python: implement getBlockMode for CryptographicOperations

alexrford · alexrford · commit 9f2c59cd6db9 · 2022-05-13T16:32:36.000+01:00
diff --git a/python/ql/lib/semmle/python/Concepts.qll b/python/ql/lib/semmle/python/Concepts.qll
@@ -1226,6 +1226,13 @@ module Cryptography {
 
     /** Gets an input the algorithm is used on, for example the plain text input to be encrypted. */
     DataFlow::Node getAnInput() { result = super.getAnInput() }
+
+    /**
+     * Gets the block mode used to perform this cryptographic operation.
+     * This may have no result - for example if the `CryptographicAlgorithm` used
+     * is a stream cipher rather than a block cipher.
+     */
+    BlockMode getBlockMode() { result = super.getBlockMode() }
   }
 
   /** Provides classes for modeling new applications of a cryptographic algorithms. */
@@ -1243,6 +1250,24 @@ module Cryptography {
 
       /** Gets an input the algorithm is used on, for example the plain text input to be encrypted. */
       abstract DataFlow::Node getAnInput();
+
+      /**
+       * Gets the block mode used to perform this cryptographic operation.
+       * This may have no result - for example if the `CryptographicAlgorithm` used
+       * is a stream cipher rather than a block cipher.
+       */
+      abstract BlockMode getBlockMode();
     }
   }
+
+  /**
+   * A cryptographic block cipher mode of operation. This can be used to encrypt
+   * data of arbitrary length using a block encryption algorithm.
+   */
+  class BlockMode extends string {
+    BlockMode() { this = ["ECB", "CBC", "GCM", "CCM", "CFB", "OFB", "CTR", "OPENPGP"] }
+
+    /** Holds if this block mode is considered to be insecure. */
+    predicate isWeak() { this = "ECB" }
+  }
 }
diff --git a/python/ql/lib/semmle/python/frameworks/Cryptodome.qll b/python/ql/lib/semmle/python/frameworks/Cryptodome.qll
@@ -108,20 +108,20 @@ private module CryptodomeModel {
     DataFlow::CallCfgNode {
     string methodName;
     string cipherName;
+    API::CallNode newCall;
 
     CryptodomeGenericCipherOperation() {
       methodName in [
           "encrypt", "decrypt", "verify", "update", "hexverify", "encrypt_and_digest",
           "decrypt_and_verify"
         ] and
-      this =
+      newCall =
         API::moduleImport(["Crypto", "Cryptodome"])
             .getMember("Cipher")
             .getMember(cipherName)
             .getMember("new")
-            .getReturn()
-            .getMember(methodName)
-            .getACall()
+            .getACall() and
+      this = newCall.getReturn().getMember(methodName).getACall()
     }
 
     override Cryptography::CryptographicAlgorithm getAlgorithm() { result.matchesName(cipherName) }
@@ -155,6 +155,20 @@ private module CryptodomeModel {
           this.getArgByName("mac_tag")
         ]
     }
+
+    override Cryptography::BlockMode getBlockMode() {
+      // `modeName` is of the form "MODE_<BlockMode>"
+      exists(string modeName |
+        newCall.getArg(1) =
+          API::moduleImport(["Crypto", "Cryptodome"])
+              .getMember("Cipher")
+              .getMember(cipherName)
+              .getMember(modeName)
+              .getAUse()
+      |
+        result = modeName.splitAt("_", 1)
+      )
+    }
   }
 
   /**
@@ -192,6 +206,8 @@ private module CryptodomeModel {
         result in [this.getArg(1), this.getArgByName("signature")]
       )
     }
+
+    override Cryptography::BlockMode getBlockMode() { none() }
   }
 
   /**
@@ -215,5 +231,7 @@ private module CryptodomeModel {
     override Cryptography::CryptographicAlgorithm getAlgorithm() { result.matchesName(hashName) }
 
     override DataFlow::Node getAnInput() { result in [this.getArg(0), this.getArgByName("data")] }
+
+    override Cryptography::BlockMode getBlockMode() { none() }
   }
 }
diff --git a/python/ql/lib/semmle/python/frameworks/Cryptography.qll b/python/ql/lib/semmle/python/frameworks/Cryptography.qll
@@ -170,8 +170,19 @@ private module CryptographyModel {
             .getMember(algorithmName)
     }
 
