mirror of
https://github.com/github/codeql.git
synced 2026-01-28 13:53:10 +01:00
52 lines
1.6 KiB
Plaintext
52 lines
1.6 KiB
Plaintext
/**
|
|
* Provides default sources, sinks and sanitizers for reasoning about
|
|
* sensitive information in broken or weak cryptographic algorithms,
|
|
* as well as extension points for adding your own.
|
|
*/
|
|
|
|
import javascript
|
|
private import semmle.javascript.security.SensitiveActions
|
|
private import semmle.javascript.frameworks.CryptoLibraries
|
|
|
|
module BrokenCryptoAlgorithm {
|
|
/**
|
|
* A data flow source for sensitive information in broken or weak cryptographic algorithms.
|
|
*/
|
|
abstract class Source extends DataFlow::Node {
|
|
/** Gets a string that describes the type of this data flow source. */
|
|
abstract string describe();
|
|
}
|
|
|
|
/**
|
|
* A data flow sink for sensitive information in broken or weak cryptographic algorithms.
|
|
*/
|
|
abstract class Sink extends DataFlow::Node { }
|
|
|
|
/**
|
|
* A sanitizer for sensitive information in broken or weak cryptographic algorithms.
|
|
*/
|
|
abstract class Sanitizer extends DataFlow::Node { }
|
|
|
|
/**
|
|
* A sensitive expression, viewed as a data flow source for sensitive information
|
|
* in broken or weak cryptographic algorithms.
|
|
*/
|
|
class SensitiveExprSource extends Source, DataFlow::ValueNode {
|
|
override SensitiveExpr astNode;
|
|
|
|
override string describe() { result = astNode.describe() }
|
|
}
|
|
|
|
/**
|
|
* An expression used by a broken or weak cryptographic algorithm.
|
|
*/
|
|
class WeakCryptographicOperationSink extends Sink {
|
|
WeakCryptographicOperationSink() {
|
|
exists(CryptographicOperation application |
|
|
application.getAlgorithm().isWeak() and
|
|
this.asExpr() = application.getInput()
|
|
)
|
|
}
|
|
}
|
|
}
|