Ruby: OpenSSL and CryptoAlgorithms test update

2026-05-03 04:39:29 +02:00 · 2021-12-11 14:13:55 +00:00
parent e6bc45ee3b
commit 97c75de771
3 changed files with 197 additions and 109 deletions
--- a/ruby/ql/test/library-tests/security/CryptoAlgorithms.expected
+++ b/ruby/ql/test/library-tests/security/CryptoAlgorithms.expected
@@ -55,6 +55,7 @@ strongEncryptionAlgorithms
 | AES-192 |
 | AES-256 |
 | AES-512 |
+| ARIA |
 | BF |
 | BLOWFISH |
 | CAMELLIA |
@@ -70,8 +71,11 @@ strongEncryptionAlgorithms
 | ECIES |
 | GOST |
 | GOST89 |
+| IDEA |
 | RABBIT |
 | RSA |
+| SEED |
+| SM4 |
 weakPasswordHashingAlgorithms
 | EVPKDF |
 strongPasswordHashingAlgorithms
--- a/ruby/ql/test/library-tests/security/OpenSSL.expected
+++ b/ruby/ql/test/library-tests/security/OpenSSL.expected
@@ -1,195 +1,274 @@
 weakOpenSSLCipherAlgorithms
 | AES-128-CBC-HMAC-SHA1 |
+| AES-128-CBC-HMAC-SHA1 |
+| AES-128-ECB |
 | AES-128-ECB |
 | AES-192-ECB |
+| AES-192-ECB |
+| AES-256-CBC-HMAC-SHA1 |
 | AES-256-CBC-HMAC-SHA1 |
 | AES-256-ECB |
+| AES-256-ECB |
+| ARIA-128-ECB |
+| ARIA-192-ECB |
+| ARIA-256-ECB |
+| BF-ECB |
 | BF-ECB |
 | CAMELLIA-128-ECB |
+| CAMELLIA-128-ECB |
+| CAMELLIA-192-ECB |
 | CAMELLIA-192-ECB |
 | CAMELLIA-256-ECB |
+| CAMELLIA-256-ECB |
 | CAST5-ECB |
-| DES |
-| DES3 |
+| CAST5-ECB |
+| DES-CBC |
+| DES-CBC |
+| DES-CBC |
 | DES-CBC |
 | DES-CFB |
+| DES-CFB |
+| DES-CFB1 |
 | DES-CFB1 |
 | DES-CFB8 |
+| DES-CFB8 |
+| DES-ECB |
 | DES-ECB |
 | DES-EDE |
+| DES-EDE |
+| DES-EDE3 |
 | DES-EDE3 |
 | DES-EDE3-CBC |
+| DES-EDE3-CBC |
+| DES-EDE3-CBC |
+| DES-EDE3-CBC |
+| DES-EDE3-CFB |
 | DES-EDE3-CFB |
 | DES-EDE3-CFB1 |
+| DES-EDE3-CFB1 |
 | DES-EDE3-CFB8 |
+| DES-EDE3-CFB8 |
+| DES-EDE3-ECB |
+| DES-EDE3-OFB |
 | DES-EDE3-OFB |
 | DES-EDE-CBC |
+| DES-EDE-CBC |
 | DES-EDE-CFB |
+| DES-EDE-CFB |
+| DES-EDE-ECB |
+| DES-EDE-OFB |
 | DES-EDE-OFB |
 | DES-OFB |
-| DESX |
+| DES-OFB |
 | DESX-CBC |
-| RC2 |
+| DESX-CBC |
+| DESX-CBC |
+| DESX-CBC |
+| IDEA-ECB |
+| IDEA-ECB |
+| RC2-40 |
 | RC2-40-CBC |
+| RC2-40-CBC |
+| RC2-64 |
 | RC2-64-CBC |
+| RC2-64-CBC |
+| RC2-128 |
+| RC2-CBC |
+| RC2-CBC |
+| RC2-CBC |
 | RC2-CBC |
 | RC2-CFB |
+| RC2-CFB |
+| RC2-ECB |
 | RC2-ECB |
 | RC2-OFB |
+| RC2-OFB |
+| RC4 |
 | RC4 |
 | RC4-40 |
+| RC4-40 |
 | RC4-HMAC-MD5 |
-| aes-128-cbc-hmac-sha1 |
-| aes-128-ecb |
-| aes-192-ecb |
-| aes-256-cbc-hmac-sha1 |
-| aes-256-ecb |
-| bf-ecb |
-| camellia-128-ecb |
-| camellia-192-ecb |
-| camellia-256-ecb |
-| cast5-ecb |
-| des |
-| des3 |
-| des-cbc |
-| des-cfb |
-| des-cfb1 |
-| des-cfb8 |
-| des-ecb |
-| des-ede |
