hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 11:19:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #21745 from owen-mc/go/refactor-encryption-operation

Browse Source 
Go: refactor `EncryptionOperation`
This commit is contained in:
Owen Mansel-Chan
2026-04-22 15:46:49 +01:00
committed by GitHub
parent bca51a986c 57eaed4dcc
commit d6abd4c72d
2 changed files with 30 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
go/ql/lib/semmle/go/Concepts.qll
View File

@@ -574,19 +574,17 @@ module Cryptography {
* is one) have been initialized separately.
*/
abstract class EncryptionOperation extends CryptographicOperation::Range {
DataFlow::Node encryptionFlowTarget;
DataFlow::Node inputNode;
/** Gets the target node for the encryption flow. */
abstract DataFlow::Node getEncryptionFlowTarget();
override DataFlow::Node getInitialization() {
EncryptionFlow::flow(result, encryptionFlowTarget)
EncryptionFlow::flow(result, this.getEncryptionFlowTarget())
}
override EncryptionAlgorithm getAlgorithm() {
result = this.getInitialization().(EncryptionAlgorithmInit).getAlgorithm()
}
override DataFlow::Node getAnInput() { result = inputNode }
override BlockMode getBlockMode() {
result = this.getInitialization().(BlockModeInit).getMode()
}
@@ -601,8 +599,12 @@ module Cryptography {
int inputArg;
EncryptionMethodCall() {
encryptionFlowTarget = super.getReceiver() and
inputNode = super.getArgument(inputArg)
exists(super.getReceiver()) and
exists(super.getArgument(inputArg))
}
override DataFlow::Node getEncryptionFlowTarget() { result = super.getReceiver() }
override DataFlow::Node getAnInput() { result = super.getArgument(inputArg) }
}
}

30
go/ql/lib/semmle/go/frameworks/CryptoLibraries.qll
View File

@@ -381,19 +381,26 @@ private module Crypto {
}
private class StreamReader extends EncryptionOperation {
DataFlow::Node encryptionFlowTarget;
DataFlow::Node inputNode;
StreamReader() {
lookThroughPointerType(this.getType()).hasQualifiedName("crypto/cipher", "StreamReader") and
exists(DataFlow::Write w, DataFlow::Node base, Field f |
f.hasQualifiedName("crypto/cipher", "StreamReader", "S") and
w.writesField(base, f, encryptionFlowTarget) and
DataFlow::localFlow(base, this)
exists(DataFlow::Write wS, DataFlow::Node baseS, Field fS |
fS.hasQualifiedName("crypto/cipher", "StreamReader", "S") and
wS.writesField(baseS, fS, encryptionFlowTarget) and
DataFlow::localFlow(baseS, this)
) and
exists(DataFlow::Write w, DataFlow::Node base, Field f |
f.hasQualifiedName("crypto/cipher", "StreamReader", "R") and
w.writesField(base, f, inputNode) and
DataFlow::localFlow(base, this)
exists(DataFlow::Write wR, DataFlow::Node baseR, Field fR |
fR.hasQualifiedName("crypto/cipher", "StreamReader", "R") and
wR.writesField(baseR, fR, inputNode) and
DataFlow::localFlow(baseR, this)
)
}
override DataFlow::Node getEncryptionFlowTarget() { result = encryptionFlowTarget }
override DataFlow::Node getAnInput() { result = inputNode }
}
/**
@@ -402,9 +409,10 @@ private module Crypto {
* so it only works within one function.
*/
private class StreamWriter extends EncryptionOperation {
DataFlow::Node encryptionFlowTarget;
StreamWriter() {
lookThroughPointerType(this.getType()).hasQualifiedName("crypto/cipher", "StreamWriter") and
inputNode = this and
exists(DataFlow::Write w, DataFlow::Node base, Field f |
w.writesField(base, f, encryptionFlowTarget) and
f.hasQualifiedName("crypto/cipher", "StreamWriter", "S")
@@ -413,6 +421,10 @@ private module Crypto {
TaintTracking::localTaint(base, this.(DataFlow::PostUpdateNode).getPreUpdateNode())
)
}
override DataFlow::Node getEncryptionFlowTarget() { result = encryptionFlowTarget }
override DataFlow::Node getAnInput() { result = this }
}
}
}