hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-16 23:13:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactor 'cryptography' and 'Quantum' to 'quantum'

Browse Source
This commit is contained in:
Nicolas Will
2025-05-08 01:38:53 +02:00
parent 314f1ff93f
commit c19291be88
50 changed files with 130 additions and 136 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/experimental/Quantum/Analysis/ArtifactReuse.qll
View File

@@ -1,6 +1,6 @@
import java
import semmle.code.java.dataflow.DataFlow
import experimental.Quantum.Language
import experimental.quantum.Language
/**
* Flow from any function that appears to return a value

2
java/ql/src/experimental/Quantum/Analysis/InsecureNonceSource.ql
View File

@@ -8,7 +8,7 @@
* vulnerabilities such as replay attacks or key recovery.
*/
import experimental.Quantum.Language
import experimental.quantum.Language
predicate isInsecureNonceSource(Crypto::NonceArtifactNode n, Crypto::NodeBase src) {
src = n.getSourceNode() and

2
java/ql/src/experimental/Quantum/Analysis/KnownWeakKDFIterationCount.ql
View File

@@ -5,7 +5,7 @@
*/
import java
import experimental.Quantum.Language
import experimental.quantum.Language
from Crypto::KeyDerivationOperationNode op, Literal l
where

2
java/ql/src/experimental/Quantum/Analysis/UnknownKDFIterationCount.ql
View File

@@ -5,7 +5,7 @@
*/
import java
import experimental.Quantum.Language
import experimental.quantum.Language
from Crypto::KeyDerivationOperationNode op, Element e, string msg
where

102
java/ql/src/experimental/Quantum/Examples/BrokenCrypto.ql
View File

@@ -1,58 +1,55 @@
/**
* @name Use of a broken or risky cryptographic algorithm
* @description Using broken or weak cryptographic algorithms can allow an attacker to compromise security.
* @kind problem
* @problem.severity warning
* @security-severity 7.5
* @precision high
* @id java/weak-cryptographic-algorithm-new-model
* @tags security
* external/cwe/cwe-327
* external/cwe/cwe-328
*/
* @name Use of a broken or risky cryptographic algorithm
* @description Using broken or weak cryptographic algorithms can allow an attacker to compromise security.
* @kind problem
* @problem.severity warning
* @security-severity 7.5
* @precision high
* @id java/weak-cryptographic-algorithm-new-model
* @tags security
* external/cwe/cwe-327
* external/cwe/cwe-328
*/
//THIS QUERY IS A REPLICA OF: https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
//but uses the **NEW MODELLING**
import experimental.Quantum.Language
import experimental.quantum.Language
/**
* Gets the name of an algorithm that is known to be insecure.
*/
string getAnInsecureAlgorithmName() {
result =
[
"DES", "RC2", "RC4", "RC5",
// ARCFOUR is a variant of RC4
"ARCFOUR",
// Encryption mode ECB like AES/ECB/NoPadding is vulnerable to replay and other attacks
"ECB",
// CBC mode of operation with PKCS#5 or PKCS#7 padding is vulnerable to padding oracle attacks
"AES/CBC/PKCS[57]Padding"
]
}
private string rankedInsecureAlgorithm(int i) {
result = rank[i](string s | s = getAnInsecureAlgorithmName())
}
private string insecureAlgorithmString(int i) {
i = 1 and result = rankedInsecureAlgorithm(i)
or
result = rankedInsecureAlgorithm(i) + "|" + insecureAlgorithmString(i - 1)
}
/**
* Gets the regular expression used for matching strings that look like they
* contain an algorithm that is known to be insecure.
*/
string getInsecureAlgorithmRegex() {
result = algorithmRegex(insecureAlgorithmString(max(int i | exists(rankedInsecureAlgorithm(i)))))
}
result =
[
"DES", "RC2", "RC4", "RC5",
// ARCFOUR is a variant of RC4
"ARCFOUR",
// Encryption mode ECB like AES/ECB/NoPadding is vulnerable to replay and other attacks
"ECB",
// CBC mode of operation with PKCS#5 or PKCS#7 padding is vulnerable to padding oracle attacks
"AES/CBC/PKCS[57]Padding"
]
}
bindingset[algorithmString]
private string rankedInsecureAlgorithm(int i) {
result = rank[i](string s | s = getAnInsecureAlgorithmName())
}
private string insecureAlgorithmString(int i) {
i = 1 and result = rankedInsecureAlgorithm(i)
or
result = rankedInsecureAlgorithm(i) + "|" + insecureAlgorithmString(i - 1)
}
/**
* Gets the regular expression used for matching strings that look like they
* contain an algorithm that is known to be insecure.
*/
string getInsecureAlgorithmRegex() {
result = algorithmRegex(insecureAlgorithmString(max(int i | exists(rankedInsecureAlgorithm(i)))))
}
bindingset[algorithmString]
private string algorithmRegex(string algorithmString) {
// Algorithms usually appear in names surrounded by characters that are not
// alphabetical characters in the same case. This handles the upper and lower
@@ -67,11 +64,12 @@ private string algorithmRegex(string algorithmString) {
"((^|.*[A-Z]{2}|.*[^a-zA-Z])(" + algorithmString.toLowerCase() + ")([^a-z].*|$))"
}
from Crypto::Algorithm alg
where alg.getAlgorithmName().regexpMatch(getInsecureAlgorithmRegex()) and
// Exclude RSA/ECB/.* ciphers.
not alg.getAlgorithmName().regexpMatch("RSA/ECB.*") and
// Exclude German and French sentences.
not alg.getAlgorithmName().regexpMatch(".*\\p{IsLowercase} des \\p{IsLetter}.*")
from Crypto::Algorithm alg
where
alg.getAlgorithmName().regexpMatch(getInsecureAlgorithmRegex()) and
// Exclude RSA/ECB/.* ciphers.
not alg.getAlgorithmName().regexpMatch("RSA/ECB.*") and
// Exclude German and French sentences.
not alg.getAlgorithmName().regexpMatch(".*\\p{IsLowercase} des \\p{IsLetter}.*")
select alg, "Cryptographic algorithm $@ is weak and should not be used.", alg,
alg.getAlgorithmName()
alg.getAlgorithmName()

