hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Renamed NonConstantTimeCryptoComparison.ql to NonConstantTimeCheckOnSignature.ql

Browse Source
This commit is contained in:
Artem Smotrakov
2021-07-04 15:37:43 +02:00
committed by Fosstars
parent 8b557765b3
commit e3b6ceade5
7 changed files with 52 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
java/ql/test/experimental/query-tests/security/CWE-208/NonConstantTimeCheckOnSignature.expected Normal file
View File

@@ -0,0 +1,50 @@
edges
| NonConstantTimeCheckOnSignature.java:21:32:21:48 | doFinal(...) : byte[] | NonConstantTimeCheckOnSignature.java:23:47:23:55 | actualMac |
| NonConstantTimeCheckOnSignature.java:33:32:33:44 | doFinal(...) : byte[] | NonConstantTimeCheckOnSignature.java:35:88:35:96 | actualMac : byte[] |
| NonConstantTimeCheckOnSignature.java:35:88:35:96 | actualMac : byte[] | NonConstantTimeCheckOnSignature.java:35:70:35:97 | castToObjectArray(...) |
| NonConstantTimeCheckOnSignature.java:46:25:46:33 | actualMac : byte[] | NonConstantTimeCheckOnSignature.java:48:47:48:55 | actualMac |
| NonConstantTimeCheckOnSignature.java:71:32:71:44 | sign(...) : byte[] | NonConstantTimeCheckOnSignature.java:73:44:73:52 | signature |
| NonConstantTimeCheckOnSignature.java:85:25:85:33 | signature : byte[] | NonConstantTimeCheckOnSignature.java:87:44:87:52 | signature |
| NonConstantTimeCheckOnSignature.java:111:26:111:45 | doFinal(...) : byte[] | NonConstantTimeCheckOnSignature.java:113:49:113:51 | tag |
| NonConstantTimeCheckOnSignature.java:128:28:128:30 | tag : byte[] | NonConstantTimeCheckOnSignature.java:130:44:130:46 | tag |
| NonConstantTimeCheckOnSignature.java:146:56:146:58 | tag : ByteBuffer | NonConstantTimeCheckOnSignature.java:148:44:148:46 | tag : ByteBuffer |
| NonConstantTimeCheckOnSignature.java:148:44:148:46 | tag : ByteBuffer | NonConstantTimeCheckOnSignature.java:148:44:148:54 | array(...) |
| NonConstantTimeCheckOnSignature.java:160:56:160:58 | tag : ByteBuffer | NonConstantTimeCheckOnSignature.java:162:53:162:55 | tag |
| NonConstantTimeCheckOnSignature.java:185:26:185:50 | doFinal(...) : byte[] | NonConstantTimeCheckOnSignature.java:187:44:187:46 | tag |
| NonConstantTimeCheckOnSignature.java:220:34:220:50 | doFinal(...) : byte[] | NonConstantTimeCheckOnSignature.java:223:26:223:36 | computedTag |
nodes
| NonConstantTimeCheckOnSignature.java:21:32:21:48 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] |
| NonConstantTimeCheckOnSignature.java:23:47:23:55 | actualMac | semmle.label | actualMac |
| NonConstantTimeCheckOnSignature.java:33:32:33:44 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] |
| NonConstantTimeCheckOnSignature.java:35:70:35:97 | castToObjectArray(...) | semmle.label | castToObjectArray(...) |
| NonConstantTimeCheckOnSignature.java:35:88:35:96 | actualMac : byte[] | semmle.label | actualMac : byte[] |
| NonConstantTimeCheckOnSignature.java:46:25:46:33 | actualMac : byte[] | semmle.label | actualMac : byte[] |
| NonConstantTimeCheckOnSignature.java:48:47:48:55 | actualMac | semmle.label | actualMac |
| NonConstantTimeCheckOnSignature.java:71:32:71:44 | sign(...) : byte[] | semmle.label | sign(...) : byte[] |
| NonConstantTimeCheckOnSignature.java:73:44:73:52 | signature | semmle.label | signature |
| NonConstantTimeCheckOnSignature.java:85:25:85:33 | signature : byte[] | semmle.label | signature : byte[] |
| NonConstantTimeCheckOnSignature.java:87:44:87:52 | signature | semmle.label | signature |
| NonConstantTimeCheckOnSignature.java:111:26:111:45 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] |
| NonConstantTimeCheckOnSignature.java:113:49:113:51 | tag | semmle.label | tag |
| NonConstantTimeCheckOnSignature.java:128:28:128:30 | tag : byte[] | semmle.label | tag : byte[] |
| NonConstantTimeCheckOnSignature.java:130:44:130:46 | tag | semmle.label | tag |
| NonConstantTimeCheckOnSignature.java:146:56:146:58 | tag : ByteBuffer | semmle.label | tag : ByteBuffer |
| NonConstantTimeCheckOnSignature.java:148:44:148:46 | tag : ByteBuffer | semmle.label | tag : ByteBuffer |
