hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2113 from raulgarciamsft/users/raulga/boost

Browse Source 
Users/raulga/boost
This commit is contained in:
Jonas Jensen
2019-10-20 13:14:44 +02:00
committed by GitHub
parent afcde14403 446763d331
commit defe99503d
11 changed files with 919 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
cpp/ql/src/Likely Bugs/Protocols/boostorg/TlsSettingsMisconfiguration.qhelp Normal file
View File

@@ -0,0 +1,15 @@
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>Using TLS or SSLv23 protool from the boost::asio library, but not disabling deprecated protocols or disabling minimum-recommended protocols.</p>
</overview>
<references>
<li>
<a href="https://www.boost.org/doc/libs/1_71_0/doc/html/boost_asio.html">Boost.Asio documentation</a>.
</li>
</references>
</qhelp>

119
cpp/ql/src/Likely Bugs/Protocols/boostorg/TlsSettingsMisconfiguration.ql Normal file
View File

@@ -0,0 +1,119 @@
/**
* @name Boost_asio TLS Settings Misconfiguration
* @description Using TLS or SSLv23 protool from the boost::asio library, but not disabling deprecated protocols or disabling minimum-recommended protocols
* @kind problem
* @problem.severity error
* @id cpp/boost/tls_settings_misconfiguration
* @tags security
*/
import cpp
import semmle.code.cpp.security.boostorg.asio.protocols
class ExistsAnyFlowConfig extends DataFlow::Configuration {
ExistsAnyFlowConfig() { this = "ExistsAnyFlowConfig" }
override predicate isSource(DataFlow::Node source) { any() }
override predicate isSink(DataFlow::Node sink) { any() }
}
bindingset[flag]
predicate isOptionSet(ConstructorCall cc, int flag, FunctionCall fcSetOptions) {
exists(
BoostorgAsio::SslContextFlowsToSetOptionConfig config, ExistsAnyFlowConfig testConfig,
Expr optionsSink
|
config.hasFlow(DataFlow::exprNode(cc), DataFlow::exprNode(optionsSink)) and
exists(VariableAccess contextSetOptions |
testConfig.hasFlow(DataFlow::exprNode(cc), DataFlow::exprNode(contextSetOptions)) and
exists(BoostorgAsio::SslSetOptionsFunction f | f.getACallToThisFunction() = fcSetOptions |
contextSetOptions = fcSetOptions.getQualifier() and
forall(
Expr optionArgument, BoostorgAsio::SslOptionConfig optionArgConfig,
Expr optionArgumentSource
|
optionArgument = fcSetOptions.getArgument(0) and
optionArgConfig
.hasFlow(DataFlow::exprNode(optionArgumentSource), DataFlow::exprNode(optionArgument))
|
optionArgument.getValue().toInt().bitShiftRight(16).bitAnd(flag) = flag
)
)
)
)
}
bindingset[flag]
predicate isOptionNotSet(ConstructorCall cc, int flag) {
not exists(
BoostorgAsio::SslContextFlowsToSetOptionConfig config, ExistsAnyFlowConfig testConfig,
Expr optionsSink
|
config.hasFlow(DataFlow::exprNode(cc), DataFlow::exprNode(optionsSink)) and
exists(VariableAccess contextSetOptions |
testConfig.hasFlow(DataFlow::exprNode(cc), DataFlow::exprNode(contextSetOptions)) and
exists(FunctionCall fcSetOptions, BoostorgAsio::SslSetOptionsFunction f |
f.getACallToThisFunction() = fcSetOptions
|
contextSetOptions = fcSetOptions.getQualifier() and
forall(
Expr optionArgument, BoostorgAsio::SslOptionConfig optionArgConfig,
Expr optionArgumentSource
|
optionArgument = fcSetOptions.getArgument(0) and
optionArgConfig
.hasFlow(DataFlow::exprNode(optionArgumentSource), DataFlow::exprNode(optionArgument))
|
optionArgument.getValue().toInt().bitShiftRight(16).bitAnd(flag) = flag
)
)
)
)
}
from
BoostorgAsio::SslContextCallTlsProtocolConfig configConstructor,
BoostorgAsio::SslContextFlowsToSetOptionConfig config, Expr protocolSource, Expr protocolSink,
ConstructorCall cc, Expr e, string msg
where
configConstructor.hasFlow(DataFlow::exprNode(protocolSource), DataFlow::exprNode(protocolSink)) and
cc.getArgument(0) = protocolSink and
(
BoostorgAsio::isExprSslV23BoostProtocol(protocolSource) and
not exists(Expr optionsSink |
config.hasFlow(DataFlow::exprNode(cc), DataFlow::exprNode(optionsSink)) and
isOptionSet(cc, BoostorgAsio::getShiftedSslOptionsNoSsl3(), _) and
isOptionSet(cc, BoostorgAsio::getShiftedSslOptionsNoTls1(), _) and
isOptionSet(cc, BoostorgAsio::getShiftedSslOptionsNoTls1_1(), _) and
isOptionNotSet(cc, BoostorgAsio::getShiftedSslOptionsNoTls1_2())
)
or
BoostorgAsio::isExprTlsBoostProtocol(protocolSource) and
not BoostorgAsio::isExprSslV23BoostProtocol(protocolSource) and
not exists(Expr optionsSink |
config.hasFlow(DataFlow::exprNode(cc), DataFlow::exprNode(optionsSink)) and
isOptionSet(cc, BoostorgAsio::getShiftedSslOptionsNoTls1(), _) and
isOptionSet(cc, BoostorgAsio::getShiftedSslOptionsNoTls1_1(), _) and
isOptionNotSet(cc, BoostorgAsio::getShiftedSslOptionsNoTls1_2())
)
) and
(
BoostorgAsio::isExprSslV23BoostProtocol(protocolSource) and
isOptionNotSet(cc, BoostorgAsio::getShiftedSslOptionsNoSsl3()) and
e = cc and
msg = "no_sslv3 has not been set"
or
isOptionNotSet(cc, BoostorgAsio::getShiftedSslOptionsNoTls1()) and
e = cc and
msg = "no_tlsv1 has not been set"
or
isOptionNotSet(cc, BoostorgAsio::getShiftedSslOptionsNoTls1_1()) and
e = cc and
msg = "no_tlsv1_1 has not been set"
or
isOptionSet(cc, BoostorgAsio::getShiftedSslOptionsNoTls1_2(), e) and
msg = "no_tlsv1_2 was set"
)
select cc, "Usage of $@ with protocol $@ is not configured correctly: The option $@.", cc,
"boost::asio::ssl::context::context", protocolSource, protocolSource.toString(), e, msg

