hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Crypto: Addressing FPs in BadMacOrderMacOnEncryptPlaintext

Browse Source
This commit is contained in:
REDMOND\brodes
2025-10-16 16:11:42 -04:00
parent 5923e5cbb0
commit ef6f0222f2
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
java/ql/src/experimental/quantum/Examples/BadMacOrderMacOnEncryptPlaintext.ql
View File

@@ -28,6 +28,15 @@ module CommonDataFlowNodeConfig implements DataFlow::ConfigSig {
sink = any(Crypto::FlowAwareElement other).getInputNode()
}
// Don't go in to a known out node, this will prevent the plaintext
// from tracing out of cipher operations for example, we just want to trace
// the plaintext to uses.
// NOTE: we are not using a barrier out on input nodes, because
// that would remove 'use-use' flows, which we need
predicate isBarrierIn(DataFlow::Node node) {
node = any(Crypto::FlowAwareElement element).getOutputNode()
}
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
node1.(AdditionalFlowInputStep).getOutput() = node2
or
@@ -43,6 +52,7 @@ module CommonDataFlowNodeFlow = TaintTracking::Global<CommonDataFlowNodeConfig>;
from DataFlow::Node src, DataFlow::Node sink1, DataFlow::Node sink2
where
not src.asExpr() instanceof NullLiteral and
CommonDataFlowNodeFlow::flow(src, sink1) and
CommonDataFlowNodeFlow::flow(src, sink2) and
exists(Crypto::CipherOperationNode cipherOp |