| NonConstantTimeCheckOnSignature.java:148:44:148:54 | array(...) | semmle.label | array(...) |
| NonConstantTimeCheckOnSignature.java:160:56:160:58 | tag : ByteBuffer | semmle.label | tag : ByteBuffer |
| NonConstantTimeCheckOnSignature.java:162:53:162:55 | tag | semmle.label | tag |
| NonConstantTimeCheckOnSignature.java:185:26:185:50 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] |
| NonConstantTimeCheckOnSignature.java:187:44:187:46 | tag | semmle.label | tag |
| NonConstantTimeCheckOnSignature.java:220:34:220:50 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] |
| NonConstantTimeCheckOnSignature.java:223:26:223:36 | computedTag | semmle.label | computedTag |
#select
| NonConstantTimeCheckOnSignature.java:23:47:23:55 | actualMac | NonConstantTimeCheckOnSignature.java:21:32:21:48 | doFinal(...) : byte[] | NonConstantTimeCheckOnSignature.java:23:47:23:55 | actualMac | Using a non-constant-time method for cheching a $@. | NonConstantTimeCheckOnSignature.java:21:32:21:48 | doFinal(...) : byte[] | MAC |
| NonConstantTimeCheckOnSignature.java:35:70:35:97 | castToObjectArray(...) | NonConstantTimeCheckOnSignature.java:33:32:33:44 | doFinal(...) : byte[] | NonConstantTimeCheckOnSignature.java:35:70:35:97 | castToObjectArray(...) | Using a non-constant-time method for cheching a $@. | NonConstantTimeCheckOnSignature.java:33:32:33:44 | doFinal(...) : byte[] | MAC |
| NonConstantTimeCheckOnSignature.java:48:47:48:55 | actualMac | NonConstantTimeCheckOnSignature.java:46:25:46:33 | actualMac : byte[] | NonConstantTimeCheckOnSignature.java:48:47:48:55 | actualMac | Using a non-constant-time method for cheching a $@. | NonConstantTimeCheckOnSignature.java:46:25:46:33 | actualMac : byte[] | MAC |
| NonConstantTimeCheckOnSignature.java:73:44:73:52 | signature | NonConstantTimeCheckOnSignature.java:71:32:71:44 | sign(...) : byte[] | NonConstantTimeCheckOnSignature.java:73:44:73:52 | signature | Using a non-constant-time method for cheching a $@. | NonConstantTimeCheckOnSignature.java:71:32:71:44 | sign(...) : byte[] | signature |
| NonConstantTimeCheckOnSignature.java:87:44:87:52 | signature | NonConstantTimeCheckOnSignature.java:85:25:85:33 | signature : byte[] | NonConstantTimeCheckOnSignature.java:87:44:87:52 | signature | Using a non-constant-time method for cheching a $@. | NonConstantTimeCheckOnSignature.java:85:25:85:33 | signature : byte[] | signature |
| NonConstantTimeCheckOnSignature.java:113:49:113:51 | tag | NonConstantTimeCheckOnSignature.java:111:26:111:45 | doFinal(...) : byte[] | NonConstantTimeCheckOnSignature.java:113:49:113:51 | tag | Using a non-constant-time method for cheching a $@. | NonConstantTimeCheckOnSignature.java:111:26:111:45 | doFinal(...) : byte[] | ciphertext |
| NonConstantTimeCheckOnSignature.java:130:44:130:46 | tag | NonConstantTimeCheckOnSignature.java:128:28:128:30 | tag : byte[] | NonConstantTimeCheckOnSignature.java:130:44:130:46 | tag | Using a non-constant-time method for cheching a $@. | NonConstantTimeCheckOnSignature.java:128:28:128:30 | tag : byte[] | ciphertext |
| NonConstantTimeCheckOnSignature.java:148:44:148:54 | array(...) | NonConstantTimeCheckOnSignature.java:146:56:146:58 | tag : ByteBuffer | NonConstantTimeCheckOnSignature.java:148:44:148:54 | array(...) | Using a non-constant-time method for cheching a $@. | NonConstantTimeCheckOnSignature.java:146:56:146:58 | tag : ByteBuffer | ciphertext |
| NonConstantTimeCheckOnSignature.java:162:53:162:55 | tag | NonConstantTimeCheckOnSignature.java:160:56:160:58 | tag : ByteBuffer | NonConstantTimeCheckOnSignature.java:162:53:162:55 | tag | Using a non-constant-time method for cheching a $@. | NonConstantTimeCheckOnSignature.java:160:56:160:58 | tag : ByteBuffer | ciphertext |
| NonConstantTimeCheckOnSignature.java:187:44:187:46 | tag | NonConstantTimeCheckOnSignature.java:185:26:185:50 | doFinal(...) : byte[] | NonConstantTimeCheckOnSignature.java:187:44:187:46 | tag | Using a non-constant-time method for cheching a $@. | NonConstantTimeCheckOnSignature.java:185:26:185:50 | doFinal(...) : byte[] | ciphertext |

