mirror of
https://github.com/github/codeql.git
synced 2026-04-20 22:44:52 +02:00
Refactor 'cryptography' and 'Quantum' to 'quantum'
This commit is contained in:
Nicolas Will
@@ -1,6 +1,4 @@
|
||||
private import codeql.cryptography.Model
|
||||
import semmle.code.cpp.ir.IR
|
||||
import semmle.code.cpp.security.FlowSources as FlowSources
|
||||
import codeql.quantum.Model
|
||||
import semmle.code.cpp.dataflow.new.DataFlow
|
||||
private import cpp as Lang
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
import cpp
|
||||
import semmle.code.cpp.dataflow.new.DataFlow
|
||||
import experimental.Quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
|
||||
import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers // import all known alg value consummers
|
||||
import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
|
||||
import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
|
||||
|
||||
/**
|
||||
* Traces 'known algorithms' to AVCs, specifically
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
import cpp
|
||||
import experimental.Quantum.Language
|
||||
import experimental.quantum.Language
|
||||
import OpenSSLAlgorithmInstanceBase
|
||||
import experimental.Quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
|
||||
import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer
|
||||
import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
|
||||
import experimental.quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer
|
||||
import AlgToAVCFlow
|
||||
|
||||
/**
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
import cpp
|
||||
import experimental.Quantum.Language
|
||||
import experimental.quantum.Language
|
||||
import KnownAlgorithmConstants
|
||||
import Crypto::KeyOpAlg as KeyOpAlg
|
||||
import OpenSSLAlgorithmInstanceBase
|
||||
import PaddingAlgorithmInstance
|
||||
import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
|
||||
import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
|
||||
import AlgToAVCFlow
|
||||
import BlockAlgorithmInstance
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
import cpp
|
||||
import experimental.Quantum.Language
|
||||
import experimental.quantum.Language
|
||||
import KnownAlgorithmConstants
|
||||
import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
|
||||
import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
|
||||
import AlgToAVCFlow
|
||||
|
||||
predicate knownOpenSSLConstantToHashFamilyType(
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import cpp
|
||||
import experimental.Quantum.OpenSSL.LibraryDetector
|
||||
import experimental.quantum.OpenSSL.LibraryDetector
|
||||
|
||||
predicate resolveAlgorithmFromExpr(Expr e, string normalizedName, string algType) {
|
||||
resolveAlgorithmFromCall(e, normalizedName, algType)
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import experimental.Quantum.Language
|
||||
import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
|
||||
import experimental.quantum.Language
|
||||
import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
|
||||
|
||||
abstract class OpenSSLAlgorithmInstance extends Crypto::AlgorithmInstance {
|
||||
abstract OpenSSLAlgorithmValueConsumer getAVC();
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
import cpp
|
||||
import experimental.Quantum.Language
|
||||
import experimental.quantum.Language
|
||||
import OpenSSLAlgorithmInstanceBase
|
||||
import experimental.Quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
|
||||
import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
|
||||
import AlgToAVCFlow
|
||||
import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer
|
||||
import experimental.quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer
|
||||
|
||||
/**
|
||||
* Given a `KnownOpenSSLPaddingAlgorithmConstant`, converts this to a padding family type.
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
import cpp
|
||||
import experimental.Quantum.Language
|
||||
import experimental.Quantum.OpenSSL.LibraryDetector
|
||||
import experimental.Quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
|
||||
import experimental.Quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstanceBase
|
||||
import experimental.quantum.Language
|
||||
import experimental.quantum.OpenSSL.LibraryDetector
|
||||
import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
|
||||
import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstanceBase
|
||||
import OpenSSLAlgorithmValueConsumerBase
|
||||
|
||||
abstract class CipherAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { }
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
import cpp
|
||||
import experimental.Quantum.Language
|
||||
import experimental.Quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
|
||||
import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
|
||||
import experimental.quantum.Language
|
||||
import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
|
||||
import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
|
||||
|
||||
// TODO: can self referential to itself, which is also an algorithm (Known algorithm)
|
||||
/**
|
||||
|
||||
@@ -2,11 +2,11 @@
|
||||
// import EVPHashOperation
|
||||
// import EVPHashAlgorithmSource
|
||||
import cpp
|
||||
import experimental.Quantum.Language
|
||||
import experimental.quantum.Language
|
||||
import semmle.code.cpp.dataflow.new.DataFlow
|
||||
import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
|
||||
import experimental.Quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances
|
||||
import experimental.Quantum.OpenSSL.LibraryDetector
|
||||
import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
|
||||
import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances
|
||||
import experimental.quantum.OpenSSL.LibraryDetector
|
||||
|
||||
abstract class HashAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { }
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
import experimental.Quantum.Language
|
||||
import experimental.quantum.Language
|
||||
import semmle.code.cpp.dataflow.new.DataFlow
|
||||
|
||||
abstract class OpenSSLAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer instanceof Call {
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
import cpp
|
||||
import experimental.Quantum.Language
|
||||
import experimental.Quantum.OpenSSL.LibraryDetector
|
||||
import experimental.Quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
|
||||
import experimental.Quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstanceBase
|
||||
import experimental.quantum.Language
|
||||
import experimental.quantum.OpenSSL.LibraryDetector
|
||||
import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
|
||||
import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstanceBase
|
||||
import OpenSSLAlgorithmValueConsumerBase
|
||||
|
||||
abstract class PaddingAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { }
|
||||
|
||||
@@ -2,8 +2,8 @@ import cpp
|
||||
import semmle.code.cpp.dataflow.new.DataFlow
|
||||
|
||||
module OpenSSLModel {
|
||||
import experimental.Quantum.Language
|
||||
import experimental.Quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances
|
||||
import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
|
||||
import experimental.Quantum.OpenSSL.Operations.OpenSSLOperations
|
||||
import experimental.quantum.Language
|
||||
import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances
|
||||
import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
|
||||
import experimental.quantum.OpenSSL.Operations.OpenSSLOperations
|
||||
}
|
||||
|
||||
@@ -3,8 +3,8 @@
|
||||
* Models cipher initialization for EVP cipher operations.