2
java/ql/src/experimental/Quantum/Examples/InsecureOrUnknownNonceAtOperation.ql
View File

@@ -4,7 +4,7 @@
* @kind problem
*/
import experimental.Quantum.Language
import experimental.quantum.Language
from
Crypto::NonceArtifactNode n, Crypto::KeyOperationNode op, Crypto::FlowAwareElement src, string msg

2
java/ql/src/experimental/Quantum/Examples/TestAESGCMNonce.ql
View File

@@ -2,7 +2,7 @@
* @name "PQC Test"
*/
import experimental.Quantum.Language
import experimental.quantum.Language
class AESGCMAlgorithmNode extends Crypto::KeyOperationAlgorithmNode {
AESGCMAlgorithmNode() {

2
java/ql/src/experimental/Quantum/Examples/TestCipher.ql
View File

@@ -2,7 +2,7 @@
* @name "Key operation slice table demo query"
*/
import experimental.Quantum.Language
import experimental.quantum.Language
from
Crypto::KeyOperationNode op, Crypto::KeyOperationAlgorithmNode a,

2
java/ql/src/experimental/Quantum/Examples/TestCipherKey.ql
View File

@@ -2,7 +2,7 @@
* @name "PQC Test"
*/
import experimental.Quantum.Language
import experimental.quantum.Language
from Crypto::KeyOperationNode op, Crypto::CipherAlgorithmNode a, Crypto::KeyArtifactNode k
where

2
java/ql/src/experimental/Quantum/Examples/TestHash.ql
View File

@@ -2,7 +2,7 @@
* @name "Hash operation slice table demo query"
*/
import experimental.Quantum.Language
import experimental.quantum.Language
from Crypto::HashOperationNode op, Crypto::HashAlgorithmNode alg
where alg = op.getAKnownAlgorithm()

2
java/ql/src/experimental/Quantum/InventorySlices/KnownAsymmetricAlgorithm.ql
View File

@@ -5,7 +5,7 @@
*/
import java
import experimental.Quantum.Language
import experimental.quantum.Language
from Crypto::AlgorithmNode a
where Crypto::isKnownAsymmetricAlgorithm(a)

2
java/ql/src/experimental/Quantum/InventorySlices/KnownAsymmetricCipherAlgorithm.ql
View File

@@ -5,7 +5,7 @@
*/
import java
import experimental.Quantum.Language
import experimental.quantum.Language
from Crypto::KeyOperationAlgorithmNode a
where a.getAlgorithmType() instanceof Crypto::KeyOpAlg::AsymmetricCipherAlgorithm

2
java/ql/src/experimental/Quantum/InventorySlices/KnownAsymmetricOperationAlgorithm.ql
View File

@@ -5,7 +5,7 @@
*/
import java
import experimental.Quantum.Language
import experimental.quantum.Language
from Crypto::OperationNode op, Crypto::AlgorithmNode a
where a = op.getAKnownAlgorithm() and Crypto::isKnownAsymmetricAlgorithm(a)