2
java/ql/test/experimental/query-tests/security/CWE-208/NonConstantTimeCryptoComparison.java → java/ql/test/experimental/query-tests/security/CWE-208/NonConstantTimeCheckOnSignature.java
View File

@@ -10,7 +10,7 @@ import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.Mac;
public class NonConstantTimeCryptoComparison {
public class NonConstantTimeCheckOnSignature {
// BAD: compare MACs using a non-constant-time method
public boolean unsafeMacCheckWithArrayEquals(Socket socket) throws Exception {

1
java/ql/test/experimental/query-tests/security/CWE-208/NonConstantTimeCheckOnSignature.qlref Normal file
View File

@@ -0,0 +1 @@
experimental/Security/CWE/CWE-208/NonConstantTimeCheckOnSignature.ql

50
java/ql/test/experimental/query-tests/security/CWE-208/NonConstantTimeCryptoComparison.expected
View File

@@ -1,50 +0,0 @@
edges
| NonConstantTimeCryptoComparison.java:21:32:21:48 | doFinal(...) : byte[] | NonConstantTimeCryptoComparison.java:23:47:23:55 | actualMac |
| NonConstantTimeCryptoComparison.java:33:32:33:44 | doFinal(...) : byte[] | NonConstantTimeCryptoComparison.java:35:88:35:96 | actualMac : byte[] |
| NonConstantTimeCryptoComparison.java:35:88:35:96 | actualMac : byte[] | NonConstantTimeCryptoComparison.java:35:70:35:97 | castToObjectArray(...) |
| NonConstantTimeCryptoComparison.java:46:25:46:33 | actualMac : byte[] | NonConstantTimeCryptoComparison.java:48:47:48:55 | actualMac |
| NonConstantTimeCryptoComparison.java:71:32:71:44 | sign(...) : byte[] | NonConstantTimeCryptoComparison.java:73:44:73:52 | signature |
| NonConstantTimeCryptoComparison.java:85:25:85:33 | signature : byte[] | NonConstantTimeCryptoComparison.java:87:44:87:52 | signature |
| NonConstantTimeCryptoComparison.java:111:26:111:45 | doFinal(...) : byte[] | NonConstantTimeCryptoComparison.java:113:49:113:51 | tag |
| NonConstantTimeCryptoComparison.java:128:28:128:30 | tag : byte[] | NonConstantTimeCryptoComparison.java:130:44:130:46 | tag |
| NonConstantTimeCryptoComparison.java:146:56:146:58 | tag : ByteBuffer | NonConstantTimeCryptoComparison.java:148:44:148:46 | tag : ByteBuffer |
| NonConstantTimeCryptoComparison.java:148:44:148:46 | tag : ByteBuffer | NonConstantTimeCryptoComparison.java:148:44:148:54 | array(...) |
| NonConstantTimeCryptoComparison.java:160:56:160:58 | tag : ByteBuffer | NonConstantTimeCryptoComparison.java:162:53:162:55 | tag |
| NonConstantTimeCryptoComparison.java:185:26:185:50 | doFinal(...) : byte[] | NonConstantTimeCryptoComparison.java:187:44:187:46 | tag |
| NonConstantTimeCryptoComparison.java:220:34:220:50 | doFinal(...) : byte[] | NonConstantTimeCryptoComparison.java:223:26:223:36 | computedTag |
nodes
| NonConstantTimeCryptoComparison.java:21:32:21:48 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] |
| NonConstantTimeCryptoComparison.java:23:47:23:55 | actualMac | semmle.label | actualMac |
