mirror of
https://github.com/github/codeql.git
synced 2026-04-27 17:55:19 +02:00
Crypto: Address PR comments.
This commit is contained in:
REDMOND\brodes
@@ -12,9 +12,10 @@ abstract class EvpCipherInitializer extends OperationStep {
|
||||
or
|
||||
result.asExpr() = this.getArgument(1) and
|
||||
type = PrimaryAlgorithmIO() and
|
||||
// Null for the algorithm indicates the algorithm is not actually set
|
||||
// This pattern can occur during a multi-step initialization
|
||||
// TODO/Note: not flowing 0 to the sink, assuming a direct use of NULL for now
|
||||
// Constants that are not equal to zero or
|
||||
// non-constants (e.g., variable accesses, which require data-flow to determine the value)
|
||||
// A zero (null) value typically indicates use of this operation step to initialize
|
||||
// other out parameters in a multi-step initialization.
|
||||
(exists(result.asExpr().getValue()) implies result.asExpr().getValue().toInt() != 0)
|
||||
}
|
||||
|
||||
@@ -33,9 +34,10 @@ abstract class EvpEXInitializer extends EvpCipherInitializer {
|
||||
result = super.getInput(type)
|
||||
or
|
||||
(
|
||||
// Null key or nonce indicates the key/nonce is not actually set
|
||||
// This pattern can occur during a multi-step initialization
|
||||
// TODO/Note: not flowing 0 to the sink, assuming a direct use of NULL for now
|
||||
// Constants that are not equal to zero or
|
||||
// non-constants (e.g., variable accesses, which require data-flow to determine the value)
|
||||
// A zero (null) value typically indicates use of this operation step to initialize
|
||||
// other out parameters in a multi-step initialization.
|
||||
result.asExpr() = this.getArgument(3) and type = KeyIO()
|
||||
or
|
||||
result.asExpr() = this.getArgument(4) and type = IVorNonceIO()
|
||||
|
||||
@@ -12,21 +12,19 @@ private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgor
|
||||
* - `EVP_DigestInit_ex`
|
||||
* - `EVP_DigestInit_ex2`
|
||||
*/
|
||||
class EvpDigestInitVariantCalls extends OperationStep {
|
||||
class EvpDigestInitVariantCalls extends OperationStep instanceof Call {
|
||||
EvpDigestInitVariantCalls() {
|
||||
this.(Call).getTarget().getName() in [
|
||||
"EVP_DigestInit", "EVP_DigestInit_ex", "EVP_DigestInit_ex2"
|
||||
]
|
||||
this.getTarget().getName() in ["EVP_DigestInit", "EVP_DigestInit_ex", "EVP_DigestInit_ex2"]
|
||||
}
|
||||
|
||||
override DataFlow::Node getInput(IOType type) {
|
||||
result.asExpr() = this.(Call).getArgument(0) and type = ContextIO()
|
||||
result.asExpr() = this.getArgument(0) and type = ContextIO()
|
||||
or
|
||||
result.asExpr() = this.(Call).getArgument(1) and type = PrimaryAlgorithmIO()
|
||||
result.asExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO()
|
||||
}
|
||||
|
||||
override DataFlow::Node getOutput(IOType type) {
|
||||
result.asExpr() = this.(Call).getArgument(0) and
|
||||
result.asExpr() = this.getArgument(0) and
|
||||
type = ContextIO()
|
||||
}
|
||||
|
||||
@@ -36,17 +34,17 @@ class EvpDigestInitVariantCalls extends OperationStep {
|
||||
/**
|
||||
* A call to `EVP_DigestUpdate`.
