@@ -15,17 +15,19 @@ class AsymmetricNonECKeyTrackingConfiguration extends DataFlow2::Configuration {
1515 }
1616
1717 override predicate isSink ( DataFlow:: Node sink ) {
18- exists ( MethodAccess ma |
18+ exists ( MethodAccess ma , JavaSecurityKeyPairGenerator jpg |
1919 ma .getMethod ( ) instanceof KeyPairGeneratorInitMethod and
20- exists (
21- JavaSecurityKeyPairGenerator jpg , KeyPairGeneratorInitConfiguration kpgConfig ,
22- DataFlow:: PathNode source , DataFlow:: PathNode dest
23- |
24- jpg .getAlgoSpec ( ) .( StringLiteral ) .getValue ( ) .toUpperCase ( ) .matches ( [ "RSA" , "DSA" , "DH" ] ) and
25- source .getNode ( ) .asExpr ( ) = jpg and
26- dest .getNode ( ) .asExpr ( ) = ma .getQualifier ( ) and
27- kpgConfig .hasFlowPath ( source , dest )
28- ) and
20+ jpg .getAlgoSpec ( ) .( StringLiteral ) .getValue ( ) .toUpperCase ( ) .matches ( [ "RSA" , "DSA" , "DH" ] ) and
21+ DataFlow:: localExprFlow ( jpg , ma .getQualifier ( ) ) and
22+ // exists(
23+ // JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorInitConfiguration kpgConfig,
24+ // DataFlow::PathNode source, DataFlow::PathNode dest
25+ // |
26+ // jpg.getAlgoSpec().(StringLiteral).getValue().toUpperCase().matches(["RSA", "DSA", "DH"]) and
27+ // source.getNode().asExpr() = jpg and
28+ // dest.getNode().asExpr() = ma.getQualifier() and
29+ // kpgConfig.hasFlowPath(source, dest)
30+ // ) and
2931 sink .asExpr ( ) = ma .getArgument ( 0 )
3032 )
3133 or
@@ -59,17 +61,19 @@ class AsymmetricECKeyTrackingConfiguration extends DataFlow2::Configuration {
5961 }
6062
6163 override predicate isSink ( DataFlow:: Node sink ) {
62- exists ( MethodAccess ma |
64+ exists ( MethodAccess ma , JavaSecurityKeyPairGenerator jpg |
6365 ma .getMethod ( ) instanceof KeyPairGeneratorInitMethod and
64- exists (
65- JavaSecurityKeyPairGenerator jpg , KeyPairGeneratorInitConfiguration kpgConfig ,
66- DataFlow:: PathNode source , DataFlow:: PathNode dest
67- |
68- jpg .getAlgoSpec ( ) .( StringLiteral ) .getValue ( ) .toUpperCase ( ) .matches ( "EC%" ) and
69- source .getNode ( ) .asExpr ( ) = jpg and
70- dest .getNode ( ) .asExpr ( ) = ma .getQualifier ( ) and
71- kpgConfig .hasFlowPath ( source , dest )
72- ) and
66+ jpg .getAlgoSpec ( ) .( StringLiteral ) .getValue ( ) .toUpperCase ( ) .matches ( "EC%" ) and
67+ DataFlow:: localExprFlow ( jpg , ma .getQualifier ( ) ) and
68+ // exists(
69+ // JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorInitConfiguration kpgConfig,
70+ // DataFlow::PathNode source, DataFlow::PathNode dest
71+ // |
72+ // jpg.getAlgoSpec().(StringLiteral).getValue().toUpperCase().matches("EC%") and
73+ // source.getNode().asExpr() = jpg and
74+ // dest.getNode().asExpr() = ma.getQualifier() and
75+ // kpgConfig.hasFlowPath(source, dest)
76+ // ) and
7377 sink .asExpr ( ) = ma .getArgument ( 0 )
7478 )
7579 or
@@ -92,56 +96,52 @@ class SymmetricKeyTrackingConfiguration extends DataFlow2::Configuration {
9296 }
9397
9498 override predicate isSink ( DataFlow:: Node sink ) {
95- exists ( MethodAccess ma |
99+ exists ( MethodAccess ma , JavaxCryptoKeyGenerator jcg |
96100 ma .getMethod ( ) instanceof KeyGeneratorInitMethod and
97- exists (
98- JavaxCryptoKeyGenerator jcg , KeyGeneratorInitConfiguration kgConfig ,
99- DataFlow:: PathNode source , DataFlow:: PathNode dest
100- |
101- jcg .getAlgoSpec ( ) .( StringLiteral ) .getValue ( ) .toUpperCase ( ) = "AES" and
102- source .getNode ( ) .asExpr ( ) = jcg and
103- dest .getNode ( ) .asExpr ( ) = ma .getQualifier ( ) and
104- kgConfig .hasFlowPath ( source , dest )
105- ) and
101+ jcg .getAlgoSpec ( ) .( StringLiteral ) .getValue ( ) .toUpperCase ( ) = "AES" and
102+ DataFlow:: localExprFlow ( jcg , ma .getQualifier ( ) ) and
103+ // exists(
104+ // JavaxCryptoKeyGenerator jcg, KeyGeneratorInitConfiguration kgConfig,
105+ // DataFlow::PathNode source, DataFlow::PathNode dest
106+ // |
107+ // jcg.getAlgoSpec().(StringLiteral).getValue().toUpperCase() = "AES" and
108+ // source.getNode().asExpr() = jcg and
109+ // dest.getNode().asExpr() = ma.getQualifier() and
110+ // kgConfig.hasFlowPath(source, dest)
111+ // ) and
106112 sink .asExpr ( ) = ma .getArgument ( 0 )
107113 )
108114 }
109115}
110116
111117// ********************** Need the below models for the above configs **********************
112118// todo: move some/all of below to Encryption.qll or elsewhere?
