hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-22 07:15:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Make the RNCryptor sources wider (actual usage seems to vary).

Browse Source
This commit is contained in:
Geoffrey White
2023-04-06 20:36:08 +01:00
parent 81b0dbffbd
commit d4cc86cd05
4 changed files with 24 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
swift/ql/lib/codeql/swift/security/ConstantPasswordExtensions.qll
View File

@@ -50,8 +50,12 @@ private class DefaultConstantPasswordSink extends ConstantPasswordSink {
private class RnCryptorPasswordSink extends ConstantPasswordSink {
RnCryptorPasswordSink() {
// RNCryptor (labelled arguments)
exists(ClassOrStructDecl c, MethodDecl f, CallExpr call |
c.getName() = ["RNCryptor", "RNEncryptor", "RNDecryptor"] and
exists(NominalTypeDecl c, MethodDecl f, CallExpr call |
c.getName() =
[
"RNCryptor", "RNEncryptor", "RNDecryptor", "RNCryptor.EncryptorV3",
"RNCryptor.DecryptorV3"
] and
c.getAMember() = f and
call.getStaticTarget() = f and
call.getArgumentWithLabel(["password", "withPassword", "forPassword"]).getExpr() =

8
swift/ql/lib/codeql/swift/security/ConstantSaltExtensions.qll
View File

@@ -49,8 +49,12 @@ private class CryptoSwiftSaltSink extends ConstantSaltSink {
*/
private class RnCryptorSaltSink extends ConstantSaltSink {
RnCryptorSaltSink() {
exists(ClassOrStructDecl c, MethodDecl f, CallExpr call |
c.getName() = ["RNCryptor", "RNEncryptor", "RNDecryptor"] and
exists(NominalTypeDecl c, MethodDecl f, CallExpr call |
c.getName() =
[
"RNCryptor", "RNEncryptor", "RNDecryptor", "RNCryptor.EncryptorV3",
"RNCryptor.DecryptorV3"
] and
c.getAMember() = f and
call.getStaticTarget() = f and
call.getArgumentWithLabel(["salt", "encryptionSalt", "hmacSalt", "HMACSalt"]).getExpr() =

8
swift/ql/lib/codeql/swift/security/HardcodedEncryptionKeyExtensions.qll
View File

@@ -52,8 +52,12 @@ private class CryptoSwiftEncryptionKeySink extends HardcodedEncryptionKeySink {
*/
private class RnCryptorEncryptionKeySink extends HardcodedEncryptionKeySink {
RnCryptorEncryptionKeySink() {
exists(ClassOrStructDecl c, MethodDecl f, CallExpr call |
c.getFullName() = ["RNCryptor", "RNEncryptor", "RNDecryptor"] and
exists(NominalTypeDecl c, MethodDecl f, CallExpr call |
c.getFullName() =
[
"RNCryptor", "RNEncryptor", "RNDecryptor", "RNCryptor.EncryptorV3",
"RNCryptor.DecryptorV3"
] and
c.getAMember() = f and
call.getStaticTarget() = f and
call.getArgumentWithLabel(["encryptionKey", "withEncryptionKey"]).getExpr() = this.asExpr()

8
swift/ql/lib/codeql/swift/security/StaticInitializationVectorExtensions.qll
View File

@@ -51,8 +51,12 @@ private class CryptoSwiftInitializationVectorSink extends StaticInitializationVe
*/
private class RnCryptorInitializationVectorSink extends StaticInitializationVectorSink {
RnCryptorInitializationVectorSink() {
exists(ClassOrStructDecl c, MethodDecl f, CallExpr call |
c.getFullName() = ["RNCryptor", "RNEncryptor", "RNDecryptor"] and
exists(NominalTypeDecl c, MethodDecl f, CallExpr call |
c.getFullName() =
[
"RNCryptor", "RNEncryptor", "RNDecryptor", "RNCryptor.EncryptorV3",
"RNCryptor.DecryptorV3"
] and
c.getAMember() = f and
call.getStaticTarget() = f and
call.getArgumentWithLabel(["iv", "IV"]).getExpr() = this.asExpr()