|
||||
*/
|
||||
|
||||
import experimental.Quantum.Language
|
||||
import experimental.Quantum.OpenSSL.CtxFlow as CTXFlow
|
||||
import experimental.quantum.Language
|
||||
import experimental.quantum.OpenSSL.CtxFlow as CTXFlow
|
||||
|
||||
module EncValToInitEncArgConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source.asExpr().getValue().toInt() in [0, 1] }
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
import experimental.Quantum.Language
|
||||
import experimental.Quantum.OpenSSL.CtxFlow as CTXFlow
|
||||
import experimental.quantum.Language
|
||||
import experimental.quantum.OpenSSL.CtxFlow as CTXFlow
|
||||
import EVPCipherInitializer
|
||||
import OpenSSLOperationBase
|
||||
import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
|
||||
import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
|
||||
|
||||
private module AlgGetterToAlgConsumerConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) {
|
||||
@@ -16,7 +16,7 @@ private module AlgGetterToAlgConsumerConfig implements DataFlow::ConfigSig {
|
||||
|
||||
private module AlgGetterToAlgConsumerFlow = DataFlow::Global<AlgGetterToAlgConsumerConfig>;
|
||||
|
||||
// import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.AlgorithmValueConsumers
|
||||
// import experimental.quantum.OpenSSL.AlgorithmValueConsumers.AlgorithmValueConsumers
|
||||
// import OpenSSLOperation
|
||||
// class EVPCipherOutput extends CipherOutputArtifact {
|
||||
// EVPCipherOutput() { exists(EVP_Cipher_Operation op | op.getOutputArg() = this) }
|
||||
|
||||
@@ -2,12 +2,12 @@
|
||||
* https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis
|
||||
*/
|
||||
|
||||
import experimental.Quantum.Language
|
||||
import experimental.Quantum.OpenSSL.CtxFlow as CTXFlow
|
||||
import experimental.Quantum.OpenSSL.LibraryDetector
|
||||
import experimental.quantum.Language
|
||||
import experimental.quantum.OpenSSL.CtxFlow as CTXFlow
|
||||
import experimental.quantum.OpenSSL.LibraryDetector
|
||||
import OpenSSLOperationBase
|
||||
import EVPHashInitializer
|
||||
import experimental.Quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
|
||||
import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
|
||||
|
||||
// import EVPHashConsumers
|
||||
abstract class EVP_Hash_Operation extends OpenSSLOperation, Crypto::HashOperationInstance {
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
import experimental.Quantum.Language
|
||||
import experimental.quantum.Language
|
||||
|
||||
abstract class OpenSSLOperation extends Crypto::OperationInstance instanceof Call {
|
||||
abstract Expr getInputArg();
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
import cpp
|
||||
private import experimental.Quantum.Language
|
||||
private import codeql.cryptography.Model
|
||||
private import experimental.quantum.Language
|
||||
private import LibraryDetector
|
||||
private import semmle.code.cpp.dataflow.new.DataFlow
|
||||
|
||||
@@ -15,7 +14,5 @@ class OpenSSLRandomNumberGeneratorInstance extends Crypto::RandomNumberGeneratio
|
||||
result.asDefiningArgument() = this.(Call).getArgument(0)
|
||||
}
|
||||
|
||||
override predicate flowsTo(Crypto::FlowAwareElement other) {
|
||||
ArtifactUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
|
||||
}
|
||||
override string getGeneratorName() { result = this.(Call).getTarget().getName() }
|
||||
}
|
||||
|
||||
@@ -6,8 +6,8 @@ extractor: cpp
|
||||
library: true
|
||||
upgrades: upgrades
|
||||
dependencies:
|
||||
codeql/cryptography: ${workspace}
|
||||
codeql/dataflow: ${workspace}
|
||||
codeql/experimental: ${workspace}
|
||||
codeql/mad: ${workspace}
|
||||
codeql/rangeanalysis: ${workspace}
|
||||
codeql/ssa: ${workspace}
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
* @id cpp/print-cbom-graph
|
||||
*/
|
||||
|
||||
import experimental.Quantum.Language
|
||||
import experimental.quantum.Language
|
||||
|
||||
query predicate nodes(Crypto::NodeBase node, string key, string value) {
|
||||
Crypto::nodes_graph_impl(node, key, value)
|
||||
|
||||
Reference in New Issue
Block a user