hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 08:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Resolving hash and cipher types for openssl not using literals but KnownOpenSSLAlgorithmConstant.

Browse Source
This commit is contained in:
REDMOND\brodes
2025-03-11 13:35:02 -04:00
parent f72efa638a
commit ae574f7cf2
2 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
cpp/ql/lib/experimental/Quantum/OpenSSL/EVPCipherAlgorithmSource.qll
View File

@@ -9,9 +9,9 @@ import OpenSSLAlgorithmGetter
* If the literal does not represent any known cipher algorithm,
* this predicate will not hold (i.e., it will not bind an unknown to an unknown cipher type)
*/
predicate literalToCipherFamilyType(Literal e, Crypto::TCipherType type) {
exists(string name, string algType | algType.toLowerCase().matches("%encryption") |
resolveAlgorithmFromLiteral(e, name, algType) and
predicate knownOpenSSLConstantToCipherFamilyType(KnownOpenSSLAlgorithmConstant e, Crypto::TCipherType type) {
exists(string name | e.getAlgType().toLowerCase().matches("%encryption") |
name = e.getNormalizedName() and
(
name.matches("AES%") and type instanceof Crypto::AES
or
@@ -97,5 +97,9 @@ class KnownOpenSSLCipherConstantAlgorithmInstance extends Crypto::CipherAlgorith
override string getRawAlgorithmName() { result = this.(Literal).getValue().toString() }
override Crypto::TCipherType getCipherFamily() { literalToCipherFamilyType(this, result) }
}
override Crypto::TCipherType getCipherFamily() {
knownOpenSSLConstantToCipherFamilyType(this, result)
or
not knownOpenSSLConstantToCipherFamilyType(this, _) and result = Crypto::OtherCipherType()
}
}

11
cpp/ql/lib/experimental/Quantum/OpenSSL/EVPHashAlgorithmSource.qll
View File

@@ -2,9 +2,9 @@ import cpp
import experimental.Quantum.Language
import OpenSSLAlgorithmGetter
predicate literalToHashFamilyType(Literal e, Crypto::THashType type) {
exists(string name, string algType | algType.toLowerCase().matches("hash") |
resolveAlgorithmFromLiteral(e, name, algType) and
predicate knownOpenSSLConstantToHashFamilyType(KnownOpenSSLAlgorithmConstant e, Crypto::THashType type) {
exists(string name | e.getAlgType().toLowerCase().matches("hash") |
name = e.getNormalizedName() and
(
name.matches("BLAKE2B") and type instanceof Crypto::BLAKE2B
or
@@ -70,7 +70,10 @@ class KnownOpenSSLHashConstantAlgorithmInstance extends Crypto::HashAlgorithmIns
AlgGetterToAlgConsumerFlow::flow(getterCall.getResultNode(), DataFlow::exprNode(result))
}
override Crypto::THashType getHashFamily() { literalToHashFamilyType(this, result) }
override Crypto::THashType getHashFamily() {
knownOpenSSLConstantToHashFamilyType(this, result) or
not knownOpenSSLConstantToHashFamilyType(this, _) and result = Crypto::OtherHashType()
}
override string getRawAlgorithmName() { result = this.(Literal).getValue().toString() }