diff --git a/javascript/ql/lib/semmle/javascript/internal/ConceptsShared.qll b/javascript/ql/lib/semmle/javascript/internal/ConceptsShared.qll index c24a556d9d9..027e587d9d3 100644 --- a/javascript/ql/lib/semmle/javascript/internal/ConceptsShared.qll +++ b/javascript/ql/lib/semmle/javascript/internal/ConceptsShared.qll @@ -43,9 +43,6 @@ module Cryptography { /** Gets an input the algorithm is used on, for example the plain text input to be encrypted. */ DataFlow::Node getAnInput() { result = super.getAnInput() } - /** DEPRECATED: Use `getAlgorithm().isWeak() or getBlockMode().isWeak()` instead */ - deprecated predicate isWeak() { super.isWeak() } - /** * Gets the block mode used to perform this cryptographic operation. * This may have no result - for example if the `CryptographicAlgorithm` used @@ -70,9 +67,6 @@ module Cryptography { /** Gets an input the algorithm is used on, for example the plain text input to be encrypted. */ abstract DataFlow::Node getAnInput(); - /** DEPRECATED: Use `getAlgorithm().isWeak() or getBlockMode().isWeak()` instead */ - deprecated predicate isWeak() { this.getAlgorithm().isWeak() or this.getBlockMode().isWeak() } - /** * Gets the block mode used to perform this cryptographic operation. * This may have no result - for example if the `CryptographicAlgorithm` used diff --git a/python/ql/lib/semmle/python/internal/ConceptsShared.qll b/python/ql/lib/semmle/python/internal/ConceptsShared.qll index c24a556d9d9..027e587d9d3 100644 --- a/python/ql/lib/semmle/python/internal/ConceptsShared.qll +++ b/python/ql/lib/semmle/python/internal/ConceptsShared.qll @@ -43,9 +43,6 @@ module Cryptography { /** Gets an input the algorithm is used on, for example the plain text input to be encrypted. */ DataFlow::Node getAnInput() { result = super.getAnInput() } - /** DEPRECATED: Use `getAlgorithm().isWeak() or getBlockMode().isWeak()` instead */ - deprecated predicate isWeak() { super.isWeak() } - /** * Gets the block mode used to perform this cryptographic operation. * This may have no result - for example if the `CryptographicAlgorithm` used @@ -70,9 +67,6 @@ module Cryptography { /** Gets an input the algorithm is used on, for example the plain text input to be encrypted. */ abstract DataFlow::Node getAnInput(); - /** DEPRECATED: Use `getAlgorithm().isWeak() or getBlockMode().isWeak()` instead */ - deprecated predicate isWeak() { this.getAlgorithm().isWeak() or this.getBlockMode().isWeak() } - /** * Gets the block mode used to perform this cryptographic operation. * This may have no result - for example if the `CryptographicAlgorithm` used diff --git a/ruby/ql/lib/codeql/ruby/Concepts.qll b/ruby/ql/lib/codeql/ruby/Concepts.qll index 8bf21f7467a..2a473303c7a 100644 --- a/ruby/ql/lib/codeql/ruby/Concepts.qll +++ b/ruby/ql/lib/codeql/ruby/Concepts.qll @@ -826,5 +826,46 @@ module Logging { * to improve our libraries in the future to more precisely capture this aspect. */ module Cryptography { - import codeql.ruby.internal.ConceptsShared::Cryptography + // Since we still rely on `isWeak` predicate on `CryptographicOperation` in Ruby, we + // modify that part of the shared concept... which means we have to explicitly + // re-export everything else. + // Using SC shorthand for "Shared Cryptography" + import codeql.ruby.internal.ConceptsShared::Cryptography as SC + + class CryptographicAlgorithm = SC::CryptographicAlgorithm; + + class EncryptionAlgorithm = SC::EncryptionAlgorithm; + + class HashingAlgorithm = SC::HashingAlgorithm; + + class PasswordHashingAlgorithm = SC::PasswordHashingAlgorithm; + + /** + * A data-flow node that is an application of a cryptographic algorithm. For example, + * encryption, decryption, signature-validation. + * + * Extend this class to refine existing API models. If you want to model new APIs, + * extend `CryptographicOperation::Range` instead. + */ + class CryptographicOperation extends SC::CryptographicOperation instanceof CryptographicOperation::Range { + /** DEPRECATED: Use `getAlgorithm().isWeak() or getBlockMode().isWeak()` instead */ + deprecated predicate isWeak() { super.isWeak() } + } + + /** Provides classes for modeling new applications of a cryptographic algorithms. */ + module CryptographicOperation { + /** + * A data-flow node that is an application of a cryptographic algorithm. For example, + * encryption, decryption, signature-validation. + * + * Extend this class to model new APIs. If you want to refine existing API models, + * extend `CryptographicOperation` instead. + */ + abstract class Range extends SC::CryptographicOperation::Range { + /** DEPRECATED: Use `getAlgorithm().isWeak() or getBlockMode().isWeak()` instead */ + deprecated predicate isWeak() { this.getAlgorithm().isWeak() or this.getBlockMode().isWeak() } + } + } + + class BlockMode = SC::BlockMode; } diff --git a/ruby/ql/lib/codeql/ruby/internal/ConceptsShared.qll b/ruby/ql/lib/codeql/ruby/internal/ConceptsShared.qll index c24a556d9d9..027e587d9d3 100644 --- a/ruby/ql/lib/codeql/ruby/internal/ConceptsShared.qll +++ b/ruby/ql/lib/codeql/ruby/internal/ConceptsShared.qll @@ -43,9 +43,6 @@ module Cryptography { /** Gets an input the algorithm is used on, for example the plain text input to be encrypted. */ DataFlow::Node getAnInput() { result = super.getAnInput() } - /** DEPRECATED: Use `getAlgorithm().isWeak() or getBlockMode().isWeak()` instead */ - deprecated predicate isWeak() { super.isWeak() } - /** * Gets the block mode used to perform this cryptographic operation. * This may have no result - for example if the `CryptographicAlgorithm` used @@ -70,9 +67,6 @@ module Cryptography { /** Gets an input the algorithm is used on, for example the plain text input to be encrypted. */ abstract DataFlow::Node getAnInput(); - /** DEPRECATED: Use `getAlgorithm().isWeak() or getBlockMode().isWeak()` instead */ - deprecated predicate isWeak() { this.getAlgorithm().isWeak() or this.getBlockMode().isWeak() } - /** * Gets the block mode used to perform this cryptographic operation. * This may have no result - for example if the `CryptographicAlgorithm` used