| NonConstantTimeCryptoComparison.java:33:32:33:44 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] |
| NonConstantTimeCryptoComparison.java:35:70:35:97 | castToObjectArray(...) | semmle.label | castToObjectArray(...) |
| NonConstantTimeCryptoComparison.java:35:88:35:96 | actualMac : byte[] | semmle.label | actualMac : byte[] |
| NonConstantTimeCryptoComparison.java:46:25:46:33 | actualMac : byte[] | semmle.label | actualMac : byte[] |
| NonConstantTimeCryptoComparison.java:48:47:48:55 | actualMac | semmle.label | actualMac |
| NonConstantTimeCryptoComparison.java:71:32:71:44 | sign(...) : byte[] | semmle.label | sign(...) : byte[] |
| NonConstantTimeCryptoComparison.java:73:44:73:52 | signature | semmle.label | signature |
| NonConstantTimeCryptoComparison.java:85:25:85:33 | signature : byte[] | semmle.label | signature : byte[] |
| NonConstantTimeCryptoComparison.java:87:44:87:52 | signature | semmle.label | signature |
| NonConstantTimeCryptoComparison.java:111:26:111:45 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] |
| NonConstantTimeCryptoComparison.java:113:49:113:51 | tag | semmle.label | tag |
| NonConstantTimeCryptoComparison.java:128:28:128:30 | tag : byte[] | semmle.label | tag : byte[] |
| NonConstantTimeCryptoComparison.java:130:44:130:46 | tag | semmle.label | tag |
| NonConstantTimeCryptoComparison.java:146:56:146:58 | tag : ByteBuffer | semmle.label | tag : ByteBuffer |
| NonConstantTimeCryptoComparison.java:148:44:148:46 | tag : ByteBuffer | semmle.label | tag : ByteBuffer |
| NonConstantTimeCryptoComparison.java:148:44:148:54 | array(...) | semmle.label | array(...) |
| NonConstantTimeCryptoComparison.java:160:56:160:58 | tag : ByteBuffer | semmle.label | tag : ByteBuffer |
| NonConstantTimeCryptoComparison.java:162:53:162:55 | tag | semmle.label | tag |
| NonConstantTimeCryptoComparison.java:185:26:185:50 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] |
| NonConstantTimeCryptoComparison.java:187:44:187:46 | tag | semmle.label | tag |
| NonConstantTimeCryptoComparison.java:220:34:220:50 | doFinal(...) : byte[] | semmle.label | doFinal(...) : byte[] |
| NonConstantTimeCryptoComparison.java:223:26:223:36 | computedTag | semmle.label | computedTag |
#select
| NonConstantTimeCryptoComparison.java:23:47:23:55 | actualMac | NonConstantTimeCryptoComparison.java:21:32:21:48 | doFinal(...) : byte[] | NonConstantTimeCryptoComparison.java:23:47:23:55 | actualMac | Using a non-constant-time method for cheching a $@. | NonConstantTimeCryptoComparison.java:21:32:21:48 | doFinal(...) : byte[] | MAC |
| NonConstantTimeCryptoComparison.java:35:70:35:97 | castToObjectArray(...) | NonConstantTimeCryptoComparison.java:33:32:33:44 | doFinal(...) : byte[] | NonConstantTimeCryptoComparison.java:35:70:35:97 | castToObjectArray(...) | Using a non-constant-time method for cheching a $@. | NonConstantTimeCryptoComparison.java:33:32:33:44 | doFinal(...) : byte[] | MAC |