|
||||
*/
|
||||
class EvpDigestUpdateCall extends OperationStep {
|
||||
EvpDigestUpdateCall() { this.(Call).getTarget().getName() = "EVP_DigestUpdate" }
|
||||
class EvpDigestUpdateCall extends OperationStep instanceof Call {
|
||||
EvpDigestUpdateCall() { this.getTarget().getName() = "EVP_DigestUpdate" }
|
||||
|
||||
override DataFlow::Node getInput(IOType type) {
|
||||
result.asExpr() = this.(Call).getArgument(0) and type = ContextIO()
|
||||
result.asExpr() = this.getArgument(0) and type = ContextIO()
|
||||
or
|
||||
result.asExpr() = this.(Call).getArgument(1) and type = PlaintextIO()
|
||||
result.asExpr() = this.getArgument(1) and type = PlaintextIO()
|
||||
}
|
||||
|
||||
override DataFlow::Node getOutput(IOType type) {
|
||||
result.asExpr() = this.(Call).getArgument(0) and
|
||||
result.asExpr() = this.getArgument(0) and
|
||||
type = ContextIO()
|
||||
}
|
||||
|
||||
@@ -64,58 +62,56 @@ abstract class EvpFinalDigestOperationStep extends OperationStep {
|
||||
* A call to `EVP_Q_digest`
|
||||
* https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis
|
||||
*/
|
||||
class EvpQDigestOperation extends EvpFinalDigestOperationStep {
|
||||
EvpQDigestOperation() { this.(Call).getTarget().getName() = "EVP_Q_digest" }
|
||||
class EvpQDigestOperation extends EvpFinalDigestOperationStep instanceof Call {
|
||||
EvpQDigestOperation() { this.getTarget().getName() = "EVP_Q_digest" }
|
||||
|
||||
override DataFlow::Node getInput(IOType type) {
|
||||
result.asExpr() = this.(Call).getArgument(1) and type = PrimaryAlgorithmIO()
|
||||
result.asExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO()
|
||||
or
|
||||
result.asExpr() = this.(Call).getArgument(0) and type = ContextIO()
|
||||
result.asExpr() = this.getArgument(0) and type = ContextIO()
|
||||
or
|
||||
result.asExpr() = this.(Call).getArgument(3) and type = PlaintextIO()
|
||||
result.asExpr() = this.getArgument(3) and type = PlaintextIO()
|
||||
}
|
||||
|
||||
override DataFlow::Node getOutput(IOType type) {
|
||||
result.asExpr() = this.(Call).getArgument(0) and
|
||||
result.asExpr() = this.getArgument(0) and
|
||||
type = ContextIO()
|
||||
or
|
||||
result.asDefiningArgument() = this.(Call).getArgument(5) and type = DigestIO()
|
||||
result.asDefiningArgument() = this.getArgument(5) and type = DigestIO()
|
||||
}
|
||||
}
|
||||
|
||||
class EvpDigestOperation extends EvpFinalDigestOperationStep {
|
||||
EvpDigestOperation() { this.(Call).getTarget().getName() = "EVP_Digest" }
|
||||
class EvpDigestOperation extends EvpFinalDigestOperationStep instanceof Call {
|
||||
EvpDigestOperation() { this.getTarget().getName() = "EVP_Digest" }
|
||||
|
||||
override DataFlow::Node getInput(IOType type) {
|
||||
result.asExpr() = this.(Call).getArgument(4) and type = PrimaryAlgorithmIO()
|
||||
result.asExpr() = this.getArgument(4) and type = PrimaryAlgorithmIO()
|
||||
or
|
||||
result.asExpr() = this.(Call).getArgument(0) and type = PlaintextIO()
|
||||
result.asExpr() = this.getArgument(0) and type = PlaintextIO()
|
||||
}
|
||||
|
||||
override DataFlow::Node getOutput(IOType type) {
|
||||
result.asDefiningArgument() = this.(Call).getArgument(2) and type = DigestIO()
|
||||
result.asDefiningArgument() = this.getArgument(2) and type = DigestIO()
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A call to EVP_DigestFinal variants
|
||||
*/
|
||||
class EvpDigestFinalCall extends EvpFinalDigestOperationStep {
|
||||
class EvpDigestFinalCall extends EvpFinalDigestOperationStep instanceof Call {
|
||||
EvpDigestFinalCall() {
|
||||
this.(Call).getTarget().getName() in [
|
||||
"EVP_DigestFinal", "EVP_DigestFinal_ex", "EVP_DigestFinalXOF"
|
||||
]
|
||||
this.getTarget().getName() in ["EVP_DigestFinal", "EVP_DigestFinal_ex", "EVP_DigestFinalXOF"]
|
||||
}
|
||||
|
||||
override DataFlow::Node getInput(IOType type) {
|
||||
result.asExpr() = this.(Call).getArgument(0) and type = ContextIO()
|
||||
result.asExpr() = this.getArgument(0) and type = ContextIO()
|
||||
}
|
||||
|
||||
override DataFlow::Node getOutput(IOType type) {
|
||||
result.asExpr() = this.(Call).getArgument(0) and
|
||||
result.asExpr() = this.getArgument(0) and
|
||||
type = ContextIO()
|
||||
or
|
||||
result.asDefiningArgument() = this.(Call).getArgument(1) and type = DigestIO()
|
||||
result.asDefiningArgument() = this.getArgument(1) and type = DigestIO()
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user