2
java/ql/src/experimental/Quantum/InventorySlices/KnownCipherAlgorithm.ql
View File

@@ -5,7 +5,7 @@
*/
import java
import experimental.Quantum.Language
import experimental.quantum.Language
// TODO: should there be a cipher algorithm node?
from Crypto::KeyOperationAlgorithmNode a

2
java/ql/src/experimental/Quantum/InventorySlices/KnownEllipticCurveAlgorithm.ql
View File

@@ -5,7 +5,7 @@
*/
import java
import experimental.Quantum.Language
import experimental.quantum.Language
from Crypto::EllipticCurveNode a
select a, "Instance of elliptic curve algorithm " + a.getAlgorithmName()

2
java/ql/src/experimental/Quantum/InventorySlices/KnownHashingAlgorithm.ql
View File

@@ -5,7 +5,7 @@
*/
import java
import experimental.Quantum.Language
import experimental.quantum.Language
from Crypto::HashAlgorithmNode a
select a, "Instance of hashing algorithm " + a.getAlgorithmName()

2
java/ql/src/experimental/Quantum/InventorySlices/KnownHashingOperation.ql
View File

@@ -5,7 +5,7 @@
*/
import java
import experimental.Quantum.Language
import experimental.quantum.Language
from Crypto::HashOperationNode op
select op, "Known hashing operation"

2
java/ql/src/experimental/Quantum/InventorySlices/KnownHashingOperationAlgorithm.ql
View File

@@ -5,7 +5,7 @@
*/
import java
import experimental.Quantum.Language
import experimental.quantum.Language
from Crypto::OperationNode op, Crypto::HashAlgorithmNode a
where a = op.getAKnownAlgorithm()

2
java/ql/src/experimental/Quantum/InventorySlices/KnownKeyDerivationAlgorithm.ql
View File

@@ -5,7 +5,7 @@
*/
import java
import experimental.Quantum.Language
import experimental.quantum.Language
from Crypto::KeyDerivationAlgorithmNode alg
select alg, "Known key derivation algorithm " + alg.getAlgorithmName()

2
java/ql/src/experimental/Quantum/InventorySlices/KnownKeyDerivationOperation.ql
View File

@@ -5,7 +5,7 @@
*/
import java
import experimental.Quantum.Language
import experimental.quantum.Language
from Crypto::KeyDerivationOperationNode op
select op, "Known key derivation operation"

5
java/ql/src/experimental/Quantum/InventorySlices/KnownKeyDerivationOperationAlgorithm.ql
View File

@@ -1,11 +1,12 @@
/**
* @name Detects operations where the algorithm applied is a known key derivation algorithm
* @id java/crypto_inventory_slices/operation_with_known_key_derivation_algorithm
* @id java/cryptography-inventory-slices/operation-known-key-derivation-algorithm
* @description This query identifies operations that utilize a known key derivation algorithm.
* @kind problem
*/
import java
import experimental.Quantum.Language
import experimental.quantum.Language
from Crypto::OperationNode op, Crypto::KeyDerivationAlgorithmNode a
where a = op.getAKnownAlgorithm()

2
java/ql/src/experimental/Quantum/InventorySlices/KnownSymmetricCipherAlgorithm.ql
View File

@@ -5,7 +5,7 @@
*/
import java
import experimental.Quantum.Language
import experimental.quantum.Language
from Crypto::KeyOperationAlgorithmNode a
where a.getAlgorithmType() instanceof Crypto::KeyOpAlg::SymmetricCipherAlgorithm

2
java/ql/src/experimental/Quantum/InventorySlices/LikelyCryptoAPIFunction.ql
View File

@@ -5,7 +5,7 @@
*/
import java
import experimental.Quantum.Language
import experimental.quantum.Language
from Callable f, Parameter p, Crypto::OperationNode op
where

2
java/ql/src/experimental/Quantum/InventorySlices/UnknownOperationAlgorithm.ql
View File

@@ -5,7 +5,7 @@
*/
import java
import experimental.Quantum.Language
import experimental.quantum.Language
//TODO: can we have an unknown node concept?
from Crypto::OperationNode op, Element e, string msg

2
java/ql/src/experimental/Quantum/PrintCBOMGraph.ql
View File

@@ -6,7 +6,7 @@
* @id java/print-cbom-graph
*/
import experimental.Quantum.Language
import experimental.quantum.Language
query predicate nodes(Crypto::NodeBase node, string key, string value) {
Crypto::nodes_graph_impl(node, key, value)