16
cpp/ql/src/Likely Bugs/Protocols/boostorg/UseOfDeprecatedHardcodedProtocol.qhelp Normal file
View File

@@ -0,0 +1,16 @@
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>Using boost::asio library but specifying a deprecated hardcoded protocol.</p>
<p>Using a deprecated hardcoded protocol instead of negotiting would lock your application to a protocol that has known vulnerabilities or weaknesses.</p>
</overview>
<references>
<li>
<a href="https://www.boost.org/doc/libs/1_71_0/doc/html/boost_asio.html">Boost.Asio documentation</a>.
</li>
</references>
</qhelp>

27
cpp/ql/src/Likely Bugs/Protocols/boostorg/UseOfDeprecatedHardcodedProtocol.ql Normal file
View File

@@ -0,0 +1,27 @@
/**
* @name boost::asio Use of deprecated hardcoded Protocol
* @description Using a deprecated hard-coded protocol using the boost::asio library.
* @kind problem
* @problem.severity error
* @id cpp/boost/use-of-deprecated-hardcoded-security-protocol
* @tags security
*/
import cpp
import semmle.code.cpp.security.boostorg.asio.protocols
from
BoostorgAsio::SslContextCallConfig config, Expr protocolSource, Expr protocolSink,
ConstructorCall cc
where
config.hasFlow(DataFlow::exprNode(protocolSource), DataFlow::exprNode(protocolSink)) and
not exists(BoostorgAsio::SslContextCallTlsProtocolConfig tlsConfig |
tlsConfig.hasFlow(DataFlow::exprNode(protocolSource), DataFlow::exprNode(protocolSink))
) and
cc.getArgument(0) = protocolSink and
exists(BoostorgAsio::SslContextCallBannedProtocolConfig bannedConfig |
bannedConfig.hasFlow(DataFlow::exprNode(protocolSource), DataFlow::exprNode(protocolSink))
)
select protocolSink, "Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@.",
cc, "boost::asio::ssl::context::context", protocolSource, protocolSource.toString(),
cc.getEnclosingFunction(), cc.getEnclosingFunction().toString()

487
cpp/ql/src/semmle/code/cpp/security/boostorg/asio/protocols.qll Normal file
View File

