Merge pull request github#12555 from asgerf/js/block-modes

JS: Include weak block modes as sink in weak crypto algorithm

Author: asgerf

javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmCustomizations.qll

@@ -40,7 +40,11 @@ module BrokenCryptoAlgorithm {
   class WeakCryptographicOperationSink extends Sink {
     WeakCryptographicOperationSink() {
       exists(CryptographicOperation application |
-        application.getAlgorithm().isWeak() and
+        (
+          application.getAlgorithm().isWeak()
+          or
+          application.getBlockMode().isWeak()
+        ) and
         this = application.getAnInput()
       )
     }

javascript/ql/src/change-notes/2023-03-16-block-modes.md

@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* The `js/weak-cryptographic-algorithm` query now flags cryptograhic operations using a weak block mode,
+  such as AES-ECB.

javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected

@@ -11,15 +11,23 @@ nodes
 | tst.js:19:17:19:24 | password |
 | tst.js:19:17:19:24 | password |
 | tst.js:19:17:19:24 | password |
+| tst.js:22:21:22:30 | secretText |
+| tst.js:22:21:22:30 | secretText |
+| tst.js:22:21:22:30 | secretText |
 edges
 | tst.js:3:5:3:24 | secretText | tst.js:11:17:11:26 | secretText |
 | tst.js:3:5:3:24 | secretText | tst.js:11:17:11:26 | secretText |
+| tst.js:3:5:3:24 | secretText | tst.js:22:21:22:30 | secretText |
+| tst.js:3:5:3:24 | secretText | tst.js:22:21:22:30 | secretText |
 | tst.js:3:18:3:24 | trusted | tst.js:3:5:3:24 | secretText |
 | tst.js:3:18:3:24 | trusted | tst.js:3:5:3:24 | secretText |
 | tst.js:11:17:11:26 | secretText | tst.js:11:17:11:26 | secretText |
 | tst.js:17:17:17:25 | o.trusted | tst.js:17:17:17:25 | o.trusted |
 | tst.js:19:17:19:24 | password | tst.js:19:17:19:24 | password |
+| tst.js:22:21:22:30 | secretText | tst.js:22:21:22:30 | secretText |
 #select
 | tst.js:11:17:11:26 | secretText | tst.js:3:18:3:24 | trusted | tst.js:11:17:11:26 | secretText | A broken or weak cryptographic algorithm depends on $@. | tst.js:3:18:3:24 | trusted | sensitive data froman access to trusted |
 | tst.js:11:17:11:26 | secretText | tst.js:11:17:11:26 | secretText | tst.js:11:17:11:26 | secretText | A broken or weak cryptographic algorithm depends on $@. | tst.js:11:17:11:26 | secretText | sensitive data froman access to secretText |
 | tst.js:17:17:17:25 | o.trusted | tst.js:17:17:17:25 | o.trusted | tst.js:17:17:17:25 | o.trusted | A broken or weak cryptographic algorithm depends on $@. | tst.js:17:17:17:25 | o.trusted | sensitive data froman access to trusted |
+| tst.js:22:21:22:30 | secretText | tst.js:3:18:3:24 | trusted | tst.js:22:21:22:30 | secretText | A broken or weak cryptographic algorithm depends on $@. | tst.js:3:18:3:24 | trusted | sensitive data froman access to trusted |
+| tst.js:22:21:22:30 | secretText | tst.js:22:21:22:30 | secretText | tst.js:22:21:22:30 | secretText | A broken or weak cryptographic algorithm depends on $@. | tst.js:22:21:22:30 | secretText | sensitive data froman access to secretText |

javascript/ql/test/query-tests/Security/CWE-327/tst.js

@@ -17,3 +17,6 @@ unknownCipher.update(secretText, 'utf8', 'hex'); // OK: unknown algorithm
 desCipher.write(o.trusted, 'utf8', 'hex'); // BAD
 
 desCipher.write(password, 'utf8', 'hex'); // OK (flagged by js/insufficient-password-hash)
+
+const aesEcbCipher = crypto.createCipher('aes-128-ecb', key);
+aesEcbCipher.update(secretText, 'utf8', 'hex'); // BAD