113- /** A data flow configuration tracking flow from a key generator to an `init` method call. */
114- private class KeyGeneratorInitConfiguration extends DataFlow:: Configuration {
115- KeyGeneratorInitConfiguration ( ) { this = "KeyGeneratorInitConfiguration" }
116-
117- override predicate isSource ( DataFlow:: Node source ) {
118- source .asExpr ( ) instanceof JavaxCryptoKeyGenerator
119- }
120-
121- override predicate isSink ( DataFlow:: Node sink ) {
122- exists ( MethodAccess ma |
123- ma .getMethod ( ) instanceof KeyGeneratorInitMethod and
124- sink .asExpr ( ) = ma .getQualifier ( )
125- )
126- }
127- }
128-
129- /** A data flow configuration tracking flow from a keypair generator to an `initialize` method call. */
130- private class KeyPairGeneratorInitConfiguration extends DataFlow:: Configuration {
131- KeyPairGeneratorInitConfiguration ( ) { this = "KeyPairGeneratorInitConfiguration" }
132-
133- override predicate isSource ( DataFlow:: Node source ) {
134- source .asExpr ( ) instanceof JavaSecurityKeyPairGenerator
135- }
136-
137- override predicate isSink ( DataFlow:: Node sink ) {
138- exists ( MethodAccess ma |
139- ma .getMethod ( ) instanceof KeyPairGeneratorInitMethod and
140- sink .asExpr ( ) = ma .getQualifier ( )
141- )
142- }
143- }
144-
119+ // /** A data flow configuration tracking flow from a key generator to an `init` method call. */
120+ // private class KeyGeneratorInitConfiguration extends DataFlow::Configuration {
121+ // KeyGeneratorInitConfiguration() { this = "KeyGeneratorInitConfiguration" }
122+ // override predicate isSource(DataFlow::Node source) {
123+ // source.asExpr() instanceof JavaxCryptoKeyGenerator
124+ // }
125+ // override predicate isSink(DataFlow::Node sink) {
126+ // exists(MethodAccess ma |
127+ // ma.getMethod() instanceof KeyGeneratorInitMethod and
128+ // sink.asExpr() = ma.getQualifier()
129+ // )
130+ // }
131+ // }
132+ // /** A data flow configuration tracking flow from a keypair generator to an `initialize` method call. */
133+ // private class KeyPairGeneratorInitConfiguration extends DataFlow::Configuration {
134+ // KeyPairGeneratorInitConfiguration() { this = "KeyPairGeneratorInitConfiguration" }
135+ // override predicate isSource(DataFlow::Node source) {
136+ // source.asExpr() instanceof JavaSecurityKeyPairGenerator
137+ // }
138+ // override predicate isSink(DataFlow::Node sink) {
139+ // exists(MethodAccess ma |
140+ // ma.getMethod() instanceof KeyPairGeneratorInitMethod and
141+ // sink.asExpr() = ma.getQualifier()
142+ // )
143+ // }
144+ // }
145145/** The Java class `java.security.spec.ECGenParameterSpec`. */
146146private class EcGenParameterSpec extends RefType {
147147 EcGenParameterSpec ( ) { this .hasQualifiedName ( "java.security.spec" , "ECGenParameterSpec" ) }
0 commit comments