@@ -0,0 +1,487 @@
import cpp
import semmle.code.cpp.dataflow.DataFlow
module BoostorgAsio {
/**
* Represents boost::asio::ssl::context enum
*/
class SslContextMethod extends Enum {
SslContextMethod() {
this.getName().toString() = "method" and
this.getQualifiedName().toString().matches("boost::asio::ssl::context%")
}
/**
* returns the value for a banned protocol
*/
EnumConstant getABannedProtocolConstant() {
result = this.getAnEnumConstant() and
(
/// Generic SSL version 2.
result.getName() = "sslv2"
or
/// SSL version 2 client.
result.getName() = "sslv2_client"
or
/// SSL version 2 server.
result.getName() = "sslv2_server"
or
/// Generic SSL version 3.
result.getName() = "sslv3"
or
/// SSL version 3 client.
result.getName() = "sslv3_client"
or
/// SSL version 3 server.
result.getName() = "sslv3_server"
or
/// Generic TLS version 1.
result.getName() = "tlsv1"
or
/// TLS version 1 client.
result.getName() = "tlsv1_client"
or
/// TLS version 1 server.
result.getName() = "tlsv1_server"
or
/// Generic TLS version 1.1.
result.getName() = "tlsv11"
or
/// TLS version 1.1 client.
result.getName() = "tlsv11_client"
or
/// TLS version 1.1 server.
result.getName() = "tlsv11_server"
)
}
/**
* returns the value for a approved protocols, but that are hard-coded (i.e. no protocol negotiation)
*/
EnumConstant getAnApprovedButHardcodedProtocolConstant() {
result = this.getATls12ProtocolConstant()
}
/**
* returns the value for a TLS v1.2 protocol
*/
EnumConstant getATls12ProtocolConstant() {
result = this.getAnEnumConstant() and
(
/// Generic TLS version 1.2.
result.getName() = "tlsv12"
or
/// TLS version 1.2 client.
result.getName() = "tlsv12_client"
or
/// TLS version 1.2 server.
result.getName() = "tlsv12_server"
)
}
/**
* returns the value for a TLS v1.3 protocol
*/
EnumConstant getATls13ProtocolConstant() {
result = this.getAnEnumConstant() and
(
/// Generic TLS version 1.3.
result.getName() = "tlsv13"
or
/// TLS version 1.3 client.
result.getName() = "tlsv13_client"
or
/// TLS version 1.3 server.
result.getName() = "tlsv13_server"
)
}
/**
* returns the value of a generic TLS or SSL/TLS protocol
*/
EnumConstant getAGenericTlsProtocolConstant() {
result = this.getAnEnumConstant() and
(
/// Generic TLS
result.getName() = "tls"
or
/// TLS client.
result.getName() = "tls_client"
or
/// TLS server.
result.getName() = "tls_server"
)
or
result = getASslv23ProtocolConstant()
}
/**
* returns the value of a generic SSL/TLS protocol
*/
EnumConstant getASslv23ProtocolConstant() {
result = this.getAnEnumConstant() and
(
/// OpenSSL - SSLv23 == A TLS/SSL connection established with these methods may understand the SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols.
/// Generic SSL/TLS.
result.getName() = "sslv23"
or
/// SSL/TLS client.
result.getName() = "sslv23_client"
or
/// SSL/TLS server.
result.getName() = "sslv23_server"
)
}
}
/**
* NOTE: ignore - Modern versions of OpenSSL do not support SSL v2 anymore, so this option is for backwards compatibility only
*/
int getShiftedSslOptionsNoSsl2() {
// SSL_OP_NO_SSLv2 was removed from modern OpenSSL versions
result = 0
}
/**
* RightShift(16) value for no_sslv3 constant
*/
int getShiftedSslOptionsNoSsl3() {
// SSL_OP_NO_SSLv3 == 0x02000000U
result = 512
}
/**
* RightShift(16) value for no_tlsv1 constant
*/
int getShiftedSslOptionsNoTls1() {
// SSL_OP_NO_TLSv1 == 0x04000000U
result = 1024
}
/**
* RightShift(16) value for no_tlsv1_1 constant
*/
int getShiftedSslOptionsNoTls1_1() {
// SSL_OP_NO_TLSv1_1 == 0x10000000U
result = 4096
}
/**
* RightShift(16) value for no_tlsv1_2 constant
*/
int getShiftedSslOptionsNoTls1_2() {
// SSL_OP_NO_TLSv1_2 == 0x08000000U
result = 2048
}
/**
* RightShift(16) value for no_tlsv1_3 constant
*/
int getShiftedSslOptionsNoTls1_3() {
// SSL_OP_NO_TLSv1_2 == 0x20000000U
result = 8192
}
/**
* Represents boost::asio::ssl::context class
*/
class SslContextClass extends Class {
SslContextClass() { this.getQualifiedName() = "boost::asio::ssl::context" }
ConstructorCall getAContructorCall() {
this.getAConstructor().getACallToThisFunction() = result and
not result.getLocation().getFile().toString().matches("%/boost/asio/%") and
result.fromSource()
}
}
/**
* Represents boost::asio::ssl::context::set_options member function
*/
class SslSetOptionsFunction extends Function {
SslSetOptionsFunction() {
this.getQualifiedName().matches("boost::asio::ssl::context::set_options")
}
}
/**
* holds if the expression represents a banned protocol
*/
predicate isExprBannedBoostProtocol(Expr e) {
exists(Literal va | va = e |
va.getValue().toInt() = 0 or
va.getValue().toInt() = 1 or
va.getValue().toInt() = 2 or
va.getValue().toInt() = 3 or
va.getValue().toInt() = 4 or
va.getValue().toInt() = 5 or
va.getValue().toInt() = 6 or
va.getValue().toInt() = 7 or
va.getValue().toInt() = 8 or
va.getValue().toInt() = 12 or
va.getValue().toInt() = 13 or
va.getValue().toInt() = 14
)
or
exists(VariableAccess va | va = e |
va.getValue().toInt() = 0 or
va.getValue().toInt() = 1 or
va.getValue().toInt() = 2 or
va.getValue().toInt() = 3 or
va.getValue().toInt() = 4 or
va.getValue().toInt() = 5 or
va.getValue().toInt() = 6 or
va.getValue().toInt() = 7 or
va.getValue().toInt() = 8 or
va.getValue().toInt() = 12 or
va.getValue().toInt() = 13 or
va.getValue().toInt() = 14
)
or
exists(EnumConstantAccess eca, SslContextMethod enum | e = eca |
enum.getABannedProtocolConstant().getAnAccess() = eca
)
}
/**
* holds if the expression represents a TLS v1.2 protocol
*/
predicate isExprTls12BoostProtocol(Expr e) {
exists(Literal va | va = e |
(
va.getValue().toInt() = 15 or /// Generic TLS version 1.2.
va.getValue().toInt() = 16 or /// TLS version 1.2 client.
va.getValue().toInt() = 17 /// TLS version 1.2 server.
)
)
or
exists(VariableAccess va | va = e |
(
va.getValue().toInt() = 15 or /// Generic TLS version 1.2.
va.getValue().toInt() = 16 or /// TLS version 1.2 client.
va.getValue().toInt() = 17 /// TLS version 1.2 server.
)
)
or
exists(EnumConstantAccess eca, SslContextMethod enum | e = eca |
