-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathSslLib.qll
More file actions
99 lines (89 loc) · 2.87 KB
/
SslLib.qll
File metadata and controls
99 lines (89 loc) · 2.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
deprecated module;
import java
import semmle.code.java.security.Encryption
import semmle.code.java.dataflow.TaintTracking
/**
* A taint-tracking configuration for unsafe SSL and TLS versions.
*/
module UnsafeTlsVersionConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source.asExpr() instanceof UnsafeTlsVersion }
predicate isSink(DataFlow::Node sink) {
sink instanceof SslContextGetInstanceSink or
sink instanceof CreateSslParametersSink or
sink instanceof SslParametersSetProtocolsSink or
sink instanceof SetEnabledProtocolsSink
}
}
module UnsafeTlsVersionFlow = TaintTracking::Global<UnsafeTlsVersionConfig>;
/**
* A sink that sets protocol versions in `SSLContext`,
* i.e `SSLContext.getInstance(protocol)`.
*/
class SslContextGetInstanceSink extends DataFlow::ExprNode {
SslContextGetInstanceSink() {
exists(StaticMethodCall ma, Method m | m = ma.getMethod() |
m.getDeclaringType() instanceof SslContext and
m.hasName("getInstance") and
ma.getArgument(0) = this.asExpr()
)
}
}
/**
* A sink that creates `SSLParameters` with specified protocols,
* i.e. `new SSLParameters(ciphersuites, protocols)`.
*/
class CreateSslParametersSink extends DataFlow::ExprNode {
CreateSslParametersSink() {
exists(ConstructorCall cc | cc.getConstructedType() instanceof SslParameters |
cc.getArgument(1) = this.asExpr()
)
}
}
/**
* A sink that sets protocol versions for `SSLParameters`,
* i.e. `parameters.setProtocols(versions)`.
*/
class SslParametersSetProtocolsSink extends DataFlow::ExprNode {
SslParametersSetProtocolsSink() {
exists(MethodCall ma, Method m | m = ma.getMethod() |
m.getDeclaringType() instanceof SslParameters and
m.hasName("setProtocols") and
ma.getArgument(0) = this.asExpr()
)
}
}
/**
* A sink that sets protocol versions for `SSLSocket`, `SSLServerSocket`, and `SSLEngine`,
* i.e. `socket.setEnabledProtocols(versions)` or `engine.setEnabledProtocols(versions)`.
*/
class SetEnabledProtocolsSink extends DataFlow::ExprNode {
SetEnabledProtocolsSink() {
exists(MethodCall ma, Method m, RefType type |
m = ma.getMethod() and type = m.getDeclaringType()
|
(
type instanceof SslSocket or
type instanceof SslServerSocket or
type instanceof SslEngine
) and
m.hasName("setEnabledProtocols") and
ma.getArgument(0) = this.asExpr()
)
}
}
/**
* Insecure SSL and TLS versions supported by JSSE.
*/
class UnsafeTlsVersion extends StringLiteral {
UnsafeTlsVersion() {
this.getValue() = "SSL" or
this.getValue() = "SSLv2" or
this.getValue() = "SSLv3" or
this.getValue() = "TLS" or
this.getValue() = "TLSv1" or
this.getValue() = "TLSv1.1"
}
}
class SslServerSocket extends RefType {
SslServerSocket() { this.hasQualifiedName(javaxOrJakarta() + ".net.ssl", "SSLServerSocket") }
}