33private import semmle.code.java.security.Encryption
44private import semmle.code.java.dataflow.DataFlow
55
6- // TODO: only update key sizes (and key size strings) in one place in the code
76/** A source for an insufficient key size. */
87abstract class InsufficientKeySizeSource extends DataFlow:: Node {
98 /** Holds if this source has the specified `state`. */
109 predicate hasState ( DataFlow:: FlowState state ) { state instanceof DataFlow:: FlowStateEmpty }
11- //int getIntValue() { result = this.asExpr().(IntegerLiteral).getIntValue() }
1210}
1311
1412/** A sink for an insufficient key size. */
@@ -109,35 +107,6 @@ private class SymmetricSink extends InsufficientKeySizeSink {
109107 override predicate hasState ( DataFlow:: FlowState state ) { state = "128" }
110108}
111109
112- // TODO: rethink the predicate name; also think about whether this could/should be a class instead; or a predicate within the sink class so can do sink.predicate()...
113- // TODO: can prbly re-work way using the typeFlag to be better and less repetitive
114- // private predicate hasKeySizeInInitMethod(DataFlow::Node node, string typeFlag) {
115- // exists(MethodAccess ma, JavaxCryptoAlgoSpec jcaSpec |
116- // (
117- // ma.getMethod() instanceof KeyGeneratorInitMethod and typeFlag = "symmetric"
118- // or
119- // ma.getMethod() instanceof KeyPairGeneratorInitMethod and typeFlag.matches("asymmetric%")
120- // ) and
121- // (
122- // jcaSpec instanceof JavaxCryptoKeyGenerator and typeFlag = "symmetric"
123- // or
124- // jcaSpec instanceof JavaSecurityKeyPairGenerator and typeFlag.matches("asymmetric%")
125- // ) and
126- // (
127- // getAlgoName(jcaSpec) = "AES" and typeFlag = "symmetric"
128- // or
129- // getAlgoName(jcaSpec).matches(["RSA", "DSA", "DH"]) and typeFlag = "asymmetric-non-ec"
130- // or
131- // getAlgoName(jcaSpec).matches("EC%") and typeFlag = "asymmetric-ec"
132- // ) and
133- // DataFlow::localExprFlow(jcaSpec, ma.getQualifier()) and
134- // node.asExpr() = ma.getArgument(0)
135- // )
136- // }
137- // // TODO: this predicate is just a poc for more code condensing; redo this
138- // private string getAlgoName(JavaxCryptoAlgoSpec jca) {
139- // result = jca.getAlgoSpec().(StringLiteral).getValue().toUpperCase()
140- // }
141110abstract class InitMethodAccess extends MethodAccess {
142111 Argument getKeySizeArg ( ) { result = this .getArgument ( 0 ) }
143112}
@@ -168,20 +137,6 @@ class SymmKeyGen extends KeyGen {
168137 override Expr getAlgoSpec ( ) { result = this .( MethodAccess ) .getArgument ( 0 ) }
169138}
170139
171- // TODO: rethink the predicate name; also think about whether this could/should be a class instead; or a predicate within the sink class so can do sink.predicate()...
172- // TODO: can prbly re-work way using the typeFlag to be better and less repetitive...
173- // private predicate hasKeySizeInSpec(DataFlow::Node node, string typeFlag) {
174- // exists(ClassInstanceExpr paramSpec |
175- // (
176- // paramSpec.getConstructedType() instanceof AsymmetricNonEcSpec and
177- // typeFlag = "asymmetric-non-ec"
178- // or
179- // paramSpec.getConstructedType() instanceof EcGenParameterSpec and
180- // typeFlag = "asymmetric-ec"
181- // ) and
182- // node.asExpr() = paramSpec.getArgument(0)
183- // )
184- // }
185140// ! use below instead of/in above?? (actually I don't think I need any of this, can just use AsymmetricNonEcSpec and EcGenParameterSpec directly???)
186141// Algo spec
187142abstract class AsymmetricAlgoSpec extends ClassInstanceExpr {
@@ -202,3 +157,5 @@ class AsymmetricEcSpec extends AsymmetricAlgoSpec {
202157// TODO:
203158// todo #0: look into use of specs without keygen objects; should spec not be a sink in these cases?
204159// todo #3: make list of algo names more easily reusable (either as constant-type variable at top of file, or model as own class to share, etc.)
160+ // todo: add barrier guard for !=0 conditional case
161+ // todo: only update key sizes (and key size strings) in one place in the code
0 commit comments