Port changes to JavaScript. · github/codeql@741735c · GitHub
Skip to content

Commit 741735c

Browse files
author
Max Schaefer
committed
Port changes to JavaScript.
1 parent 3939167 commit 741735c

5 files changed

Lines changed: 83 additions & 36 deletions

File tree

javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll

Lines changed: 49 additions & 18 deletions

javascript/ql/lib/semmle/javascript/internal/ConceptsShared.qll

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,9 @@ module Cryptography {
4040
/** Gets the algorithm used, if it matches a known `CryptographicAlgorithm`. */
4141
CryptographicAlgorithm getAlgorithm() { result = super.getAlgorithm() }
4242

43+
/** Gets the data-flow node where the cryptographic algorithm used in this operation is configured. */
44+
DataFlow::Node getInitialization() { result = super.getInitialization() }
45+
4346
/** Gets an input the algorithm is used on, for example the plain text input to be encrypted. */
4447
DataFlow::Node getAnInput() { result = super.getAnInput() }
4548

@@ -65,6 +68,9 @@ module Cryptography {
6568
* extend `CryptographicOperation` instead.
6669
*/
6770
abstract class Range extends DataFlow::Node {
71+
/** Gets the data-flow node where the cryptographic algorithm used in this operation is configured. */
72+
abstract DataFlow::Node getInitialization();
73+
6874
/** Gets the algorithm used, if it matches a known `CryptographicAlgorithm`. */
6975
abstract CryptographicAlgorithm getAlgorithm();
7076

javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmCustomizations.qll

Lines changed: 14 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,10 @@ module BrokenCryptoAlgorithm {
1919
/**
2020
* A data flow sink for sensitive information in broken or weak cryptographic algorithms.
2121
*/
22-
abstract class Sink extends DataFlow::Node { }
22+
abstract class Sink extends DataFlow::Node {
23+
/** Gets the data-flow node where the cryptographic algorithm used in this operation is configured. */
24+
abstract DataFlow::Node getInitialization();
25+
}
2326

2427
/**
2528
* A sanitizer for sensitive information in broken or weak cryptographic algorithms.
@@ -38,15 +41,17 @@ module BrokenCryptoAlgorithm {
3841
* An expression used by a broken or weak cryptographic algorithm.
3942
*/
4043
class WeakCryptographicOperationSink extends Sink {
44+
CryptographicOperation application;
45+
4146
WeakCryptographicOperationSink() {
42-
exists(CryptographicOperation application |
43-
(
44-
application.getAlgorithm().isWeak()
45-
or
46-
application.getBlockMode().isWeak()
47-
) and
48-
this = application.getAnInput()
49-
)
47+
(
48+
application.getAlgorithm().isWeak()
49+
or
50+
application.getBlockMode().isWeak()
51+
) and
52+
this = application.getAnInput()
5053
}
54+
55+
override DataFlow::Node getInitialization() { result = application.getInitialization() }
5156
}
5257
}

javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,14 @@ import semmle.javascript.security.dataflow.BrokenCryptoAlgorithmQuery
1616
import semmle.javascript.security.SensitiveActions
1717
import DataFlow::PathGraph
1818

19-
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
19+
from
20+
Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Source sourceNode,
21+
Sink sinkNode
2022
where
2123
cfg.hasFlowPath(source, sink) and
22-
not source.getNode() instanceof CleartextPasswordExpr // flagged by js/insufficient-password-hash
23-
select sink.getNode(), source, sink, "A broken or weak cryptographic algorithm depends on $@.",
24-
source.getNode(), "sensitive data from " + source.getNode().(Source).describe()
24+
sourceNode = source.getNode() and
25+
sinkNode = sink.getNode() and
26+
not sourceNode instanceof CleartextPasswordExpr // flagged by js/insufficient-password-hash
27+
select sinkNode, source, sink,
28+
"A broken or weak cryptographic algorithm (configured $@) depends on $@.",
29+
sinkNode.getInitialization(), "here", sourceNode, "sensitive data from " + sourceNode.describe()

javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected

Lines changed: 5 additions & 5 deletions

0 commit comments

Comments
 (0)