Adding an instantiation of the additional flow step class to automatically apply to generic dataflow. Flow step passthrough comes from the algorithm to getter flow passthroughs.

2026-04-22 23:35:14 +02:00 · 2025-03-10 15:56:01 -04:00
parent 036035b6a2
commit c83cb533ce
2 changed files with 10 additions and 0 deletions
--- a/cpp/ql/lib/experimental/Quantum/OpenSSL/OpenSSL.qll
+++ b/cpp/ql/lib/experimental/Quantum/OpenSSL/OpenSSL.qll
@@ -8,6 +8,8 @@ module OpenSSLModel {
  import experimental.Quantum.OpenSSL.EVPCipherAlgorithmSource
  import experimental.Quantum.OpenSSL.EVPHashAlgorithmSource
  import experimental.Quantum.OpenSSL.Random
+  // Imports the additional algorithm flow step for OpenSSL
+  import experimental.Quantum.OpenSSL.OpenSSLAlgorithmGetter


 //   // TODO: trace CTX from init variants to the context arg of EVP update calls
--- a/cpp/ql/lib/experimental/Quantum/OpenSSL/OpenSSLAlgorithmGetter.qll
+++ b/cpp/ql/lib/experimental/Quantum/OpenSSL/OpenSSLAlgorithmGetter.qll
@@ -4,6 +4,14 @@ import LibraryDetector
 import OpenSSLKnownAlgorithmConstants
 import experimental.Quantum.Language

+class OpenSSLAlgorithmAdditionalFlowStep extends AdditionalFlowInputStep {
+  OpenSSLAlgorithmAdditionalFlowStep() { exists(AlgorithmPassthroughCall c | c.getInNode() = this) }
+
+  override DataFlow::Node getOutput() {
+    exists(AlgorithmPassthroughCall c | c.getInNode() = this and c.getOutNode() = result)
+  }
+}
+
 module AlgGetterToAlgConsumerConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) {
    exists(OpenSSLAlgorithmGetterCall c | c.getResultNode() = source)