enum.getATls12ProtocolConstant().getAnAccess() = eca
)
}
/**
* holds if the expression represents a protocol that requires Crypto Board approval
*/
predicate isExprTls13BoostProtocol(Expr e) {
exists(Literal va | va = e |
(
va.getValue().toInt() = 18 or
va.getValue().toInt() = 19 or
va.getValue().toInt() = 20
)
)
or
exists(VariableAccess va | va = e |
(
va.getValue().toInt() = 18 or
va.getValue().toInt() = 19 or
va.getValue().toInt() = 20
)
)
or
exists(EnumConstantAccess eca, SslContextMethod enum | e = eca |
enum.getATls13ProtocolConstant().getAnAccess() = eca
)
}
/**
* holds if the expression represents a generic TLS or SSL/TLS protocol
*/
predicate isExprTlsBoostProtocol(Expr e) {
exists(Literal va | va = e |
(
va.getValue().toInt() = 9 or /// Generic SSL/TLS.
va.getValue().toInt() = 10 or /// SSL/TLS client.
va.getValue().toInt() = 11 or /// SSL/TLS server.
va.getValue().toInt() = 21 or /// Generic TLS.
va.getValue().toInt() = 22 or /// TLS client.
va.getValue().toInt() = 23 /// TLS server.
)
)
or
exists(VariableAccess va | va = e |
(
va.getValue().toInt() = 9 or /// Generic SSL/TLS.
va.getValue().toInt() = 10 or /// SSL/TLS client.
va.getValue().toInt() = 11 or /// SSL/TLS server.
va.getValue().toInt() = 21 or /// Generic TLS.
va.getValue().toInt() = 22 or /// TLS client.
va.getValue().toInt() = 23 /// TLS server.
)
)
or
exists(EnumConstantAccess eca, SslContextMethod enum | e = eca |
enum.getAGenericTlsProtocolConstant().getAnAccess() = eca
)
}
/**
* holds if the expression represents a generic SSl/TLS protocol
*/
predicate isExprSslV23BoostProtocol(Expr e) {
exists(Literal va | va = e |
(
va.getValue().toInt() = 9 or /// Generic SSL/TLS.
va.getValue().toInt() = 10 or /// SSL/TLS client.
va.getValue().toInt() = 11 /// SSL/TLS server.
)
)
or
exists(VariableAccess va | va = e |
(
va.getValue().toInt() = 9 or /// Generic SSL/TLS.
va.getValue().toInt() = 10 or /// SSL/TLS client.
va.getValue().toInt() = 11 /// SSL/TLS server.
)
)
or
exists(EnumConstantAccess eca, SslContextMethod enum | e = eca |
enum.getASslv23ProtocolConstant().getAnAccess() = eca
)
}
//////////////////////// Dataflow /////////////////////
/**
* Abstract - Protocol value Flows to the first argument of the context constructor
*/
abstract class SslContextCallAbstractConfig extends DataFlow::Configuration {
bindingset[this]
SslContextCallAbstractConfig() { any() }
override predicate isSink(DataFlow::Node sink) {
exists(ConstructorCall cc, SslContextClass c, Expr e | e = sink.asExpr() |
c.getAContructorCall() = cc and
cc.getArgument(0) = e
)
}
}
/**
* any Protocol value Flows to the first argument of the context constructor
*/
class SslContextCallConfig extends SslContextCallAbstractConfig {
SslContextCallConfig() { this = "SslContextCallConfig" }
override predicate isSource(DataFlow::Node source) {
exists(Expr e | e = source.asExpr() |
e.fromSource() and
not e.getLocation().getFile().toString().matches("%/boost/asio/%")
)
}
}
/**
* a banned protocol value Flows to the first argument of the context constructor
*/
class SslContextCallBannedProtocolConfig extends SslContextCallAbstractConfig {
SslContextCallBannedProtocolConfig() { this = "SslContextCallBannedProtocolConfig" }
override predicate isSource(DataFlow::Node source) {
exists(Expr e | e = source.asExpr() |
e.fromSource() and
not e.getLocation().getFile().toString().matches("%/boost/asio/%") and
isExprBannedBoostProtocol(e)
)
}
}
/**
* a TLS 1.2 protocol value Flows to the first argument of the context constructor
*/
class SslContextCallTls12ProtocolConfig extends SslContextCallAbstractConfig {
SslContextCallTls12ProtocolConfig() { this = "SslContextCallTls12ProtocolConfig" }
override predicate isSource(DataFlow::Node source) {
exists(Expr e | e = source.asExpr() |
e.fromSource() and
not e.getLocation().getFile().toString().matches("%/boost/asio/%") and
isExprTls12BoostProtocol(e)
)
}
}
/**
* a TLS 1.3 protocol value Flows to the first argument of the context constructor
*/
class SslContextCallTls13ProtocolConfig extends SslContextCallAbstractConfig {
SslContextCallTls13ProtocolConfig() { this = "SslContextCallTls12ProtocolConfig" }
override predicate isSource(DataFlow::Node source) {
exists(Expr e | e = source.asExpr() |
e.fromSource() and
not e.getLocation().getFile().toString().matches("%/boost/asio/%") and
isExprTls13BoostProtocol(e)
)
}
}
/**
* a generic TLS protocol value Flows to the first argument of the context constructor
*/
class SslContextCallTlsProtocolConfig extends SslContextCallAbstractConfig {
SslContextCallTlsProtocolConfig() { this = "SslContextCallTlsProtocolConfig" }
override predicate isSource(DataFlow::Node source) {
exists(Expr e | e = source.asExpr() |
e.fromSource() and
not e.getLocation().getFile().toString().matches("%/boost/asio/%") and
isExprTlsBoostProtocol(e)
)
}
}
/**
* a context constructor call flows to a call calling SetOptions()
*/
class SslContextFlowsToSetOptionConfig extends DataFlow::Configuration {
SslContextFlowsToSetOptionConfig() { this = "SslContextFlowsToSetOptionConfig" }
override predicate isSource(DataFlow::Node source) {
exists(SslContextClass c, ConstructorCall cc |
cc = source.asExpr() and
c.getAContructorCall() = cc
)
}
override predicate isSink(DataFlow::Node sink) {
exists(FunctionCall fc, SslSetOptionsFunction f, Variable v, VariableAccess va |
va = sink.asExpr()
|
f.getACallToThisFunction() = fc and
v.getAnAccess() = va and
va = fc.getQualifier()
)
}
}
/**
* an option value flows to the 1st parameter of SetOptions()
*/
class SslOptionConfig extends DataFlow::Configuration {
SslOptionConfig() { this = "SslOptionConfig" }
override predicate isSource(DataFlow::Node source) {
exists(Expr e | e = source.asExpr() |
e.fromSource() and
not e.getLocation().getFile().toString().matches("%/boost/asio/%")
)
}
override predicate isSink(DataFlow::Node sink) {
exists(SslSetOptionsFunction f, FunctionCall call |
sink.asExpr() = call.getArgument(0) and
f.getACallToThisFunction() = call and
not sink.getLocation().getFile().toString().matches("%/boost/asio/%")
)
}
}
}