+    /** Gets a reference to a `cryptography.hazmat.primitives.ciphers.modes` Class */
+    API::Node modeClassRef(string modeName) {
+      result =
+        API::moduleImport("cryptography")
+            .getMember("hazmat")
+            .getMember("primitives")
+            .getMember("ciphers")
+            .getMember("modes")
+            .getMember(modeName)
+    }
+
     /** Gets a reference to a Cipher instance using algorithm with `algorithmName`. */
-    API::Node cipherInstance(string algorithmName) {
+    API::Node cipherInstance(string algorithmName, string modeName) {
       exists(API::CallNode call | result = call.getReturn() |
         call =
           API::moduleImport("cryptography")
@@ -182,7 +193,12 @@ private module CryptographyModel {
               .getACall() and
         algorithmClassRef(algorithmName).getReturn().getAUse() in [
             call.getArg(0), call.getArgByName("algorithm")
-          ]
+          ] and
+        exists(DataFlow::Node modeArg | modeArg in [call.getArg(1), call.getArgByName("mode")] |
+          modeArg = modeClassRef(modeName).getReturn().getAUse()
+          or
+          modeArg.asExpr() instanceof None and modeName = "<none>"
+        )
       )
     }
 
@@ -192,10 +208,11 @@ private module CryptographyModel {
     class CryptographyGenericCipherOperation extends Cryptography::CryptographicOperation::Range,
       DataFlow::MethodCallNode {
       string algorithmName;
+      string modeName;
 
       CryptographyGenericCipherOperation() {
         this =
-          cipherInstance(algorithmName)
+          cipherInstance(algorithmName, modeName)
               .getMember(["decryptor", "encryptor"])
               .getReturn()
               .getMember(["update", "update_into"])
@@ -207,6 +224,8 @@ private module CryptographyModel {
       }
 
       override DataFlow::Node getAnInput() { result in [this.getArg(0), this.getArgByName("data")] }
+
+      override Cryptography::BlockMode getBlockMode() { result = modeName }
     }
   }
 
@@ -257,6 +276,8 @@ private module CryptographyModel {
       }
 
       override DataFlow::Node getAnInput() { result in [this.getArg(0), this.getArgByName("data")] }
+
+      override Cryptography::BlockMode getBlockMode() { none() }
     }
   }
 }
diff --git a/python/ql/lib/semmle/python/frameworks/Rsa.qll b/python/ql/lib/semmle/python/frameworks/Rsa.qll
@@ -41,6 +41,8 @@ private module Rsa {
     override DataFlow::Node getAnInput() {
       result in [this.getArg(0), this.getArgByName("message")]
     }
+
+    override Cryptography::BlockMode getBlockMode() { none() }
   }
 
   /**
@@ -54,6 +56,8 @@ private module Rsa {
     override Cryptography::CryptographicAlgorithm getAlgorithm() { result.getName() = "RSA" }
 
     override DataFlow::Node getAnInput() { result in [this.getArg(0), this.getArgByName("crypto")] }
+
+    override Cryptography::BlockMode getBlockMode() { none() }
   }
 
   /**
@@ -79,6 +83,8 @@ private module Rsa {
     override DataFlow::Node getAnInput() {
       result in [this.getArg(0), this.getArgByName("message")]
     }
+
+    override Cryptography::BlockMode getBlockMode() { none() }
   }
 
   /**
@@ -100,6 +106,8 @@ private module Rsa {
       or
       result in [this.getArg(1), this.getArgByName("signature")]
     }
+
+    override Cryptography::BlockMode getBlockMode() { none() }
   }
 
   /**
@@ -122,6 +130,8 @@ private module Rsa {
     override DataFlow::Node getAnInput() {
       result in [this.getArg(0), this.getArgByName("message")]
     }
+
+    override Cryptography::BlockMode getBlockMode() { none() }
   }
 
   /**
@@ -137,5 +147,7 @@ private module Rsa {
     override DataFlow::Node getAnInput() {
       result in [this.getArg(0), this.getArgByName("hash_value")]
     }
+
+    override Cryptography::BlockMode getBlockMode() { none() }
   }
 }
diff --git a/python/ql/lib/semmle/python/frameworks/Stdlib.qll b/python/ql/lib/semmle/python/frameworks/Stdlib.qll
@@ -2671,6 +2671,8 @@ private module StdlibPrivate {
     override Cryptography::CryptographicAlgorithm getAlgorithm() { result.matchesName(hashName) }
 
     override DataFlow::Node getAnInput() { result = this.getParameter(1, "data").getARhs() }
+
+    override Cryptography::BlockMode getBlockMode() { none() }
   }
 
   /**
@@ -2686,6 +2688,8 @@ private module StdlibPrivate {
     override Cryptography::CryptographicAlgorithm getAlgorithm() { result.matchesName(hashName) }
 
     override DataFlow::Node getAnInput() { result = this.getArg(0) }
+
+    override Cryptography::BlockMode getBlockMode() { none() }
   }
 
