameworks/Stdlib.qll | 13 +--- .../go/frameworks/stdlib/CryptoCipher.qll | 38 ++++++++++ .../StdlibTaintFlow/CryptoCipher.go | 70 +++++++++++++++++++ 3 files changed, 109 insertions(+), 12 deletions(-) create mode 100644 ql/src/semmle/go/frameworks/stdlib/CryptoCipher.qll create mode 100644 ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/CryptoCipher.go diff --git a/ql/src/semmle/go/frameworks/Stdlib.qll b/ql/src/semmle/go/frameworks/Stdlib.qll index ae3485b66f4..c94a1f7f8d6 100644 --- a/ql/src/semmle/go/frameworks/Stdlib.qll +++ b/ql/src/semmle/go/frameworks/Stdlib.qll @@ -14,6 +14,7 @@ import semmle.go.frameworks.stdlib.CompressLzw import semmle.go.frameworks.stdlib.CompressZlib import semmle.go.frameworks.stdlib.Fmt import semmle.go.frameworks.stdlib.Crypto +import semmle.go.frameworks.stdlib.CryptoCipher import semmle.go.frameworks.stdlib.Mime import semmle.go.frameworks.stdlib.MimeMultipart import semmle.go.frameworks.stdlib.MimeQuotedprintable @@ -509,15 +510,3 @@ module Log { override predicate mayReturnNormally() { none() } } } - -/** Provides models of some functions in the `crypto/cipher` package. */ -module CryptoCipher { - private class AeadOpenFunction extends TaintTracking::FunctionModel, Method { - AeadOpenFunction() { this.hasQualifiedName("crypto/cipher", "AEAD", "Open") } - - override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) { - inp.isParameter(2) and - outp.isResult(0) - } - } -} diff --git a/ql/src/semmle/go/frameworks/stdlib/CryptoCipher.qll b/ql/src/semmle/go/frameworks/stdlib/CryptoCipher.qll new file mode 100644 index 00000000000..235013d1d57 --- /dev/null +++ b/ql/src/semmle/go/frameworks/stdlib/CryptoCipher.qll @@ -0,0 +1,38 @@ +/** + * Provides classes modeling security-relevant aspects of the `crypto/cipher` package. + */ + +import go + +/** Provides models of commonly used functions in the `crypto/cipher` package. */ +module CryptoCipher { + private class MethodModels extends TaintTracking::FunctionModel, Method { + FunctionInput inp; + FunctionOutput outp; + + MethodModels() { + // signature: func (StreamReader).Read(dst []byte) (n int, err error) + this.hasQualifiedName("crypto/cipher", "StreamReader", "Read") and + (inp.isReceiver() and outp.isParameter(0)) + or + // signature: func (StreamWriter).Write(src []byte) (n int, err error) + this.hasQualifiedName("crypto/cipher", "StreamWriter", "Write") and + (inp.isParameter(0) and outp.isReceiver()) + or + // signature: func (Block).Decrypt(dst []byte, src []byte) + this.implements("crypto/cipher", "Block", "Decrypt") and + (inp.isParameter(1) and outp.isParameter(0)) + or + // signature: func (AEAD).Open(dst []byte, nonce []byte, ciphertext []byte, additionalData []byte) ([]byte, error) + this.implements("crypto/cipher", "AEAD", "Open") and + ( + inp.isParameter(2) and + (outp.isParameter(0) or outp.isResult(0)) + ) + } + + override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { + input = inp and output = outp + } + } +} diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/CryptoCipher.go b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/CryptoCipher.go new file mode 100644 index 00000000000..c922498adcb --- /dev/null +++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/CryptoCipher.go @@ -0,0 +1,70 @@ +// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT. + +package main + +import "crypto/cipher" + +func TaintStepTest_CryptoCipherStreamReaderRead_B0I0O0(sourceCQL interface{}) interface{} { + fromStreamReader656 := sourceCQL.(cipher.StreamReader) + var intoByte414 []byte + fromStreamReader656.Read(intoByte414) + return intoByte414 +} + +func TaintStepTest_CryptoCipherStreamWriterWrite_B0I0O0(sourceCQL interface{}) interface{} { + fromByte518 := sourceCQL.([]byte) + var intoStreamWriter650 cipher.StreamWriter + intoStreamWriter650.Write(fromByte518) + return intoStreamWriter650 +} + +func TaintStepTest_CryptoCipherBlockDecrypt_B0I0O0(sourceCQL interface{}) interface{} { + fromByte784 := sourceCQL.([]byte) + var intoByte957 []byte + var mediumObjCQL cipher.Block + mediumObjCQL.Decrypt(intoByte957, fromByte784) + return intoByte957 +} + +func TaintStepTest_CryptoCipherAEADOpen_B0I0O0(sourceCQL interface{}) interface{} { + fromByte520 := sourceCQL.([]byte) + var intoByte443 []byte + var mediumObjCQL cipher.AEAD + mediumObjCQL.Open(intoByte443, nil, fromByte520, nil) + return intoByte443 +} + +func TaintStepTest_CryptoCipherAEADOpen_B0I0O1(sourceCQL interface{}) interface{} { + fromByte127 := sourceCQL.([]byte) + var mediumObjCQL cipher.AEAD + intoByte483, _ := mediumObjCQL.Open(nil, nil, fromByte127, nil) + return intoByte483 +} + +func RunAllTaints_CryptoCipher() { + { + source := newSource(0) + out := TaintStepTest_CryptoCipherStreamReaderRead_B0I0O0(source) + sink(0, out) + } + { + source := newSource(1) + out := TaintStepTest_CryptoCipherStreamWriterWrite_B0I0O0(source) + sink(1, out) + } + { + source := newSource(2) + out := TaintStepTest_CryptoCipherBlockDecrypt_B0I0O0(source) + sink(2, out) + } + { + source := newSource(3) + out := TaintStepTest_CryptoCipherAEADOpen_B0I0O0(source) + sink(3, out) + } + { + source := newSource(4) + out := TaintStepTest_CryptoCipherAEADOpen_B0I0O1(source) + sink(4, out) + } +}