7
cpp/ql/test/query-tests/Likely Bugs/Protocols/boostorg/TlsSettingsMisconfiguration.expected Normal file
View File

@@ -0,0 +1,7 @@
| test.cpp:25:32:25:65 | call to context | Usage of $@ with protocol $@ is not configured correctly: The option $@. | test.cpp:25:32:25:65 | call to context | boost::asio::ssl::context::context | test.cpp:25:32:25:64 | sslv23 | sslv23 | test.cpp:25:32:25:65 | call to context | no_sslv3 has not been set |
| test.cpp:31:32:31:65 | call to context | Usage of $@ with protocol $@ is not configured correctly: The option $@. | test.cpp:31:32:31:65 | call to context | boost::asio::ssl::context::context | test.cpp:31:32:31:64 | sslv23 | sslv23 | test.cpp:31:32:31:65 | call to context | no_sslv3 has not been set |
| test.cpp:31:32:31:65 | call to context | Usage of $@ with protocol $@ is not configured correctly: The option $@. | test.cpp:31:32:31:65 | call to context | boost::asio::ssl::context::context | test.cpp:31:32:31:64 | sslv23 | sslv23 | test.cpp:31:32:31:65 | call to context | no_tlsv1 has not been set |
| test.cpp:31:32:31:65 | call to context | Usage of $@ with protocol $@ is not configured correctly: The option $@. | test.cpp:31:32:31:65 | call to context | boost::asio::ssl::context::context | test.cpp:31:32:31:64 | sslv23 | sslv23 | test.cpp:31:32:31:65 | call to context | no_tlsv1_1 has not been set |
| test.cpp:36:32:36:62 | call to context | Usage of $@ with protocol $@ is not configured correctly: The option $@. | test.cpp:36:32:36:62 | call to context | boost::asio::ssl::context::context | test.cpp:36:32:36:61 | tls | tls | test.cpp:36:32:36:62 | call to context | no_tlsv1 has not been set |
| test.cpp:36:32:36:62 | call to context | Usage of $@ with protocol $@ is not configured correctly: The option $@. | test.cpp:36:32:36:62 | call to context | boost::asio::ssl::context::context | test.cpp:36:32:36:61 | tls | tls | test.cpp:36:32:36:62 | call to context | no_tlsv1_1 has not been set |
| test.cpp:41:32:41:62 | call to context | Usage of $@ with protocol $@ is not configured correctly: The option $@. | test.cpp:41:32:41:62 | call to context | boost::asio::ssl::context::context | test.cpp:41:32:41:61 | tls | tls | test.cpp:43:6:43:16 | call to set_options | no_tlsv1_2 was set |

