mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
Crypto: Further ql-for-ql alert alert fixes.
This commit is contained in:
REDMOND\brodes
@@ -52,7 +52,7 @@ class KnownOpenSslBlockModeConstantAlgorithmInstance extends OpenSslAlgorithmIns
|
||||
this instanceof OpenSslAlgorithmLiteral and
|
||||
exists(DataFlow::Node src, DataFlow::Node sink |
|
||||
// Sink is an argument to a CipherGetterCall
|
||||
sink = getterCall.(OpenSslAlgorithmValueConsumer).getInputNode() and
|
||||
sink = getterCall.getInputNode() and
|
||||
// Source is `this`
|
||||
src.asExpr() = this and
|
||||
// This traces to a getter
|
||||
|
||||
@@ -77,7 +77,7 @@ class KnownOpenSslCipherConstantAlgorithmInstance extends OpenSslAlgorithmInstan
|
||||
this instanceof OpenSslAlgorithmLiteral and
|
||||
exists(DataFlow::Node src, DataFlow::Node sink |
|
||||
// Sink is an argument to a CipherGetterCall
|
||||
sink = getterCall.(OpenSslAlgorithmValueConsumer).getInputNode() and
|
||||
sink = getterCall.getInputNode() and
|
||||
// Source is `this`
|
||||
src.asExpr() = this and
|
||||
// This traces to a getter
|
||||
|
||||
@@ -57,7 +57,7 @@ class KnownOpenSslHashConstantAlgorithmInstance extends OpenSslAlgorithmInstance
|
||||
this instanceof OpenSslAlgorithmLiteral and
|
||||
exists(DataFlow::Node src, DataFlow::Node sink |
|
||||
// Sink is an argument to a CipherGetterCall
|
||||
sink = getterCall.(OpenSslAlgorithmValueConsumer).getInputNode() and
|
||||
sink = getterCall.getInputNode() and
|
||||
// Source is `this`
|
||||
src.asExpr() = this and
|
||||
// This traces to a getter
|
||||
|
||||
@@ -134,12 +134,12 @@ class KnownOpenSslHashAlgorithmExpr extends Expr instanceof KnownOpenSslAlgorith
|
||||
}
|
||||
}
|
||||
|
||||
class KnownOpenSslMACAlgorithmExpr extends Expr instanceof KnownOpenSslAlgorithmExpr {
|
||||
KnownOpenSslMACAlgorithmExpr() { resolveAlgorithmFromExpr(this, _, "MAC") }
|
||||
class KnownOpenSslMacAlgorithmExpr extends Expr instanceof KnownOpenSslAlgorithmExpr {
|
||||
KnownOpenSslMacAlgorithmExpr() { resolveAlgorithmFromExpr(this, _, "MAC") }
|
||||
}
|
||||
|
||||
class KnownOpenSslHMACAlgorithmExpr extends Expr instanceof KnownOpenSslMACAlgorithmExpr {
|
||||
KnownOpenSslHMACAlgorithmExpr() { resolveAlgorithmFromExpr(this, "HMAC", "MAC") }
|
||||
class KnownOpenSslHMacAlgorithmExpr extends Expr instanceof KnownOpenSslMacAlgorithmExpr {
|
||||
KnownOpenSslHMacAlgorithmExpr() { resolveAlgorithmFromExpr(this, "HMAC", "MAC") }
|
||||
|
||||
/**
|
||||
* Gets an explicit cipher algorithm for this MAC algorithm.
|
||||
@@ -148,8 +148,8 @@ class KnownOpenSslHMACAlgorithmExpr extends Expr instanceof KnownOpenSslMACAlgor
|
||||
KnownOpenSslHashAlgorithmExpr getExplicitHashAlgorithm() { result = this }
|
||||
}
|
||||
|
||||
class KnownOpenSslCMACAlgorithmExpr extends Expr instanceof KnownOpenSslMACAlgorithmExpr {
|
||||
KnownOpenSslCMACAlgorithmExpr() { resolveAlgorithmFromExpr(this, "CMAC", "MAC") }
|
||||
class KnownOpenSslCMacAlgorithmExpr extends Expr instanceof KnownOpenSslMacAlgorithmExpr {
|
||||
KnownOpenSslCMacAlgorithmExpr() { resolveAlgorithmFromExpr(this, "CMAC", "MAC") }
|
||||
|
||||
/**
|
||||
* Gets an explicit cipher algorithm for this MAC algorithm.
