mirror of
https://github.com/github/codeql.git
synced 2026-05-05 13:45:19 +02:00
make some acronyms camelCase
This commit is contained in:
erik-krogh
@@ -714,7 +714,7 @@ module PersistentWriteAccess {
|
||||
* Extend this class to refine existing API models. If you want to model new APIs,
|
||||
* extend `CSRFProtectionSetting::Range` instead.
|
||||
*/
|
||||
class CSRFProtectionSetting extends DataFlow::Node instanceof CSRFProtectionSetting::Range {
|
||||
class CsrfProtectionSetting extends DataFlow::Node instanceof CsrfProtectionSetting::Range {
|
||||
/**
|
||||
* Gets the boolean value corresponding to if CSRF protection is enabled
|
||||
* (`true`) or disabled (`false`) by this node.
|
||||
@@ -722,8 +722,11 @@ class CSRFProtectionSetting extends DataFlow::Node instanceof CSRFProtectionSett
|
||||
boolean getVerificationSetting() { result = super.getVerificationSetting() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for CsrfProtectionSetting */
|
||||
deprecated class CSRFProtectionSetting = CsrfProtectionSetting;
|
||||
|
||||
/** Provides a class for modeling new CSRF protection setting APIs. */
|
||||
module CSRFProtectionSetting {
|
||||
module CsrfProtectionSetting {
|
||||
/**
|
||||
* A data-flow node that may set or unset Cross-site request forgery protection.
|
||||
*
|
||||
@@ -739,6 +742,9 @@ module CSRFProtectionSetting {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for CsrfProtectionSetting */
|
||||
deprecated module CSRFProtectionSetting = CsrfProtectionSetting;
|
||||
|
||||
/** Provides classes for modeling path-related APIs. */
|
||||
module Path {
|
||||
/**
|
||||
|
||||
@@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
private import codeql.ruby.AST
|
||||
private import codeql.ruby.ast.internal.AST as ASTInternal
|
||||
private import codeql.ruby.ast.internal.AST as AstInternal
|
||||
private import codeql.ruby.ast.internal.Scope
|
||||
private import codeql.ruby.ast.Scope
|
||||
private import codeql.ruby.ast.internal.TreeSitter
|
||||
@@ -66,7 +66,7 @@ private class EndBlockScope extends CfgScopeImpl, EndBlock {
|
||||
}
|
||||
}
|
||||
|
||||
private class BodyStmtCallableScope extends CfgScopeImpl, ASTInternal::TBodyStmt, Callable {
|
||||
private class BodyStmtCallableScope extends CfgScopeImpl, AstInternal::TBodyStmt, Callable {
|
||||
final override predicate entry(AstNode first) { this.(Trees::BodyStmtTree).firstInner(first) }
|
||||
|
||||
final override predicate exit(AstNode last, Completion c) {
|
||||
@@ -377,7 +377,7 @@ module Trees {
|
||||
override ControlFlowTree getChildElement(int i) { result = this.getArgument(i) }
|
||||
}
|
||||
|
||||
private class CaseTree extends PostOrderTree, CaseExpr, ASTInternal::TCaseExpr {
|
||||
private class CaseTree extends PostOrderTree, CaseExpr, AstInternal::TCaseExpr {
|
||||
final override predicate propagatesAbnormal(AstNode child) {
|
||||
child = this.getValue() or child = this.getABranch()
|
||||
}
|
||||
@@ -415,7 +415,7 @@ module Trees {
|
||||
}
|
||||
}
|
||||
|
||||
private class CaseMatchTree extends PostOrderTree, CaseExpr, ASTInternal::TCaseMatch {
|
||||
private class CaseMatchTree extends PostOrderTree, CaseExpr, AstInternal::TCaseMatch {
|
||||
final override predicate propagatesAbnormal(AstNode child) {
|
||||
child = this.getValue() or child = this.getABranch()
|
||||
}
|
||||
@@ -1089,7 +1089,7 @@ module Trees {
|
||||
}
|
||||
}
|
||||
|
||||
private class MethodNameTree extends LeafTree, MethodName, ASTInternal::TTokenMethodName { }
|
||||
private class MethodNameTree extends LeafTree, MethodName, AstInternal::TTokenMethodName { }
|
||||
|
||||
private class MethodTree extends BodyStmtTree, Method {
|
||||
final override predicate propagatesAbnormal(AstNode child) { none() }
|
||||
|
||||
@@ -323,7 +323,7 @@ predicate controllerTemplateFile(ActionControllerControllerClass cls, ErbFile te
|
||||
* `skip_before_action :verify_authenticity_token` to disable CSRF authenticity
|
||||
* token protection.
