Skip to content

Commit

Permalink
Cryptographic sinks
Browse files Browse the repository at this point in the history
  • Loading branch information
egregius313 committed Aug 1, 2023
1 parent 50d95f2 commit 63677b0
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 0 deletions.
17 changes: 17 additions & 0 deletions java/ql/lib/ext/java.security.spec.model.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["java.security.spec", "DSAParameterSpec", False, "DSAParameterSpec", "", "", "Argument[0..2]", "crypto-parameter", "manual"]
- ["java.security.spec", "DSAPrivateKeySpec", False, "DSAPrivateKeySpec", "", "", "Argument[0..3]", "crypto-parameter", "manual"]
- ["java.security.spec", "DSAPublicKeySpec", False, "DSAPublicKeySpec", "", "", "Argument[0..3]", "crypto-parameter", "manual"]
- ["java.security.spec", "ECPrivateKeySpec", False, "ECPrivateKeySpec", "", "", "Argument[0]", "crypto-parameter", "manual"]
- ["java.security.spec", "EncodedKeySpec", False, "EncodedKeySpec", "", "", "Argument[0]", "crypto-parameter", "manual"]
- ["java.security.spec", "PKCS8EncodedKeySpec", False, "PKCS8EncodedKeySpec", "", "", "Argument[0]", "crypto-parameter", "manual"]
- ["java.security.spec", "RSAMultiPrimePrivateCrtKeySpec", False, "RSAMultiPrimePrivateCrtKeySpec", "", "", "Argument[0..8]", "crypto-parameter", "manual"]
- ["java.security.spec", "RSAPrivateCrtKeySpec", False, "RSAPrivateCrtKeySpec", "", "", "Argument[0..7]", "crypto-parameter", "manual"]
- ["java.security.spec", "RSAPrivateKeySpec", False, "RSAPrivateKeySpec", "", "", "Argument[0..1]", "crypto-parameter", "manual"]
- ["java.security.spec", "RSAPublicKeySpec", False, "RSAPublicKeySpec", "", "", "Argument[0..1]", "crypto-parameter", "manual"]
- ["java.security.spec", "X509EncodedKeySpec", False, "X509EncodedKeySpec", "", "", "Argument[0]", "crypto-parameter", "manual"]

20 changes: 20 additions & 0 deletions java/ql/lib/ext/javax.crypto.spec.model.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["javax.crypto.spec", "DESedeKeySpec", False, "DESedeKeySpec", "", "", "Argument[0]", "crypto-parameter", "manual"]
- ["javax.crypto.spec", "DESKeySpec", False, "DESKeySpec", "", "", "Argument[0]", "crypto-parameter", "manual"]
- ["javax.crypto.spec", "DHPrivateKeySpec", False, "DHPrivateKeySpec", "", "", "Argument[1..3]", "crypto-parameter", "manual"]
- ["javax.crypto.spec", "DHPublicKeySpec", False, "DHPublicKeySpec", "", "", "Argument[1..3]", "crypto-parameter", "manual"]
- ["javax.crypto.spec", "DHPublicKeySpec", False, "DHPublicKeySpec", "", "", "Argument[1..3]", "crypto-parameter", "manual"]
- ["javax.crypto.spec", "DSAParameterSpec", False, "DSAParameterSpec", "", "", "Argument[1..3]", "crypto-parameter", "manual"]
- ["javax.crypto.spec", "GCMParameterSpec", False, "GCMParameterSpec", "", "", "Argument[1]", "crypto-parameter", "manual"]
- ["javax.crypto.spec", "IvParameterSpec", False, "IvParameterSpec", "", "", "Argument[0]", "crypto-parameter", "manual"]
- ["javax.crypto.spec", "PBEKeySpec", False, "PBEKeySpec", "", "", "Argument[0..1]", "crypto-parameter", "manual"]
- ["javax.crypto.spec", "PBEKeySpec", False, "PBEKeySpec", "", "", "Argument[0..1]", "crypto-parameter", "manual"]
- ["javax.crypto.spec", "PBEParameterSpec", False, "PBEParameterSpec", "", "", "Argument[0]", "crypto-parameter", "manual"]
- ["javax.crypto.spec", "RC2ParameterSpec", False, "RC2ParameterSpec", "", "", "Argument[1]", "crypto-parameter", "manual"]
- ["javax.crypto.spec", "RC5ParameterSpec", False, "RC25arameterSpec", "", "", "Argument[3]", "crypto-parameter", "manual"]
- ["javax.crypto.spec", "SecretKeySpec", False, "SecretKeySpec", "", "", "Argument[0]", "crypto-parameter", "manual"]

5 changes: 5 additions & 0 deletions java/ql/lib/semmle/code/java/security/WeakRandomnessQuery.qll
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import java
import semmle.code.java.frameworks.Servlets
import semmle.code.java.security.SensitiveActions
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.dataflow.ExternalFlow
import semmle.code.java.security.RandomQuery

/**
Expand Down Expand Up @@ -108,6 +109,10 @@ private class SensitiveActionSink extends WeakRandomnessSink {
SensitiveActionSink() { this.asExpr() instanceof SensitiveExpr }
}

private class CryptographicSink extends WeakRandomnessSink {
CryptographicSink() { sinkNode(this, "crypto-parameter") }
}

/**
* Holds if there is a method access which converts `bytes` to the string `str`.
*/
Expand Down

0 comments on commit 63677b0

Please sign in to comment.