|
||||
|
||||
@@ -6,12 +6,12 @@ private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmI
|
||||
private import experimental.quantum.OpenSSL.Operations.OpenSSLOperations
|
||||
private import AlgToAVCFlow
|
||||
|
||||
class KnownOpenSslMACConstantAlgorithmInstance extends OpenSslAlgorithmInstance,
|
||||
Crypto::MACAlgorithmInstance instanceof KnownOpenSslMACAlgorithmExpr
|
||||
class KnownOpenSslMacConstantAlgorithmInstance extends OpenSslAlgorithmInstance,
|
||||
Crypto::MACAlgorithmInstance instanceof KnownOpenSslMacAlgorithmExpr
|
||||
{
|
||||
OpenSslAlgorithmValueConsumer getterCall;
|
||||
|
||||
KnownOpenSslMACConstantAlgorithmInstance() {
|
||||
KnownOpenSslMacConstantAlgorithmInstance() {
|
||||
// Two possibilities:
|
||||
// 1) The source is a literal and flows to a getter, then we know we have an instance
|
||||
// 2) The source is a KnownOpenSslAlgorithm is call, and we know we have an instance immediately from that
|
||||
@@ -33,24 +33,24 @@ class KnownOpenSslMACConstantAlgorithmInstance extends OpenSslAlgorithmInstance,
|
||||
|
||||
override OpenSslAlgorithmValueConsumer getAvc() { result = getterCall }
|
||||
|
||||
override string getRawMACAlgorithmName() {
|
||||
override string getRawMacAlgorithmName() {
|
||||
result = this.(Literal).getValue().toString()
|
||||
or
|
||||
result = this.(Call).getTarget().getName()
|
||||
}
|
||||
|
||||
override Crypto::TMACType getMACType() {
|
||||
this instanceof KnownOpenSslHMACAlgorithmExpr and result instanceof Crypto::THMAC
|
||||
override Crypto::TMACType getMacType() {
|
||||
this instanceof KnownOpenSslHMacAlgorithmExpr and result instanceof Crypto::THMAC
|
||||
or
|
||||
this instanceof KnownOpenSslCMACAlgorithmExpr and result instanceof Crypto::TCMAC
|
||||
this instanceof KnownOpenSslCMacAlgorithmExpr and result instanceof Crypto::TCMAC
|
||||
}
|
||||
}
|
||||
|
||||
class KnownOpenSslHMACConstantAlgorithmInstance extends Crypto::HMACAlgorithmInstance,
|
||||
KnownOpenSslMACConstantAlgorithmInstance
|
||||
class KnownOpenSslHMacConstantAlgorithmInstance extends Crypto::HMACAlgorithmInstance,
|
||||
KnownOpenSslMacConstantAlgorithmInstance
|
||||
{
|
||||
override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() {
|
||||
if exists(this.(KnownOpenSslHMACAlgorithmExpr).getExplicitHashAlgorithm())
|
||||
if exists(this.(KnownOpenSslHMacAlgorithmExpr).getExplicitHashAlgorithm())
|
||||
then
|
||||
// ASSUMPTION: if there is an explicit hash algorithm, it is already modeled
|
||||
// and we can simply grab that model's AVC
|
||||
|
||||
@@ -63,7 +63,7 @@ class KnownOpenSslPaddingConstantAlgorithmInstance extends OpenSslAlgorithmInsta
|
||||
this instanceof KnownOpenSslPaddingAlgorithmExpr and
|
||||
exists(DataFlow::Node src, DataFlow::Node sink |
|
||||
// Sink is an argument to a CipherGetterCall
|
||||
sink = getterCall.(OpenSslAlgorithmValueConsumer).getInputNode() and
|
||||
sink = getterCall.getInputNode() and
|
||||
// Source is `this`
|
||||
src.asExpr() = this and
|
||||
// This traces to a getter
|
||||
@@ -81,7 +81,7 @@ class KnownOpenSslPaddingConstantAlgorithmInstance extends OpenSslAlgorithmInsta
|
||||
this instanceof OpenSslPaddingLiteral and
|
||||
exists(DataFlow::Node src, DataFlow::Node sink |
|
||||
// Sink is an argument to a CipherGetterCall
|
||||
sink = getterCall.(OpenSslAlgorithmValueConsumer).getInputNode() and
|
||||
sink = getterCall.getInputNode() and
|
||||
// Source is `this`
|
||||
src.asExpr() = this and
|
||||
// This traces to a padding-specific consumer
|
||||
|
||||
@@ -4,13 +4,13 @@ private import semmle.code.cpp.dataflow.new.DataFlow
|
||||
private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
|
||||
private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances
|
||||
|
||||
abstract class KEMAlgorithmValueConsumer extends OpenSslAlgorithmValueConsumer { }
|
||||
abstract class KemAlgorithmValueConsumer extends OpenSslAlgorithmValueConsumer { }
|
||||
|
||||
class EvpKEMAlgorithmValueConsumer extends KEMAlgorithmValueConsumer {
|
||||
class EvpKemAlgorithmValueConsumer extends KemAlgorithmValueConsumer {
|
||||
DataFlow::Node valueArgNode;
|
||||
DataFlow::Node resultNode;
|
||||
|
||||
EvpKEMAlgorithmValueConsumer() {
|
||||
EvpKemAlgorithmValueConsumer() {
|
||||
resultNode.asExpr() = this and
|
||||
(
|
||||
this.(Call).getTarget().getName() = "EVP_KEM_fetch" and
|
||||
|
||||
@@ -9,11 +9,11 @@ abstract class PaddingAlgorithmValueConsumer extends OpenSslAlgorithmValueConsum
|
||||
// https://docs.openssl.org/master/man7/EVP_ASYM_CIPHER-RSA/#rsa-asymmetric-cipher-parameters
|
||||
// TODO: need to handle setting padding through EVP_PKEY_CTX_set_params, where modes like "OSSL_PKEY_RSA_PAD_MODE_OAEP"
|
||||
// are set.