1
cpp/ql/test/query-tests/Likely Bugs/Protocols/boostorg/TlsSettingsMisconfiguration.qlref Normal file
View File

@@ -0,0 +1 @@
Likely Bugs/Protocols/boostorg/TlsSettingsMisconfiguration.ql

24
cpp/ql/test/query-tests/Likely Bugs/Protocols/boostorg/UseOfDeprecatedHardcodedProtocol.expected Normal file
View File

@@ -0,0 +1,24 @@
| test.cpp:50:38:50:69 | sslv2 | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:50:38:50:70 | call to context | boost::asio::ssl::context::context | test.cpp:50:38:50:69 | sslv2 | sslv2 | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:51:39:51:77 | sslv2_client | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:51:39:51:78 | call to context | boost::asio::ssl::context::context | test.cpp:51:39:51:77 | sslv2_client | sslv2_client | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:52:39:52:77 | sslv2_server | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:52:39:52:78 | call to context | boost::asio::ssl::context::context | test.cpp:52:39:52:77 | sslv2_server | sslv2_server | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:54:38:54:69 | sslv3 | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:54:38:54:70 | call to context | boost::asio::ssl::context::context | test.cpp:54:38:54:69 | sslv3 | sslv3 | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:55:39:55:77 | sslv3_client | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:55:39:55:78 | call to context | boost::asio::ssl::context::context | test.cpp:55:39:55:77 | sslv3_client | sslv3_client | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:56:39:56:77 | sslv3_server | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:56:39:56:78 | call to context | boost::asio::ssl::context::context | test.cpp:56:39:56:77 | sslv3_server | sslv3_server | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:58:38:58:69 | tlsv1 | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:58:38:58:70 | call to context | boost::asio::ssl::context::context | test.cpp:58:38:58:69 | tlsv1 | tlsv1 | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:59:39:59:77 | tlsv1_client | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:59:39:59:78 | call to context | boost::asio::ssl::context::context | test.cpp:59:39:59:77 | tlsv1_client | tlsv1_client | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:60:39:60:77 | tlsv1_server | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:60:39:60:78 | call to context | boost::asio::ssl::context::context | test.cpp:60:39:60:77 | tlsv1_server | tlsv1_server | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:62:39:62:71 | tlsv11 | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:62:39:62:72 | call to context | boost::asio::ssl::context::context | test.cpp:62:39:62:71 | tlsv11 | tlsv11 | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:63:40:63:79 | tlsv11_client | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:63:40:63:80 | call to context | boost::asio::ssl::context::context | test.cpp:63:40:63:79 | tlsv11_client | tlsv11_client | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:64:40:64:79 | tlsv11_server | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:64:40:64:80 | call to context | boost::asio::ssl::context::context | test.cpp:64:40:64:79 | tlsv11_server | tlsv11_server | test.cpp:47:6:47:27 | TestHardcodedProtocols | TestHardcodedProtocols |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:85:22:85:53 | sslv2 | sslv2 | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:86:22:86:60 | sslv2_client | sslv2_client | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:87:22:87:60 | sslv2_server | sslv2_server | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:89:22:89:53 | sslv3 | sslv3 | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:90:22:90:60 | sslv3_client | sslv3_client | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:91:22:91:60 | sslv3_server | sslv3_server | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:93:22:93:53 | tlsv1 | tlsv1 | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:94:22:94:60 | tlsv1_client | tlsv1_client | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:95:22:95:60 | tlsv1_server | tlsv1_server | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:97:22:97:54 | tlsv11 | tlsv11 | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:98:22:98:61 | tlsv11_client | tlsv11_client | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |
| test.cpp:79:33:79:33 | m | Usage of $@ specifying a deprecated hardcoded protocol $@ in function $@. | test.cpp:79:33:79:34 | call to context | boost::asio::ssl::context::context | test.cpp:99:22:99:61 | tlsv11_server | tlsv11_server | test.cpp:77:6:77:24 | InterProceduralTest | InterProceduralTest |