| NonConstantTimeCryptoComparison.java:48:47:48:55 | actualMac | NonConstantTimeCryptoComparison.java:46:25:46:33 | actualMac : byte[] | NonConstantTimeCryptoComparison.java:48:47:48:55 | actualMac | Using a non-constant-time method for cheching a $@. | NonConstantTimeCryptoComparison.java:46:25:46:33 | actualMac : byte[] | MAC |
| NonConstantTimeCryptoComparison.java:73:44:73:52 | signature | NonConstantTimeCryptoComparison.java:71:32:71:44 | sign(...) : byte[] | NonConstantTimeCryptoComparison.java:73:44:73:52 | signature | Using a non-constant-time method for cheching a $@. | NonConstantTimeCryptoComparison.java:71:32:71:44 | sign(...) : byte[] | signature |
| NonConstantTimeCryptoComparison.java:87:44:87:52 | signature | NonConstantTimeCryptoComparison.java:85:25:85:33 | signature : byte[] | NonConstantTimeCryptoComparison.java:87:44:87:52 | signature | Using a non-constant-time method for cheching a $@. | NonConstantTimeCryptoComparison.java:85:25:85:33 | signature : byte[] | signature |
| NonConstantTimeCryptoComparison.java:113:49:113:51 | tag | NonConstantTimeCryptoComparison.java:111:26:111:45 | doFinal(...) : byte[] | NonConstantTimeCryptoComparison.java:113:49:113:51 | tag | Using a non-constant-time method for cheching a $@. | NonConstantTimeCryptoComparison.java:111:26:111:45 | doFinal(...) : byte[] | ciphertext |
| NonConstantTimeCryptoComparison.java:130:44:130:46 | tag | NonConstantTimeCryptoComparison.java:128:28:128:30 | tag : byte[] | NonConstantTimeCryptoComparison.java:130:44:130:46 | tag | Using a non-constant-time method for cheching a $@. | NonConstantTimeCryptoComparison.java:128:28:128:30 | tag : byte[] | ciphertext |
| NonConstantTimeCryptoComparison.java:148:44:148:54 | array(...) | NonConstantTimeCryptoComparison.java:146:56:146:58 | tag : ByteBuffer | NonConstantTimeCryptoComparison.java:148:44:148:54 | array(...) | Using a non-constant-time method for cheching a $@. | NonConstantTimeCryptoComparison.java:146:56:146:58 | tag : ByteBuffer | ciphertext |
| NonConstantTimeCryptoComparison.java:162:53:162:55 | tag | NonConstantTimeCryptoComparison.java:160:56:160:58 | tag : ByteBuffer | NonConstantTimeCryptoComparison.java:162:53:162:55 | tag | Using a non-constant-time method for cheching a $@. | NonConstantTimeCryptoComparison.java:160:56:160:58 | tag : ByteBuffer | ciphertext |
| NonConstantTimeCryptoComparison.java:187:44:187:46 | tag | NonConstantTimeCryptoComparison.java:185:26:185:50 | doFinal(...) : byte[] | NonConstantTimeCryptoComparison.java:187:44:187:46 | tag | Using a non-constant-time method for cheching a $@. | NonConstantTimeCryptoComparison.java:185:26:185:50 | doFinal(...) : byte[] | ciphertext |

1
java/ql/test/experimental/query-tests/security/CWE-208/NonConstantTimeCryptoComparison.qlref
View File

@@ -1 +0,0 @@
experimental/Security/CWE/CWE-208/NonConstantTimeCryptoComparison.ql