JS: pick up CryptographicKeys used in asmCrypto encrypt/decrypt calls

alexrford · alexrford · commit e17b3d975d98 · 2023-02-03T12:16:25.000Z
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll b/javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll
@@ -51,6 +51,7 @@ private module AsmCrypto {
     DataFlow::Node input;
     CryptographicAlgorithm algorithm; // non-functional
     private string algorithmName;
+    private string methodName;
 
     Apply() {
       /*
@@ -66,7 +67,7 @@ private module AsmCrypto {
       exists(DataFlow::SourceNode asmCrypto |
         asmCrypto = DataFlow::globalVarRef("asmCrypto") and
         algorithm.matchesName(algorithmName) and
-        this = asmCrypto.getAPropertyRead(algorithmName).getAMemberCall(_) and
+        this = asmCrypto.getAPropertyRead(algorithmName).getAMemberCall(methodName) and
         input = this.getArgument(0)
       )
     }
@@ -79,6 +80,15 @@ private module AsmCrypto {
       isBlockEncryptionAlgorithm(this.getAlgorithm()) and
       result.matchesString(algorithmName)
     }
+
+    DataFlow::Node getKey() {
+      methodName = ["encrypt", "decrypt"] and
+      result = super.getArgument(1)
+    }
+  }
+
+  private class Key extends CryptographicKey {
+    Key() { this = any(Apply apply).getKey() }
   }
 }
 
diff --git a/javascript/ql/test/library-tests/CryptoLibraries/CryptographicKey.expected b/javascript/ql/test/library-tests/CryptoLibraries/CryptographicKey.expected
@@ -1,3 +1,4 @@
+| tst.js:3:34:3:36 | key |
 | tst.js:7:26:7:42 | keypair.secretKey |
 | tst.js:21:42:21:51 | 'a secret' |
 | tst.js:36:36:36:51 | 'secret key 123' |

Original file line number	Diff line number	Diff line change
`@@ -51,6 +51,7 @@ private module AsmCrypto {`
`51`	`51`	`DataFlow::Node input;`
`52`	`52`	`CryptographicAlgorithm algorithm; // non-functional`
`53`	`53`	`private string algorithmName;`
	`54`	`+ private string methodName;`
`54`	`55`
`55`	`56`	`Apply() {`
`56`	`57`	`/*`
`@@ -66,7 +67,7 @@ private module AsmCrypto {`
`66`	`67`	`exists(DataFlow::SourceNode asmCrypto \|`
`67`	`68`	`asmCrypto = DataFlow::globalVarRef("asmCrypto") and`
`68`	`69`	`algorithm.matchesName(algorithmName) and`
`69`		`- this = asmCrypto.getAPropertyRead(algorithmName).getAMemberCall(_) and`
	`70`	`+ this = asmCrypto.getAPropertyRead(algorithmName).getAMemberCall(methodName) and`
`70`	`71`	`input = this.getArgument(0)`
`71`	`72`	`)`
`72`	`73`	`}`
`@@ -79,6 +80,15 @@ private module AsmCrypto {`
`79`	`80`	`isBlockEncryptionAlgorithm(this.getAlgorithm()) and`
`80`	`81`	`result.matchesString(algorithmName)`
`81`	`82`	`}`
	`83`	`+`
	`84`	`+ DataFlow::Node getKey() {`
	`85`	`+ methodName = ["encrypt", "decrypt"] and`
	`86`	`+ result = super.getArgument(1)`
	`87`	`+ }`
	`88`	`+ }`
	`89`	`+`
	`90`	`+ private class Key extends CryptographicKey {`
	`91`	`+ Key() { this = any(Apply apply).getKey() }`
`82`	`92`	`}`
`83`	`93`	`}`
`84`	`94`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+\| tst.js:3:34:3:36 \| key \|`
`1`	`2`	`\| tst.js:7:26:7:42 \| keypair.secretKey \|`
`2`	`3`	`\| tst.js:21:42:21:51 \| 'a secret' \|`
`3`	`4`	`\| tst.js:36:36:36:51 \| 'secret key 123' \|`