   /** Helper predicate for the `HashLibGenericHashOperation` charpred, to prevent a bad join order. */
@@ -2709,6 +2713,8 @@ private module StdlibPrivate {
     HashlibGenericHashOperation() { hashClass = hashlibMember(hashName) }
 
     override Cryptography::CryptographicAlgorithm getAlgorithm() { result.matchesName(hashName) }
+
+    override Cryptography::BlockMode getBlockMode() { none() }
   }
 
   /**

Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,8 @@ private module Rsa {`
`41`	`41`	`override DataFlow::Node getAnInput() {`
`42`	`42`	`result in [this.getArg(0), this.getArgByName("message")]`
`43`	`43`	`}`
	`44`	`+`
	`45`	`+ override Cryptography::BlockMode getBlockMode() { none() }`
`44`	`46`	`}`
`45`	`47`
`46`	`48`	`/**`
`@@ -54,6 +56,8 @@ private module Rsa {`
`54`	`56`	`override Cryptography::CryptographicAlgorithm getAlgorithm() { result.getName() = "RSA" }`
`55`	`57`
`56`	`58`	`override DataFlow::Node getAnInput() { result in [this.getArg(0), this.getArgByName("crypto")] }`
	`59`	`+`
	`60`	`+ override Cryptography::BlockMode getBlockMode() { none() }`
`57`	`61`	`}`
`58`	`62`
`59`	`63`	`/**`
`@@ -79,6 +83,8 @@ private module Rsa {`
`79`	`83`	`override DataFlow::Node getAnInput() {`
`80`	`84`	`result in [this.getArg(0), this.getArgByName("message")]`
`81`	`85`	`}`
	`86`	`+`
	`87`	`+ override Cryptography::BlockMode getBlockMode() { none() }`
`82`	`88`	`}`
`83`	`89`
`84`	`90`	`/**`
`@@ -100,6 +106,8 @@ private module Rsa {`
`100`	`106`	`or`
`101`	`107`	`result in [this.getArg(1), this.getArgByName("signature")]`
`102`	`108`	`}`
	`109`	`+`
	`110`	`+ override Cryptography::BlockMode getBlockMode() { none() }`
`103`	`111`	`}`
`104`	`112`
`105`	`113`	`/**`
`@@ -122,6 +130,8 @@ private module Rsa {`
`122`	`130`	`override DataFlow::Node getAnInput() {`
`123`	`131`	`result in [this.getArg(0), this.getArgByName("message")]`
`124`	`132`	`}`
	`133`	`+`
	`134`	`+ override Cryptography::BlockMode getBlockMode() { none() }`
`125`	`135`	`}`
`126`	`136`
`127`	`137`	`/**`
`@@ -137,5 +147,7 @@ private module Rsa {`
`137`	`147`	`override DataFlow::Node getAnInput() {`
`138`	`148`	`result in [this.getArg(0), this.getArgByName("hash_value")]`
`139`	`149`	`}`
	`150`	`+`
	`151`	`+ override Cryptography::BlockMode getBlockMode() { none() }`
`140`	`152`	`}`
`141`	`153`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2671,6 +2671,8 @@ private module StdlibPrivate {`
`2671`	`2671`	`override Cryptography::CryptographicAlgorithm getAlgorithm() { result.matchesName(hashName) }`
`2672`	`2672`
`2673`	`2673`	`override DataFlow::Node getAnInput() { result = this.getParameter(1, "data").getARhs() }`
	`2674`	`+`
	`2675`	`+ override Cryptography::BlockMode getBlockMode() { none() }`
`2674`	`2676`	`}`
`2675`	`2677`
`2676`	`2678`	`/**`
`@@ -2686,6 +2688,8 @@ private module StdlibPrivate {`
`2686`	`2688`	`override Cryptography::CryptographicAlgorithm getAlgorithm() { result.matchesName(hashName) }`
`2687`	`2689`
`2688`	`2690`	`override DataFlow::Node getAnInput() { result = this.getArg(0) }`
	`2691`	`+`
	`2692`	`+ override Cryptography::BlockMode getBlockMode() { none() }`
`2689`	`2693`	`}`
`2690`	`2694`
`2691`	`2695`	/** Helper predicate for the `HashLibGenericHashOperation` charpred, to prevent a bad join order. */
`@@ -2709,6 +2713,8 @@ private module StdlibPrivate {`
`2709`	`2713`	`HashlibGenericHashOperation() { hashClass = hashlibMember(hashName) }`
`2710`	`2714`
`2711`	`2715`	`override Cryptography::CryptographicAlgorithm getAlgorithm() { result.matchesName(hashName) }`
	`2716`	`+`
	`2717`	`+ override Cryptography::BlockMode getBlockMode() { none() }`
`2712`	`2718`	`}`
`2713`	`2719`
`2714`	`2720`	`/**`