|
||||
*/
|
||||
class ActionControllerSkipForgeryProtectionCall extends CSRFProtectionSetting::Range {
|
||||
class ActionControllerSkipForgeryProtectionCall extends CsrfProtectionSetting::Range {
|
||||
ActionControllerSkipForgeryProtectionCall() {
|
||||
exists(MethodCall call | call = this.asExpr().getExpr() |
|
||||
call.getMethodName() = "skip_forgery_protection"
|
||||
@@ -339,7 +339,7 @@ class ActionControllerSkipForgeryProtectionCall extends CSRFProtectionSetting::R
|
||||
/**
|
||||
* A call to `protect_from_forgery`.
|
||||
*/
|
||||
private class ActionControllerProtectFromForgeryCall extends CSRFProtectionSetting::Range {
|
||||
private class ActionControllerProtectFromForgeryCall extends CsrfProtectionSetting::Range {
|
||||
private ActionControllerContextCall callExpr;
|
||||
|
||||
ActionControllerProtectFromForgeryCall() {
|
||||
|
||||
@@ -183,7 +183,7 @@ private module Settings {
|
||||
* production code.
|
||||
*/
|
||||
private class AllowForgeryProtectionSetting extends Settings::BooleanSetting,
|
||||
CSRFProtectionSetting::Range {
|
||||
CsrfProtectionSetting::Range {
|
||||
AllowForgeryProtectionSetting() {
|
||||
this.getReceiver() instanceof Config::ActionControllerNode and
|
||||
this.getMethodName() = "allow_forgery_protection="
|
||||
@@ -204,9 +204,9 @@ private class EncryptedCookieCipherSetting extends Settings::StringlikeSetting,
|
||||
this.getMethodName() = "encrypted_cookie_cipher="
|
||||
}
|
||||
|
||||
OpenSSLCipher getCipher() { this.getValueText() = result.getName() }
|
||||
OpenSslCipher getCipher() { this.getValueText() = result.getName() }
|
||||
|
||||
OpenSSLCipher getDefaultCipher() { result.getName() = "aes-256-gcm" }
|
||||
OpenSslCipher getDefaultCipher() { result.getName() = "aes-256-gcm" }
|
||||
|
||||
override string getSecurityWarningMessage() {
|
||||
this.getCipher().isWeak() and
|
||||
|
||||
@@ -109,7 +109,7 @@ private class FeatureNONET extends Feature, TNONET {
|
||||
override string getConstantName() { result = "NONET" }
|
||||
}
|
||||
|
||||
private class FeatureDTDLOAD extends Feature, TDTDLOAD {
|
||||
private class FeatureDtdLoad extends Feature, TDTDLOAD {
|
||||
override int getValue() { result = 4 }
|
||||
|
||||
override string getConstantName() { result = "DTDLOAD" }
|
||||
|
||||
@@ -87,7 +87,7 @@ module Ciphers {
|
||||
*
|
||||
* See https://ruby-doc.org/stdlib-3.0.1/libdoc/openssl/rdoc/OpenSSL/Cipher.html
|
||||
*/
|
||||
predicate isOpenSSLCipher(string name) {
|
||||
predicate isOpenSslCipher(string name) {
|
||||
name =
|
||||
[
|
||||
"aes-128-cbc", "aes-128-cbc-hmac-sha1", "aes-128-cbc-hmac-sha256", "aes-128-ccm",
|
||||
@@ -139,6 +139,9 @@ module Ciphers {
|
||||
]
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for isOpenSslCipher */
|
||||
deprecated predicate isOpenSSLCipher = isOpenSslCipher/1;
|
||||
|
||||
/**
|
||||
* Gets the canonical cipher name in cases where this isn't simply an
|
||||
* upcased version of the provided name. This may be because a default block
|
||||
@@ -249,7 +252,7 @@ module Ciphers {
|
||||
* No result if `name` is not a known OpenSSL cipher name.