-| des-ede3 |
-| des-ede3-cbc |
-| des-ede3-cfb |
-| des-ede3-cfb1 |
-| des-ede3-cfb8 |
-| des-ede3-ofb |
-| des-ede-cbc |
-| des-ede-cfb |
-| des-ede-ofb |
-| des-ofb |
-| desx |
-| desx-cbc |
+| RC4-HMAC-MD5 |
+| SEED-ECB |
+| SM4-ECB |
+| SM4-ECB |
 | gost89-ecb |
-| rc2 |
-| rc2-40-cbc |
-| rc2-64-cbc |
-| rc2-cbc |
-| rc2-cfb |
-| rc2-ecb |
-| rc2-ofb |
-| rc4 |
-| rc4-40 |
-| rc4-hmac-md5 |
 strongOpenSSLCipherAlgorithms
-| AES128 |
-| AES192 |
-| AES256 |
 | AES-128-CBC |
+| AES-128-CBC |
+| AES-128-CBC |
+| AES-128-CBC |
+| AES-128-CBC-HMAC-SHA256 |
+| AES-128-CFB |
 | AES-128-CFB |
 | AES-128-CFB1 |
+| AES-128-CFB1 |
+| AES-128-CFB8 |
 | AES-128-CFB8 |
 | AES-128-CTR |
+| AES-128-CTR |
+| AES-128-OCB |
+| AES-128-OFB |
 | AES-128-OFB |
 | AES-128-XTS |
+| AES-128-XTS |
+| AES-192-CBC |
+| AES-192-CBC |
+| AES-192-CBC |
 | AES-192-CBC |
 | AES-192-CFB |
+| AES-192-CFB |
+| AES-192-CFB1 |
 | AES-192-CFB1 |
 | AES-192-CFB8 |
+| AES-192-CFB8 |
 | AES-192-CTR |
+| AES-192-CTR |
+| AES-192-OCB |
+| AES-192-OFB |
 | AES-192-OFB |
 | AES-256-CBC |
+| AES-256-CBC |
+| AES-256-CBC |
+| AES-256-CBC |
+| AES-256-CBC-HMAC-SHA256 |
+| AES-256-CFB |
 | AES-256-CFB |
 | AES-256-CFB1 |
+| AES-256-CFB1 |
+| AES-256-CFB8 |
 | AES-256-CFB8 |
 | AES-256-CTR |
+| AES-256-CTR |
+| AES-256-OCB |
+| AES-256-OFB |
 | AES-256-OFB |
 | AES-256-XTS |
-| BF |
+| AES-256-XTS |
+| ARIA128 |
+| ARIA192 |
+| ARIA256 |
+| ARIA-128-CBC |
+| ARIA-128-CCM |
+| ARIA-128-CFB |
+| ARIA-128-CFB1 |
+| ARIA-128-CFB8 |
+| ARIA-128-CTR |
+| ARIA-128-GCM |
+| ARIA-128-OFB |
+| ARIA-192-CBC |
+| ARIA-192-CCM |
+| ARIA-192-CFB |
+| ARIA-192-CFB1 |
+| ARIA-192-CFB8 |
+| ARIA-192-CTR |
+| ARIA-192-GCM |
+| ARIA-192-OFB |
+| ARIA-256-CBC |
+| ARIA-256-CCM |
+| ARIA-256-CFB |
+| ARIA-256-CFB1 |
+| ARIA-256-CFB8 |
+| ARIA-256-CTR |
+| ARIA-256-GCM |
+| ARIA-256-OFB |
+| BF-CBC |
+| BF-CBC |
+| BF-CBC |
+| BF-CBC |
 | BF-CBC |
 | BF-CFB |
+| BF-CFB |
 | BF-OFB |
-| CAMELLIA128 |
-| CAMELLIA192 |
-| CAMELLIA256 |
+| BF-OFB |
+| CAMELLIA-128-CBC |
+| CAMELLIA-128-CBC |
+| CAMELLIA-128-CBC |
 | CAMELLIA-128-CBC |
 | CAMELLIA-128-CFB |
+| CAMELLIA-128-CFB |
+| CAMELLIA-128-CFB1 |
 | CAMELLIA-128-CFB1 |
 | CAMELLIA-128-CFB8 |
+| CAMELLIA-128-CFB8 |
+| CAMELLIA-128-CTR |
+| CAMELLIA-128-OFB |
 | CAMELLIA-128-OFB |
 | CAMELLIA-192-CBC |
+| CAMELLIA-192-CBC |
+| CAMELLIA-192-CBC |
+| CAMELLIA-192-CBC |
+| CAMELLIA-192-CFB |
 | CAMELLIA-192-CFB |
 | CAMELLIA-192-CFB1 |
+| CAMELLIA-192-CFB1 |
 | CAMELLIA-192-CFB8 |
+| CAMELLIA-192-CFB8 |
+| CAMELLIA-192-CTR |
+| CAMELLIA-192-OFB |
