C#: Re-factor HardCodedSymmetricEncryptionKey to use the new API.

2026-04-27 09:45:15 +02:00 · 2023-03-27 11:57:37 +02:00
parent 5278bbcaaa
commit c03ce2f63b
2 changed files with 33 additions and 3 deletions
--- a/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll
@@ -62,6 +62,8 @@ module HardcodedSymmetricEncryptionKey {
  }

  /**
+   * DEPRECATED: Use `HardCodedSymmetricEncryption` instead.
+   *
   * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities.
   */
  class TaintTrackingConfiguration extends TaintTracking::Configuration {
@@ -85,4 +87,32 @@ module HardcodedSymmetricEncryptionKey {
      )
    }
  }
+
+  /**
+   * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities.
+   */
+  private module HardCodedSymmetricEncryptionConfig implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+    predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+
+    predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+    /**
+     * Since `CryptographicBuffer` uses native code inside, taint tracking doesn't pass through it.
+     * Need to create an additional custom step.
+     */
+    predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
+      exists(MethodCall mc, CryptographicBuffer c |
+        pred.asExpr() = mc.getAnArgument() and
+        mc.getTarget() = c.getAMethod() and
+        succ.asExpr() = mc
+      )
+    }
+  }
+
+  /**
+   * A taint-tracking module for uncontrolled data in path expression vulnerabilities.
+   */
+  module HardCodedSymmetricEncryption = TaintTracking::Global<HardCodedSymmetricEncryptionConfig>;
 }
--- a/Features/CWE-321/HardcodedSymmetricEncryptionKey.ql
+++ b/Features/CWE-321/HardcodedSymmetricEncryptionKey.ql
@@ -15,10 +15,10 @@

 import csharp
 import semmle.code.csharp.security.cryptography.HardcodedSymmetricEncryptionKey::HardcodedSymmetricEncryptionKey
-import DataFlow::PathGraph
+import HardCodedSymmetricEncryption::PathGraph

-from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink
-where c.hasFlowPath(source, sink)
+from HardCodedSymmetricEncryption::PathNode source, HardCodedSymmetricEncryption::PathNode sink
+where HardCodedSymmetricEncryption::flowPath(source, sink)
 select sink.getNode(), source, sink,
  "Hard-coded symmetric $@ is used in symmetric algorithm in " +
    sink.getNode().(Sink).getDescription() + ".", source.getNode(), "key"