|
||||
*/
|
||||
string getCanonicalCipherName(string name) {
|
||||
isOpenSSLCipher(name) and
|
||||
isOpenSslCipher(name) and
|
||||
(
|
||||
result = getSpecialCanonicalCipherName(name)
|
||||
or
|
||||
@@ -261,20 +264,26 @@ module Ciphers {
|
||||
/**
|
||||
* Holds if `name` is the name of an OpenSSL cipher that is known to be weak.
|
||||
*/
|
||||
predicate isWeakOpenSSLCipher(string name) {
|
||||
isOpenSSLCipher(name) and
|
||||
predicate isWeakOpenSslCipher(string name) {
|
||||
isOpenSslCipher(name) and
|
||||
name.toUpperCase().regexpMatch(getInsecureAlgorithmRegex())
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for isWeakOpenSslCipher */
|
||||
deprecated predicate isWeakOpenSSLCipher = isWeakOpenSslCipher/1;
|
||||
|
||||
/**
|
||||
* Holds if `name` is the name of an OpenSSL cipher that is known to be strong.
|
||||
*/
|
||||
predicate isStrongOpenSSLCipher(string name) {
|
||||
isOpenSSLCipher(name) and
|
||||
predicate isStrongOpenSslCipher(string name) {
|
||||
isOpenSslCipher(name) and
|
||||
name.toUpperCase().regexpMatch(getSecureAlgorithmRegex()) and
|
||||
// exclude algorithms that include a weak component
|
||||
not name.toUpperCase().regexpMatch(getInsecureAlgorithmRegex())
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for isStrongOpenSslCipher */
|
||||
deprecated predicate isStrongOpenSSLCipher = isStrongOpenSslCipher/1;
|
||||
}
|
||||
|
||||
private import Ciphers
|
||||
@@ -282,22 +291,22 @@ private import Ciphers
|
||||
/**
|
||||
* An OpenSSL cipher.
|
||||
*/
|
||||
private newtype TOpenSSLCipher =
|
||||
MkOpenSSLCipher(string name, boolean isWeak) {
|
||||
isStrongOpenSSLCipher(name) and isWeak = false
|
||||
private newtype TOpenSslCipher =
|
||||
MkOpenSslCipher(string name, boolean isWeak) {
|
||||
isStrongOpenSslCipher(name) and isWeak = false
|
||||
or
|
||||
isWeakOpenSSLCipher(name) and isWeak = true
|
||||
isWeakOpenSslCipher(name) and isWeak = true
|
||||
}
|
||||
|
||||
/**
|
||||
* A known OpenSSL cipher. This may include information about the block
|
||||
* encryption mode, which can affect if the cipher is marked as being weak.
|
||||
*/
|
||||
class OpenSSLCipher extends MkOpenSSLCipher {
|
||||
class OpenSslCipher extends MkOpenSslCipher {
|
||||
string name;
|
||||
boolean isWeak;
|
||||
|
||||
OpenSSLCipher() { this = MkOpenSSLCipher(name, isWeak) }
|
||||
OpenSslCipher() { this = MkOpenSslCipher(name, isWeak) }
|
||||
|
||||
/**
|
||||
* Gets a name of this cipher.
|
||||
@@ -325,6 +334,9 @@ class OpenSSLCipher extends MkOpenSSLCipher {
|
||||
Cryptography::EncryptionAlgorithm getAlgorithm() { result.matchesName(this.getCanonicalName()) }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for OpenSslCipher */
|
||||
deprecated class OpenSSLCipher = OpenSslCipher;
|
||||
|
||||
/** `OpenSSL::Cipher` or `OpenSSL::Cipher::Cipher` */
|
||||
private API::Node cipherApi() {
|
||||
result = API::getTopLevelMember("OpenSSL").getMember("Cipher") or
|
||||
@@ -394,7 +406,7 @@ private Cryptography::BlockMode getBlockModeFromCipherName(string blockCipherNam
|
||||
* `cipher` instance with mode `cipherMode`.
|
||||
*/
|
||||
private predicate cipherInstantiationGeneric(
|
||||
DataFlow::CallNode call, OpenSSLCipher cipher, CipherMode cipherMode
|
||||
DataFlow::CallNode call, OpenSslCipher cipher, CipherMode cipherMode
|
||||
) {
|
||||
exists(string cipherName | cipher.matchesName(cipherName) |
|
||||
// `OpenSSL::Cipher.new('<cipherName>')`
|
||||
@@ -412,7 +424,7 @@ private predicate cipherInstantiationGeneric(
|
||||
* with mode `cipherMode`.
