Skip to content

Commit 4ed4f68

Browse files
geoffw0geoffw0
committed
Rust: Add summary query rust/summary/cryptographic-ops.
1 parent 6402aa5 commit 4ed4f68

File tree

1 file changed

+59
-0
lines changed

1 file changed

+59
-0
lines changed

rust/ql/src/queries/summary/CryptographicOperations.ql

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
/**
2+
* @name Cryptographic Operations
3+
* @description List all cryptographic operations found in the database.
4+
* @kind problem
5+
* @problem.severity info
6+
* @id rust/summary/cryptographic-operations
7+
* @tags summary
8+
*/
9+
10+
import rust
11+
import codeql.rust.Concepts
12+
import codeql.rust.security.WeakSensitiveDataHashingExtensions
13+
14+
/**
15+
* Gets the type of cryptographic algorithm `alg`.
16+
*/
17+
string getAlgorithmType(Cryptography::CryptographicAlgorithm alg) {
18+
alg instanceof Cryptography::EncryptionAlgorithm and result = "EncryptionAlgorithm"
19+
or
20+
alg instanceof Cryptography::HashingAlgorithm and result = "HashingAlgorithm"
21+
or
22+
alg instanceof Cryptography::PasswordHashingAlgorithm and result = "PasswordHashingAlgorithm"
23+
}
24+
25+
/**
26+
* Gets a feature of cryptographic algorithm `alg`.
27+
*/
28+
string getAlgorithmFeature(Cryptography::CryptographicAlgorithm alg) {
29+
alg.isWeak() and result = "WEAK"
30+
}
31+
32+
/**
33+
* Gets a description of cryptographic algorithm `alg`.
34+
*/
35+
string describeAlgorithm(Cryptography::CryptographicAlgorithm alg) {
36+
result =
37+
getAlgorithmType(alg) + " " + alg.getName() + " " + concat(getAlgorithmFeature(alg), ", ")
38+
}
39+
40+
/**
41+
* Gets a feature of cryptographic operation `operation`.
42+
*/
43+
string getOperationFeature(Cryptography::CryptographicOperation op) {
44+
result = "inputs:" + strictcount(op.getAnInput()).toString() or
45+
result = "blockmodes:" + strictcount(op.getBlockMode()).toString()
46+
}
47+
48+
/**
49+
* Gets a description of cryptographic operation `operation`.
50+
*/
51+
string describeOperation(Cryptography::CryptographicOperation op) {
52+
result = describeAlgorithm(op.getAlgorithm()) + " " + concat(getOperationFeature(op), ", ")
53+
or
54+
not exists(op.getAlgorithm()) and
55+
result = "(unknown) " + concat(getOperationFeature(op), ", ")
56+
}
57+
58+
from Cryptography::CryptographicOperation operation
59+
select operation, describeOperation(operation)

0 commit comments

Comments
 (0)