add support for AlgorithmParameterGenerator

2025-12-22 19:56:32 +01:00 · 2022-10-19 00:11:59 -04:00
parent ff557a287f
commit dc8b62baa0
2 changed files with 46 additions and 5 deletions
--- a/java/ql/lib/semmle/code/java/security/Encryption.qll
+++ b/java/ql/lib/semmle/code/java/security/Encryption.qll
@@ -389,7 +389,7 @@ class JavaSecuritySignature extends JavaSecurityAlgoSpec {
  override Expr getAlgoSpec() { result = this.(ConstructorCall).getArgument(0) }
 }

-/** A method call to the Java class `java.security.KeyPairGenerator`. */
+/** An instance of a `java.security.KeyPairGenerator`. */
 class JavaSecurityKeyPairGenerator extends JavaSecurityAlgoSpec {
  JavaSecurityKeyPairGenerator() {
    exists(Constructor c | c.getAReference() = this |
@@ -405,6 +405,41 @@ class JavaSecurityKeyPairGenerator extends JavaSecurityAlgoSpec {
  override Expr getAlgoSpec() { result = this.(Call).getArgument(0) }
 }

+/** The Java class `java.security.AlgorithmParameterGenerator`. */
+class AlgorithmParameterGenerator extends RefType {
+  AlgorithmParameterGenerator() {
+    this.hasQualifiedName("java.security", "AlgorithmParameterGenerator")
+  }
+}
+
+/** The `init` method declared in `java.security.AlgorithmParameterGenerator`. */
+class AlgoParamGeneratorInitMethod extends Method {
+  AlgoParamGeneratorInitMethod() {
+    this.getDeclaringType() instanceof AlgorithmParameterGenerator and
+    this.hasName("init")
+  }
+}
+
+/** An instance of a `java.security.AlgorithmParameterGenerator`. */
+class JavaSecurityAlgoParamGenerator extends JavaSecurityAlgoSpec {
+  JavaSecurityAlgoParamGenerator() {
+    exists(Constructor c | c.getAReference() = this |
+      c.getDeclaringType() instanceof AlgorithmParameterGenerator
+    )
+    or
+    exists(Method m | m.getAReference() = this |
+      m.getDeclaringType() instanceof AlgorithmParameterGenerator and
+      m.getName() = "getInstance"
+    )
+  }
+
+  override Expr getAlgoSpec() {
+    exists(Call c | c = this |
+      if c.getNumArgument() = 3 then result = c.getArgument(2) else result = c.getArgument(0)
+    )
+  }
+}
+
 /** The Java interface `java.security.spec.AlgorithmParameterSpec` */
 abstract class AlgorithmParameterSpec extends RefType { }

--- a/java/ql/lib/semmle/code/java/security/InsufficientKeySize.qll
+++ b/java/ql/lib/semmle/code/java/security/InsufficientKeySize.qll
@@ -131,7 +131,10 @@ abstract class KeyGenInitMethodAccess extends MethodAccess {

 /** A call to the `initialize` method declared in `java.security.KeyPairGenerator`. */
 private class AsymmetricInitMethodAccess extends KeyGenInitMethodAccess {
-  AsymmetricInitMethodAccess() { this.getMethod() instanceof KeyPairGeneratorInitMethod }
+  AsymmetricInitMethodAccess() {
+    this.getMethod() instanceof KeyPairGeneratorInitMethod or
+    this.getMethod() instanceof AlgoParamGeneratorInitMethod
+  }
 }

 /** A call to the `init` method declared in `javax.crypto.KeyGenerator`. */
@@ -146,16 +149,19 @@ abstract class KeyGeneratorObject extends CryptoAlgoSpec {

 /** An instance of a `java.security.KeyPairGenerator`. */
 private class AsymmetricKeyGenerator extends KeyGeneratorObject {
-  AsymmetricKeyGenerator() { this instanceof JavaSecurityKeyPairGenerator }
+  AsymmetricKeyGenerator() {
+    this instanceof JavaSecurityKeyPairGenerator or
+    this instanceof JavaSecurityAlgoParamGenerator
+  }

-  override Expr getAlgoSpec() { result = this.(MethodAccess).getArgument(0) }
+  override Expr getAlgoSpec() { result = this.getAlgoSpec() }
 }

 /** An instance of a `javax.crypto.KeyGenerator`. */
 private class SymmetricKeyGenerator extends KeyGeneratorObject {
  SymmetricKeyGenerator() { this instanceof JavaxCryptoKeyGenerator }

-  override Expr getAlgoSpec() { result = this.(MethodAccess).getArgument(0) }
+  override Expr getAlgoSpec() { result = this.getAlgoSpec() }
 }

 /** An instance of an algorithm specification. */