|
||||
*/
|
||||
private predicate cipherInstantiationAES(
|
||||
DataFlow::CallNode call, OpenSSLCipher cipher, CipherMode cipherMode
|
||||
DataFlow::CallNode call, OpenSslCipher cipher, CipherMode cipherMode
|
||||
) {
|
||||
exists(string cipherName | cipher.matchesName(cipherName) |
|
||||
// `OpenSSL::Cipher::AES` instantiations
|
||||
@@ -459,7 +471,7 @@ private predicate cipherInstantiationAES(
|
||||
* specific to a block encryption algorithm, e.g. Blowfish, DES, etc.
|
||||
*/
|
||||
private predicate cipherInstantiationSpecific(
|
||||
DataFlow::CallNode call, OpenSSLCipher cipher, CipherMode cipherMode
|
||||
DataFlow::CallNode call, OpenSslCipher cipher, CipherMode cipherMode
|
||||
) {
|
||||
exists(string cipherName | cipher.matchesName(cipherName) |
|
||||
// Block ciphers with dedicated modules
|
||||
@@ -486,7 +498,7 @@ private predicate cipherInstantiationSpecific(
|
||||
* instance with mode `cipherMode`.
|
||||
*/
|
||||
private predicate cipherInstantiationRC4(
|
||||
DataFlow::CallNode call, OpenSSLCipher cipher, CipherMode cipherMode
|
||||
DataFlow::CallNode call, OpenSslCipher cipher, CipherMode cipherMode
|
||||
) {
|
||||
exists(string cipherName | cipher.matchesName(cipherName) |
|
||||
// RC4 stream cipher
|
||||
@@ -502,7 +514,7 @@ private predicate cipherInstantiationRC4(
|
||||
|
||||
/** A call to `OpenSSL::Cipher.new` or similar. */
|
||||
private class CipherInstantiation extends DataFlow::CallNode {
|
||||
private OpenSSLCipher cipher;
|
||||
private OpenSslCipher cipher;
|
||||
private CipherMode cipherMode;
|
||||
|
||||
CipherInstantiation() {
|
||||
@@ -512,15 +524,15 @@ private class CipherInstantiation extends DataFlow::CallNode {
|
||||
cipherInstantiationRC4(this, cipher, cipherMode)
|
||||
}
|
||||
|
||||
/** Gets the `OpenSSLCipher` associated with this instance. */
|
||||
OpenSSLCipher getCipher() { result = cipher }
|
||||
/** Gets the `OpenSslCipher` associated with this instance. */
|
||||
OpenSslCipher getCipher() { result = cipher }
|
||||
|
||||
/** Gets the mode used by this cipher, if applicable. */
|
||||
CipherMode getCipherMode() { result = cipherMode }
|
||||
}
|
||||
|
||||
private DataFlow::LocalSourceNode cipherInstance(
|
||||
TypeTracker t, OpenSSLCipher cipher, CipherMode cipherMode
|
||||
TypeTracker t, OpenSslCipher cipher, CipherMode cipherMode
|
||||
) {
|
||||
t.start() and
|
||||
result.(CipherInstantiation).getCipher() = cipher and
|
||||
@@ -531,13 +543,13 @@ private DataFlow::LocalSourceNode cipherInstance(
|
||||
|
||||
/** A node with flow from `OpenSSL::Cipher.new`. */
|
||||
private class CipherNode extends DataFlow::Node {
|
||||
private OpenSSLCipher cipher;
|
||||
private OpenSslCipher cipher;
|
||||
private CipherMode cipherMode;
|
||||
|
||||
CipherNode() { cipherInstance(TypeTracker::end(), cipher, cipherMode).flowsTo(this) }
|
||||
|
||||
/** Gets the cipher associated with this node. */
|
||||
OpenSSLCipher getCipher() { result = cipher }
|
||||
OpenSslCipher getCipher() { result = cipher }
|
||||
|
||||
/** Gets the cipher associated with this node. */
|
||||
CipherMode getCipherMode() { result = cipherMode }
|
||||
|
||||
Reference in New Issue
Block a user