hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added support for progressive hashing in crypto-js module

Browse Source
This commit is contained in:
smiddy007
2023-03-26 21:29:55 -04:00
committed by GitHub
parent c68c83c516
commit ccf152df00
1 changed files with 55 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll
View File

@@ -274,6 +274,34 @@ private module NodeJSCrypto {
* A model of the crypto-js library. * A model of the crypto-js library.
*/ */
private module CryptoJS { private module CryptoJS {
private class InstantiatedAlgorithm extends DataFlow::CallNode {
CryptographicAlgorithm algorithm; // non-functional
InstantiatedAlgorithm() {
/*
* ```
* const crypto = require("crypto-js");
* const cipher = crypto.algo.SHA256.create();
* ```
* matched as:
* ```
* const crypto = require("crypto-js");
* const cipher = crypto.algo.<algorithmName>.create();
* ```
*/
exists(DataFlow::SourceNode mod, DataFlow::PropRead propRead |
mod = DataFlow::moduleImport("crypto-js") and
propRead = mod.getAPropertyRead("algo").getAPropertyRead() and
this = propRead.getAMemberCall("create") and
not isStrongPasswordHashingAlgorithm(propRead.getPropertyName())
)
}
CryptographicAlgorithm getAlgorithm() { result = algorithm }
}
/** /**
* Matches `CryptoJS.<algorithmName>` and `require("crypto-js/<algorithmName>")` * Matches `CryptoJS.<algorithmName>` and `require("crypto-js/<algorithmName>")`
*/ */
@@ -325,13 +353,39 @@ private module CryptoJS {
input = result.getParameter(0) input = result.getParameter(0)
} }
private DataFlow::CallNode getUpdatedApplication (DataFlow::Node input, InstantiatedAlgorithm instantiation) {
/*
* ```
* var CryptoJS = require("crypto-js");
* var hash = CryptoJS.algo.SHA256.create();
* hash.update('message');
* hash.update('password');
* var hashInHex = hash.finalize();
* ```
* Matched as:
* ```
* var CryptoJS = require("crypto-js");
* var hash = CryptoJS.algo.<algorithmName>.create();
* hash.update(<input>);
* hash.update(<input>);
* var hashInHex = hash.finalize();
* ```
* Also matches where `CryptoJS.algo.<algorithmName>` has been
* replaced by `require("crypto-js/<algorithmName>")`
*/
result = instantiation.getAMemberCall("update") and
input = result.getArgument(0)
}
private class Apply extends CryptographicOperation::Range instanceof API::CallNode { private class Apply extends CryptographicOperation::Range instanceof API::CallNode {
API::Node input; API::Node input;
CryptographicAlgorithm algorithm; // non-functional CryptographicAlgorithm algorithm; // non-functional
Apply() { Apply() {
this = getEncryptionApplication(input, algorithm) or this = getEncryptionApplication(input, algorithm) or
this = getDirectApplication(input, algorithm) this = getDirectApplication(input, algorithm) or
this = getUpdatedApplication(input, instantiation)
} }
override DataFlow::Node getAnInput() { result = input.asSink() } override DataFlow::Node getAnInput() { result = input.asSink() }