Add taint-tracking for crypto/rsa package

gagliardetto · gagliardetto · commit 5e0e3cc2cc81 · 2020-09-22T13:33:37.000+02:00
diff --git a/ql/src/semmle/go/frameworks/Stdlib.qll b/ql/src/semmle/go/frameworks/Stdlib.qll
@@ -15,6 +15,7 @@ import semmle.go.frameworks.stdlib.CompressZlib
 import semmle.go.frameworks.stdlib.Fmt
 import semmle.go.frameworks.stdlib.Crypto
 import semmle.go.frameworks.stdlib.CryptoCipher
+import semmle.go.frameworks.stdlib.CryptoRsa
 import semmle.go.frameworks.stdlib.Mime
 import semmle.go.frameworks.stdlib.MimeMultipart
 import semmle.go.frameworks.stdlib.MimeQuotedprintable
diff --git a/ql/src/semmle/go/frameworks/stdlib/CryptoRsa.qll b/ql/src/semmle/go/frameworks/stdlib/CryptoRsa.qll
@@ -0,0 +1,42 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `crypto/rsa` package.
+ */
+
+import go
+
+/** Provides models of commonly used functions in the `crypto/rsa` package. */
+module CryptoRsa {
+  private class FunctionModels extends TaintTracking::FunctionModel {
+    FunctionInput inp;
+    FunctionOutput outp;
+
+    FunctionModels() {
+      // signature: func DecryptOAEP(hash hash.Hash, random io.Reader, priv *PrivateKey, ciphertext []byte, label []byte) ([]byte, error)
+      hasQualifiedName("crypto/rsa", "DecryptOAEP") and
+      (inp.isParameter(3) and outp.isResult(0))
+      or
+      // signature: func DecryptPKCS1v15(rand io.Reader, priv *PrivateKey, ciphertext []byte) ([]byte, error)
+      hasQualifiedName("crypto/rsa", "DecryptPKCS1v15") and
+      (inp.isParameter(2) and outp.isResult(0))
+    }
+
+    override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
+      input = inp and output = outp
+    }
+  }
+
+  private class MethodModels extends TaintTracking::FunctionModel, Method {
+    FunctionInput inp;
+    FunctionOutput outp;
+
+    MethodModels() {
+      // signature: func (*PrivateKey).Decrypt(rand io.Reader, ciphertext []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error)
+      this.hasQualifiedName("crypto/rsa", "PrivateKey", "Decrypt") and
+      (inp.isParameter(1) and outp.isResult(0))
+    }
+
+    override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
+      input = inp and output = outp
+    }
+  }
+}
diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/CryptoRsa.go b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/CryptoRsa.go