|
||||
class Evp_PKEY_CTX_set_rsa_padding_AlgorithmValueConsumer extends PaddingAlgorithmValueConsumer {
|
||||
class Evp_PKey_Ctx_set_rsa_padding_AlgorithmValueConsumer extends PaddingAlgorithmValueConsumer {
|
||||
DataFlow::Node valueArgNode;
|
||||
DataFlow::Node resultNode;
|
||||
|
||||
Evp_PKEY_CTX_set_rsa_padding_AlgorithmValueConsumer() {
|
||||
Evp_PKey_Ctx_set_rsa_padding_AlgorithmValueConsumer() {
|
||||
resultNode.asExpr() = this and
|
||||
this.(Call).getTarget().getName() = "EVP_PKEY_CTX_set_rsa_padding" and
|
||||
valueArgNode.asExpr() = this.(Call).getArgument(1)
|
||||
|
||||
@@ -70,8 +70,8 @@ class Evp_Cipher_EX2_or_Simple_Init_Call extends Evp_EX2_Initializer {
|
||||
}
|
||||
}
|
||||
|
||||
class Evp_CipherInit_SKEY_Call extends Evp_EX2_Initializer {
|
||||
Evp_CipherInit_SKEY_Call() { this.(Call).getTarget().getName() in ["EVP_CipherInit_SKEY"] }
|
||||
class Evp_CipherInit_SKey_Call extends Evp_EX2_Initializer {
|
||||
Evp_CipherInit_SKey_Call() { this.(Call).getTarget().getName() = "EVP_CipherInit_SKEY" }
|
||||
|
||||
override Expr getKeyOperationSubtypeArg() { result = this.(Call).getArgument(5) }
|
||||
}
|
||||
|
||||
@@ -132,7 +132,7 @@ abstract class EvpSignatureOperation extends EvpOperation, Crypto::SignatureOper
|
||||
|
||||
/**
|
||||
* Keys provided in the initialization call or in a context are found by this method.
|
||||
* Keys in explicit arguments are found by overriden methods in extending classes.
|
||||
* Keys in explicit arguments are found by overridden methods in extending classes.
|
||||
*/
|
||||
override Crypto::ConsumerInputDataFlowNode getKeyConsumer() {
|
||||
result = DataFlow::exprNode(this.getInitCall().(EvpKeyInitializer).getKeyArg())
|
||||
|
||||
@@ -4,7 +4,7 @@ private import experimental.quantum.OpenSSL.CtxFlow
|
||||
private import experimental.quantum.OpenSSL.KeyFlow
|
||||
private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
|
||||
// Importing these intializers here to ensure the are part of any model that is
|
||||
// using OpenSslOperationBase. This futher ensures that initializers are tied to opeartions
|
||||
// using OpenSslOperationBase. This further ensures that initializers are tied to opeartions
|
||||
// even if only importing the operation by itself.
|
||||
import EVPPKeyCtxInitializer
|
||||
|
||||
@@ -73,10 +73,16 @@ abstract class EvpInitializer extends Call {
|
||||
abstract CtxPointerSource getContext();
|
||||
}
|
||||
|
||||
/**
|
||||
* A call to initialize a key size.