 | CAMELLIA-192-OFB |
 | CAMELLIA-256-CBC |
+| CAMELLIA-256-CBC |
+| CAMELLIA-256-CBC |
+| CAMELLIA-256-CBC |
+| CAMELLIA-256-CFB |
 | CAMELLIA-256-CFB |
 | CAMELLIA-256-CFB1 |
+| CAMELLIA-256-CFB1 |
 | CAMELLIA-256-CFB8 |
+| CAMELLIA-256-CFB8 |
+| CAMELLIA-256-CTR |
 | CAMELLIA-256-OFB |
-| CAST |
+| CAMELLIA-256-OFB |
+| CAST5-CBC |
+| CAST5-CBC |
+| CAST5-CBC |
+| CAST5-CBC |
+| CAST5-CBC |
 | CAST5-CBC |
 | CAST5-CFB |
+| CAST5-CFB |
 | CAST5-OFB |
-| CAST-cbc |
+| CAST5-OFB |
+| CHACHA20 |
+| CHACHA20-POLY1305 |
 | ChaCha |
-| GOST 28147-89 |
-| aes128 |
-| aes192 |
-| aes256 |
-| aes-128-cbc |
-| aes-128-cfb |
-| aes-128-cfb1 |
-| aes-128-cfb8 |
-| aes-128-ctr |
-| aes-128-gcm |
-| aes-128-ofb |
-| aes-128-xts |
-| aes-192-cbc |
-| aes-192-cfb |
-| aes-192-cfb1 |
-| aes-192-cfb8 |
-| aes-192-ctr |
-| aes-192-gcm |
-| aes-192-ofb |
-| aes-256-cbc |
-| aes-256-cfb |
-| aes-256-cfb1 |
-| aes-256-cfb8 |
-| aes-256-ctr |
-| aes-256-gcm |
-| aes-256-ofb |
-| aes-256-xts |
-| bf |
-| bf-cbc |
-| bf-cfb |
-| bf-ofb |
-| blowfish |
-| camellia128 |
-| camellia192 |
-| camellia256 |
-| camellia-128-cbc |
-| camellia-128-cfb |
-| camellia-128-cfb1 |
-| camellia-128-cfb8 |
-| camellia-128-ofb |
-| camellia-192-cbc |
-| camellia-192-cfb |
-| camellia-192-cfb1 |
-| camellia-192-cfb8 |
-| camellia-192-ofb |
-| camellia-256-cbc |
-| camellia-256-cfb |
-| camellia-256-cfb1 |
-| camellia-256-cfb8 |
-| camellia-256-ofb |
-| cast |
-| cast5-cbc |
-| cast5-cfb |
-| cast5-ofb |
-| cast-cbc |
-| chacha |
+| ChaCha |
+| IDEA-CBC |
+| IDEA-CBC |
+| IDEA-CBC |
+| IDEA-CBC |
+| IDEA-CFB |
+| IDEA-CFB |
+| IDEA-OFB |
+| IDEA-OFB |
+| SEED |
+| SEED-CBC |
+| SEED-CFB |
+| SEED-OFB |
+| SM4-CBC |
+| SM4-CBC |
+| SM4-CBC |
+| SM4-CBC |
+| SM4-CFB |
+| SM4-CFB |
+| SM4-CTR |
+| SM4-CTR |
+| SM4-OFB |
+| SM4-OFB |
+| gost89 |
 | gost89 |
 | gost89-cnt |
+| id-aes128-CCM |
+| id-aes128-CCM |
 | id-aes128-GCM |
+| id-aes128-GCM |
+| id-aes192-CCM |
+| id-aes192-CCM |
 | id-aes192-GCM |
+| id-aes192-GCM |
+| id-aes256-CCM |
+| id-aes256-CCM |
 | id-aes256-GCM |
+| id-aes256-GCM |
+missingOpenSSLCipherAlgorithms
--- a/ruby/ql/test/library-tests/security/OpenSSL.ql
+++ b/ruby/ql/test/library-tests/security/OpenSSL.ql
@@ -4,3 +4,8 @@ import codeql.ruby.security.OpenSSL
 query predicate weakOpenSSLCipherAlgorithms(OpenSSLCipher c) { c.isWeak() }

 query predicate strongOpenSSLCipherAlgorithms(OpenSSLCipher c) { not c.isWeak() }
+
+query predicate missingOpenSSLCipherAlgorithms(string name) {
+  Ciphers::isOpenSSLCipher(name) and
+  not exists(OpenSSLCipher c | c.getName() = name)
+}