1
cpp/ql/test/query-tests/Likely Bugs/Protocols/boostorg/UseOfDeprecatedHardcodedProtocol.qlref Normal file
View File

@@ -0,0 +1 @@
Likely Bugs/Protocols/boostorg/UseOfDeprecatedHardcodedProtocol.ql

112
cpp/ql/test/query-tests/Likely Bugs/Protocols/boostorg/asio/boost_simulation.hpp Normal file
View File

@@ -0,0 +1,112 @@
#define SSL_OP_ALL 0x80000BFFU
#define SSL_OP_NO_SSLv2 0
#define SSL_OP_NO_SSLv3 0x02000000U
#define SSL_OP_NO_TLSv1 0x04000000U
#define SSL_OP_NO_TLSv1_1 0x10000000U
#define SSL_OP_NO_TLSv1_2 0x08000000U
#define SSL_OP_NO_TLSv1_3 0x20000000U
namespace boost {
namespace asio {
namespace ssl {
class context
{
public:
/// Different methods supported by a context.
enum method
{
/// Generic SSL version 2.
sslv2,
/// SSL version 2 client.
sslv2_client,
/// SSL version 2 server.
sslv2_server,
/// Generic SSL version 3.
sslv3,
/// SSL version 3 client.
sslv3_client,
/// SSL version 3 server.
sslv3_server,
/// Generic TLS version 1.
tlsv1,
/// TLS version 1 client.
tlsv1_client,
/// TLS version 1 server.
tlsv1_server,
/// Generic SSL/TLS.
sslv23,
/// SSL/TLS client.
sslv23_client,
/// SSL/TLS server.
sslv23_server,
/// Generic TLS version 1.1.
tlsv11,
/// TLS version 1.1 client.
tlsv11_client,
/// TLS version 1.1 server.
tlsv11_server,
/// Generic TLS version 1.2.
tlsv12,
/// TLS version 1.2 client.
tlsv12_client,
/// TLS version 1.2 server.
tlsv12_server,
/// Generic TLS version 1.3.
tlsv13,
/// TLS version 1.3 client.
tlsv13_client,
/// TLS version 1.3 server.
tlsv13_server,
/// Generic TLS.
tls,
/// TLS client.
tls_client,
/// TLS server.
tls_server
};
/// Bitmask type for SSL options.
typedef long options;
static const long default_workarounds = SSL_OP_ALL;
static const long no_sslv2 = SSL_OP_NO_SSLv2;
static const long no_sslv3 = SSL_OP_NO_SSLv3;
static const long no_tlsv1 = SSL_OP_NO_TLSv1;
static const long no_tlsv1_1 = SSL_OP_NO_TLSv1_1;
static const long no_tlsv1_2 = SSL_OP_NO_TLSv1_2;
static const long no_tlsv1_3 = SSL_OP_NO_TLSv1_3;
/// Constructor.
explicit context(method m) {}
void context::set_options(context::options o) {}
};
}
}
}

110
cpp/ql/test/query-tests/Likely Bugs/Protocols/boostorg/test.cpp Normal file
View File

