C#: Convert CreateSymmetricKey to CSV sink.

michaelnebel · michaelnebel · commit 032448041d78 · 2022-07-18T14:28:49.000+02:00
diff --git a/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll b/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll
@@ -52,7 +52,8 @@ module HardcodedSymmetricEncryptionKey {
       row =
         [
           "System.Security.Cryptography;SymmetricAlgorithm;true;CreateEncryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-encryptor",
-          "System.Security.Cryptography;SymmetricAlgorithm;true;CreateDecryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-decryptor"
+          "System.Security.Cryptography;SymmetricAlgorithm;true;CreateDecryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-decryptor",
+          "Windows.Security.Cryptography.Core;SymmetricKeyAlgorithmProvider;false;CreateSymmetricKey;(Windows.Storage.Streams.IBuffer);;Argument[0];encryption-symmetrickey"
         ]
     }
   }
@@ -66,22 +67,11 @@ module HardcodedSymmetricEncryptionKey {
       kind = "encryption-encryptor" and result = "Encryptor(rgbKey, IV)"
       or
       kind = "encryption-decryptor" and result = "Decryptor(rgbKey, IV)"
+      or
+      kind = "encryption-symmetrickey" and result = "CreateSymmetricKey(IBuffer keyMaterial)"
     }
   }
 
-  private class CreateSymmetricKeySink extends Sink {
-    CreateSymmetricKeySink() {
-      exists(MethodCall mc, Method m |
-        mc.getTarget() = m and
-        m.hasQualifiedName("Windows.Security.Cryptography.Core.SymmetricKeyAlgorithmProvider",
-          "CreateSymmetricKey") and
-        this.asExpr() = mc.getArgumentForName("keyMaterial")
-      )
-    }
-
-    override string getDescription() { result = "CreateSymmetricKey(IBuffer keyMaterial)" }
-  }
-
   private class CryptographicBuffer extends Class {
     CryptographicBuffer() {
       this.hasQualifiedName("Windows.Security.Cryptography", "CryptographicBuffer")

Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,8 @@ module HardcodedSymmetricEncryptionKey {`
`52`	`52`	`row =`
`53`	`53`	`[`
`54`	`54`	`"System.Security.Cryptography;SymmetricAlgorithm;true;CreateEncryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-encryptor",`
`55`		`- "System.Security.Cryptography;SymmetricAlgorithm;true;CreateDecryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-decryptor"`
	`55`	`+ "System.Security.Cryptography;SymmetricAlgorithm;true;CreateDecryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-decryptor",`
	`56`	`+ "Windows.Security.Cryptography.Core;SymmetricKeyAlgorithmProvider;false;CreateSymmetricKey;(Windows.Storage.Streams.IBuffer);;Argument[0];encryption-symmetrickey"`
`56`	`57`	`]`
`57`	`58`	`}`
`58`	`59`	`}`
`@@ -66,22 +67,11 @@ module HardcodedSymmetricEncryptionKey {`
`66`	`67`	`kind = "encryption-encryptor" and result = "Encryptor(rgbKey, IV)"`
`67`	`68`	`or`
`68`	`69`	`kind = "encryption-decryptor" and result = "Decryptor(rgbKey, IV)"`
	`70`	`+ or`
	`71`	`+ kind = "encryption-symmetrickey" and result = "CreateSymmetricKey(IBuffer keyMaterial)"`
`69`	`72`	`}`
`70`	`73`	`}`
`71`	`74`
`72`		`- private class CreateSymmetricKeySink extends Sink {`
`73`		`- CreateSymmetricKeySink() {`
`74`		`- exists(MethodCall mc, Method m \|`
`75`		`- mc.getTarget() = m and`
`76`		`- m.hasQualifiedName("Windows.Security.Cryptography.Core.SymmetricKeyAlgorithmProvider",`
`77`		`- "CreateSymmetricKey") and`
`78`		`- this.asExpr() = mc.getArgumentForName("keyMaterial")`
`79`		`- )`
`80`		`- }`
`81`		`-`
`82`		`- override string getDescription() { result = "CreateSymmetricKey(IBuffer keyMaterial)" }`
`83`		`- }`
`84`		`-`
`85`	`75`	`private class CryptographicBuffer extends Class {`
`86`	`76`	`CryptographicBuffer() {`
`87`	`77`	`this.hasQualifiedName("Windows.Security.Cryptography", "CryptographicBuffer")`