add Diffie-Hellman from the crypto library

erik-krogh · erik-krogh · commit 2c013214f77e · 2021-11-02T14:45:33.000+01:00
diff --git a/javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll b/javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll
@@ -204,6 +204,19 @@ private module NodeJSCrypto {
     override predicate isSymmetricKey() { symmetric = true }
   }
 
+  private class CreateDiffieHellmanKey extends CryptographicKeyCreation, DataFlow::CallNode {
+    // require("crypto").createDiffieHellman(prime_length);
+    CreateDiffieHellmanKey() {
+      this = DataFlow::moduleMember("crypto", "createDiffieHellman").getACall()
+    }
+
+    override CryptographicAlgorithm getAlgorithm() { none() }
+
+    override int getSize() { result = getArgument(0).getIntValue() }
+
+    override predicate isSymmetricKey() { none() }
+  }
+
   private class Apply extends CryptographicOperation, MethodCallExpr {
     InstantiatedAlgorithm instantiation;
 
diff --git a/javascript/ql/test/query-tests/Security/CWE-326/tst.js b/javascript/ql/test/query-tests/Security/CWE-326/tst.js
@@ -30,4 +30,7 @@ var key3 = myBuffer.getBytes(8);
 var bad9 = forge.cipher.createDecipher('3DES-CBC', key3); // NOT OK
 
 var key4 = myBuffer.getBytes(16);
-var good5 = forge.cipher.createDecipher('AES-CBC', key4); // OK
+var good5 = forge.cipher.createDecipher('AES-CBC', key4); // OK
+
+var bad10 = crypto.createDiffieHellman(512);
+var good6 = crypto.createDiffieHellman(2048);
