hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-19 14:04:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Move ModelledHashOperation to a more logical location.

Browse Source
This commit is contained in:
Geoffrey White
2025-01-10 12:35:45 +00:00
parent ae26cd6c32
commit c115169dbe
2 changed files with 28 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll
View File

@@ -5,9 +5,6 @@
private import rust
private import codeql.rust.Concepts
private import codeql.rust.dataflow.DataFlow
private import codeql.rust.dataflow.FlowSource
private import codeql.rust.dataflow.FlowSink
private import codeql.rust.dataflow.internal.DataFlowImpl
bindingset[algorithmName]
private string simplifyAlgorithmName(string algorithmName) {
@@ -58,28 +55,3 @@ class StreamCipherInit extends Cryptography::CryptographicOperation::Range {
override Cryptography::BlockMode getBlockMode() { result = "" }
}
/**
* An externally modelled operation that hashes data, for example a call to `md5::Md5::digest(data)`.
*/
class ModelledHashOperation extends Cryptography::CryptographicOperation::Range {
DataFlow::Node input;
CallExpr call;
string algorithmName;
ModelledHashOperation() {
sinkNode(input, "hasher-input") and
call = input.(Node::FlowSummaryNode).getSinkElement().getCall() and
call = this.asExpr().getExpr() and
algorithmName =
call.getFunction().(PathExpr).getPath().getQualifier().getPart().getNameRef().getText()
}
override DataFlow::Node getInitialization() { result = this }
override Cryptography::CryptographicAlgorithm getAlgorithm() { result.matchesName(algorithmName) }
override DataFlow::Node getAnInput() { result = input }
override Cryptography::BlockMode getBlockMode() { none() } // (does not apply for hashing)
}

28
rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll
View File

@@ -12,6 +12,9 @@ import rust
private import codeql.rust.Concepts
private import codeql.rust.security.SensitiveData
private import codeql.rust.dataflow.DataFlow
private import codeql.rust.dataflow.FlowSource
private import codeql.rust.dataflow.FlowSink
private import codeql.rust.dataflow.internal.DataFlowImpl
/**
* Provides default sources, sinks and sanitizers for detecting "use of a broken or weak
@@ -169,3 +172,28 @@ module ComputationallyExpensiveHashFunction {
}
}
}
/**
* An externally modelled operation that hashes data, for example a call to `md5::Md5::digest(data)`.
*/
class ModelledHashOperation extends Cryptography::CryptographicOperation::Range {
DataFlow::Node input;
CallExpr call;
string algorithmName;
ModelledHashOperation() {
sinkNode(input, "hasher-input") and
call = input.(Node::FlowSummaryNode).getSinkElement().getCall() and
call = this.asExpr().getExpr() and
algorithmName =
call.getFunction().(PathExpr).getPath().getQualifier().getPart().getNameRef().getText()
}
override DataFlow::Node getInitialization() { result = this }
override Cryptography::CryptographicAlgorithm getAlgorithm() { result.matchesName(algorithmName) }
override DataFlow::Node getAnInput() { result = input }
override Cryptography::BlockMode getBlockMode() { none() } // (does not apply for hashing)
}