@@ -0,0 +1,110 @@
#include "asio/boost_simulation.hpp"
void SetOptionsNoOldTls(boost::asio::ssl::context& ctx)
{
ctx.set_options(boost::asio::ssl::context::no_tlsv1);
ctx.set_options(boost::asio::ssl::context::no_tlsv1_1);
}
void TestProperConfiguration_inter_CorrectUsage01()
{
boost::asio::ssl::context ctx(boost::asio::ssl::context::tls_client);
SetOptionsNoOldTls(ctx);
}
void TestProperConfiguration_inter_CorrectUsage02()
{
boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23);
ctx.set_options(boost::asio::ssl::context::no_tlsv1 |
boost::asio::ssl::context::no_tlsv1_1 |
boost::asio::ssl::context::no_sslv3);
}
void TestProperConfiguration_inter_IncorrectUsage01()
{
boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23); // BUG - missing disable SSLv3
SetOptionsNoOldTls(ctx);
}
void TestProperConfiguration_IncorrectUsage01()
{
boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23); // BUG
}
void TestProperConfiguration_IncorrectUsage02()
{
boost::asio::ssl::context ctx(boost::asio::ssl::context::tls); // BUG
}
void TestProperConfiguration_IncorrectUsage03()
{
boost::asio::ssl::context ctx(boost::asio::ssl::context::tls); // BUG
SetOptionsNoOldTls(ctx);
ctx.set_options(boost::asio::ssl::context::no_tlsv1 |
boost::asio::ssl::context::no_tlsv1_2 ); // BUG - disabling TLS 1.2
}
void TestHardcodedProtocols()
{
//////////////////////// Banned Hardcoded algorithms
boost::asio::ssl::context cxt_sslv2(boost::asio::ssl::context::sslv2); // BUG
boost::asio::ssl::context cxt_sslv2c(boost::asio::ssl::context::sslv2_client); // BUG
boost::asio::ssl::context cxt_sslv2s(boost::asio::ssl::context::sslv2_server); // BUG
boost::asio::ssl::context cxt_sslv3(boost::asio::ssl::context::sslv3); // BUG
boost::asio::ssl::context cxt_sslv3c(boost::asio::ssl::context::sslv3_client); // BUG
boost::asio::ssl::context cxt_sslv3s(boost::asio::ssl::context::sslv3_server); // BUG
boost::asio::ssl::context cxt_tlsv1(boost::asio::ssl::context::tlsv1); // BUG
boost::asio::ssl::context cxt_tlsv1c(boost::asio::ssl::context::tlsv1_client); // BUG
boost::asio::ssl::context cxt_tlsv1s(boost::asio::ssl::context::tlsv1_server); // BUG
boost::asio::ssl::context cxt_tlsv11(boost::asio::ssl::context::tlsv11); // BUG
boost::asio::ssl::context cxt_tlsv11c(boost::asio::ssl::context::tlsv11_client); // BUG
boost::asio::ssl::context cxt_tlsv11s(boost::asio::ssl::context::tlsv11_server); // BUG
////////////////////// Hardcoded algorithms
boost::asio::ssl::context cxt_tlsv12(boost::asio::ssl::context::tlsv12); // BUG
boost::asio::ssl::context cxt_tlsv12c(boost::asio::ssl::context::tlsv12_client); // BUG
boost::asio::ssl::context cxt_tlsv12s(boost::asio::ssl::context::tlsv12_server); // BUG
boost::asio::ssl::context cxt_tlsv13(boost::asio::ssl::context::tlsv13); // BUG
boost::asio::ssl::context cxt_tlsv13c(boost::asio::ssl::context::tlsv13_client); // BUG
boost::asio::ssl::context cxt_tlsv13s(boost::asio::ssl::context::tlsv13_server); // BUG
}
void InterProceduralTest(boost::asio::ssl::context::method m)
{
boost::asio::ssl::context cxt1(m); // BUG - Multiple hits (sink)
}
void TestHardcodedProtocols_inter()
{
//////////////////////// Banned Hardcoded algorithms
InterProceduralTest(boost::asio::ssl::context::sslv2); // BUG
InterProceduralTest(boost::asio::ssl::context::sslv2_client); // BUG
InterProceduralTest(boost::asio::ssl::context::sslv2_server); // BUG
InterProceduralTest(boost::asio::ssl::context::sslv3); // BUG
InterProceduralTest(boost::asio::ssl::context::sslv3_client); // BUG
InterProceduralTest(boost::asio::ssl::context::sslv3_server); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv1); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv1_client); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv1_server); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv11); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv11_client); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv11_server); // BUG
////////////////////// Hardcoded algorithms
InterProceduralTest(boost::asio::ssl::context::tlsv12); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv12_client); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv12_server); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv13); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv13_client); // BUG
InterProceduralTest(boost::asio::ssl::context::tlsv13_server); // BUG
}