Skip to content

JS: Use shared CryptographicOperation concept #12080

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
alexrford merged 22 commits into from
Feb 27, 2023
Merged

JS: Use shared CryptographicOperation concept #12080

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
61095b3
ConceptsShared: Add deprecated DataFlow::Node CryptographicOperation#…
alexrford Feb 2, 2023
e5dfbe2
ConceptsShared: Add BlockMode#matchesString(string) predicate
alexrford Feb 2, 2023
983055b
JS: Use shared CryptographicOperation concept and implement BlockMode…
alexrford Feb 2, 2023
1435ef1
CryptoAlgorithms: make CryptographicAlgorithm#matchesName split on un…
alexrford Feb 2, 2023
c25dc97
JS: add blockMode to CryptographicOperation tests
alexrford Feb 2, 2023
aa2c532
JS: adjust test whitespace
alexrford Feb 2, 2023
b0b8f87
JS: add some CryptographicOperation#getBlockMode() tests
alexrford Feb 2, 2023
6b2a92a
JS: update CryptographicKey.expected
alexrford Feb 3, 2023
e17b3d9
JS: pick up CryptographicKeys used in asmCrypto encrypt/decrypt calls
alexrford Feb 3, 2023
b968b59
CryptoAlgorithms: make CryptographicAlgorithm#matchesName hold only i…
alexrford Feb 3, 2023
6c35fea
ConceptsShared: add a default implementation of BlockMode Cryptograph…
alexrford Feb 3, 2023
7768026
Merge branch 'main' into js-use-shared-cryptography
alexrford Feb 3, 2023
ecafce8
improve the CryptoJS model by using API::Node
erik-krogh Feb 3, 2023
8d90c02
JS: remove unused field
alexrford Feb 14, 2023
c7aaad9
JS: avoid adding a deprecated CryptographicOperation#getInput to py/ruby
alexrford Feb 14, 2023
d4d0b91
dynamic: switch CryptographicOperation::Range#getBlockMode() back to …
alexrford Feb 15, 2023
925b4a3
JS: improve documentation on deprecated CryptographicOperation#getInp…
alexrford Feb 15, 2023
e8cbf72
JS: breaking change note for CryptographicOperation sync
alexrford Feb 15, 2023
43af306
dynamic: more detailed qldoc for CryptographicOperation#getBlockMode()
alexrford Feb 15, 2023
1958b9d
JS: add missing qldoc
alexrford Feb 15, 2023
1556b1a
Merge branch 'main' into js-use-shared-cryptography
alexrford Feb 15, 2023
9cfd0f5
JS: fix qldoc
alexrford Feb 16, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ...daptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -409,7 +409,7 @@ private class CryptographicOperationFlowCharacteristic extends NotASinkCharacter
CryptographicOperationFlowCharacteristic() { this = "CryptographicOperationFlow" }

override predicate appliesToEndpoint(DataFlow::Node n) {
any(CryptographicOperation op).getInput() = n
any(CryptographicOperation op).getAnInput() = n
}
}

Expand Down
7 changes: 7 additions & 0 deletions ...t/ql/lib/change-notes/2023-02-15-cryptographic-operation-getinput-deprecated.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
category: breaking
---
* The `CryptographicOperation` concept has been changed to use a range pattern. This is a breaking change and existing implementations of `CryptographicOperation` will need to be updated in order to compile. These implementations can be updated by:
1. Extending `CryptographicOperation::Range` rather than `CryptographicOperation`
2. Renaming the `getInput()` member predicate as `getAnInput()`
3. Implementing the `BlockMode getBlockMode()` member predicate. The implementation for this can be `none()` if the operation is a hashing operation or an encryption operation using a stream cipher.
37 changes: 37 additions & 0 deletions javascript/ql/lib/semmle/javascript/Concepts.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,3 +110,40 @@ abstract class PersistentWriteAccess extends DataFlow::Node {
*/
abstract DataFlow::Node getValue();
}

/**
* Provides models for cryptographic things.
*/
module Cryptography {
private import semmle.javascript.internal.ConceptsShared::Cryptography as SC

/**
* A data-flow node that is an application of a cryptographic algorithm. For example,
* encryption, decryption, signature-validation.
*
* Extend this class to refine existing API models. If you want to model new APIs,
* extend `CryptographicOperation::Range` instead.
*/
class CryptographicOperation extends SC::CryptographicOperation instanceof CryptographicOperation::Range {
/**
* DEPRECATED. This predicate has been renamed to `getAnInput`.
*
* To implement `CryptographicOperation`, please extend
* `CryptographicOperation::Range` and implement `getAnInput` instead of
* extending this class directly.
*/
deprecated final DataFlow::Node getInput() { result = this.getAnInput() }
}

class EncryptionAlgorithm = SC::EncryptionAlgorithm;

class HashingAlgorithm = SC::HashingAlgorithm;

class PasswordHashingAlgorithm = SC::PasswordHashingAlgorithm;

module CryptographicOperation = SC::CryptographicOperation;

class BlockMode = SC::BlockMode;

class CryptographicAlgorithm = SC::CryptographicAlgorithm;
}
Loading