|
||||
*/
|
||||
abstract class EvpKeySizeInitializer extends EvpInitializer {
|
||||
abstract Expr getKeySizeArg();
|
||||
}
|
||||
|
||||
/**
|
||||
* A call to initialize a key operation subtype.
|
||||
*/
|
||||
abstract class EvpKeyOperationSubtypeInitializer extends EvpInitializer {
|
||||
abstract Expr getKeyOperationSubtypeArg();
|
||||
|
||||
@@ -119,6 +125,9 @@ abstract class EvpPrimaryAlgorithmInitializer extends EvpInitializer {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A call to initialize a key.
|
||||
*/
|
||||
abstract class EvpKeyInitializer extends EvpInitializer {
|
||||
abstract Expr getKeyArg();
|
||||
}
|
||||
@@ -175,6 +184,9 @@ abstract class EvpIVInitializer extends EvpInitializer {
|
||||
abstract Expr getIVArg();
|
||||
}
|
||||
|
||||
/**
|
||||
* A call to initialize padding.
|
||||
*/
|
||||
abstract class EvpPaddingInitializer extends EvpInitializer {
|
||||
/**
|
||||
* Gets the padding mode argument.
|
||||
@@ -183,6 +195,9 @@ abstract class EvpPaddingInitializer extends EvpInitializer {
|
||||
abstract Expr getPaddingArg();
|
||||
}
|
||||
|
||||
/**
|
||||
* A call to initialize a salt length.
|
||||
*/
|
||||
abstract class EvpSaltLengthInitializer extends EvpInitializer {
|
||||
/**
|
||||
* Gets the salt length argument.
|
||||
@@ -191,6 +206,9 @@ abstract class EvpSaltLengthInitializer extends EvpInitializer {
|
||||
abstract Expr getSaltLengthArg();
|
||||
}
|
||||
|
||||
/**
|
||||
* A call to initialize a hash algorithm.
|
||||
*/
|
||||
abstract class EvpHashAlgorithmInitializer extends EvpInitializer {
|
||||
abstract Expr getHashAlgorithmArg();
|
||||
|
||||
|
||||
@@ -4,4 +4,3 @@ import EVPHashOperation
|
||||
import ECKeyGenOperation
|
||||
import EVPSignatureOperation
|
||||
import EVPKeyGenOperation
|
||||
import EVPPKeyCtxInitializer
|
||||
|
||||
@@ -960,14 +960,14 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
|
||||
/**
|
||||
* Gets the type of this MAC algorithm, e.g., "HMAC" or "CMAC".
|
||||
*/
|
||||
abstract TMACType getMACType();
|
||||
abstract TMACType getMacType();
|
||||
|
||||
/**
|
||||
* Gets the isolated name as it appears in source, e.g., "HMAC-SHA256" in "HMAC-SHA256/UnrelatedInformation".
|
||||
*
|
||||
* This name should not be parsed or formatted beyond isolating the raw MAC name if necessary.
|
||||
*/
|
||||
abstract string getRawMACAlgorithmName();
|
||||
abstract string getRawMacAlgorithmName();
|
||||
}
|
||||
|
||||
abstract class MACOperationInstance extends OperationInstance {
|
||||
@@ -983,7 +983,7 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
|
||||
}
|
||||
|
||||
abstract class HMACAlgorithmInstance extends MACAlgorithmInstance {
|
||||
HMACAlgorithmInstance() { this.getMACType() instanceof THMAC }
|
||||
HMACAlgorithmInstance() { this.getMacType() instanceof THMAC }
|
||||
|
||||
/**
|
||||
* Gets the hash algorithm used by this HMAC algorithm.
|
||||
@@ -1814,17 +1814,17 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
|
||||
override LocatableElement asElement() { result = instance }
|
||||
|
||||
final override string getRawAlgorithmName() {
|
||||
result = instance.asAlg().getRawMACAlgorithmName()
|
||||
result = instance.asAlg().getRawMacAlgorithmName()
|
||||
}
|
||||
|
||||
TMACType getMACType() { result = instance.asAlg().getMACType() }
|
||||
TMACType getMacType() { result = instance.asAlg().getMacType() }
|
||||
|
||||
final private predicate macToNameMapping(TMACType type, string name) {
|
||||
type instanceof THMAC and
|
||||
name = "HMAC"
|
||||
}
|
||||
|
||||
override string getAlgorithmName() { this.macToNameMapping(this.getMACType(), result) }
|
||||
override string getAlgorithmName() { this.macToNameMapping(this.getMacType(), result) }
|
||||
}
|
||||
|
||||
final class HMACAlgorithmNode extends MACAlgorithmNode {
|
||||
|
||||
Reference in New Issue
Block a user