Better signatures in java/non-constant-time-crypto-comparison

artem-smotrakov · artem-smotrakov · commit 860e8f379e5c · 2021-08-01T09:47:05.000+02:00
diff --git a/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCryptoComparison.ql b/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCryptoComparison.ql
@@ -32,38 +32,44 @@ abstract private class ProduceCryptoCall extends MethodAccess {
 /** A method call that produces a MAC. */
 private class ProduceMacCall extends ProduceCryptoCall {
   ProduceMacCall() {
-    getMethod().hasQualifiedName("javax.crypto", "Mac", "doFinal") and
+    getMethod().getDeclaringType().hasQualifiedName("javax.crypto", "Mac") and
     (
-      getMethod().getReturnType() instanceof Array and this = output
+      getMethod().hasStringSignature(["doFinal()", "doFinal(byte[])"]) and this = output
       or
-      getMethod().getParameterType(0) instanceof Array and getArgument(0) = output
+      getMethod().hasStringSignature("doFinal(byte[], int)") and getArgument(0) = output
     )
   }
 }
 
 /** A method call that produces a signature. */
 private class ProduceSignatureCall extends ProduceCryptoCall {
   ProduceSignatureCall() {
-    getMethod().hasQualifiedName("java.security", "Signature", "sign") and
+    getMethod().getDeclaringType().hasQualifiedName("java.security", "Signature") and
     (
-      getMethod().getReturnType() instanceof Array and this = output
+      getMethod().hasStringSignature("sign()") and this = output
       or
-      getMethod().getParameterType(0) instanceof Array and getArgument(0) = output
+      getMethod().hasStringSignature("sign(byte[], int, int)") and getArgument(0) = output
     )
   }
 }
 
 /** A method call that produces a ciphertext. */
 private class ProduceCiphertextCall extends ProduceCryptoCall {
   ProduceCiphertextCall() {
-    getMethod().hasQualifiedName("javax.crypto", "Cipher", "doFinal") and
+    getMethod().getDeclaringType().hasQualifiedName("javax.crypto", "Cipher") and
     (
-      getMethod().getReturnType() instanceof Array and this = output
+      getMethod().hasStringSignature(["doFinal()", "doFinal(byte[])", "doFinal(byte[], int, int)"]) and
+      this = output
       or
-      getMethod().getParameterType([0, 3]) instanceof Array and getArgument([0, 3]) = output
+      getMethod().hasStringSignature("doFinal(byte[], int)") and getArgument(0) = output
       or
-      getMethod().getParameterType(1) instanceof ByteBuffer and
-      getArgument(1) = output
+      getMethod()
+          .hasStringSignature([
+              "doFinal(byte[], int, int, byte[])", "doFinal(byte[], int, int, byte[], int)"
+            ]) and
+      getArgument(3) = output
+      or
+      getMethod().hasStringSignature("doFinal(ByteBuffer, ByteBuffer)") and getArgument(1) = output
     )
   }
 }
@@ -88,14 +94,12 @@ private class UserInputInCryptoOperationConfig extends TaintTracking2::Configura
       call.getQualifier() = toNode.asExpr() and
       call.getArgument(0) = fromNode.asExpr()
     |
-      (
-        m.hasQualifiedName("java.security", "Signature", "update")
-        or
-        m.hasQualifiedName("javax.crypto", ["Mac", "Cipher"], "update")
-        or
-        m.hasQualifiedName("javax.crypto", ["Mac", "Cipher"], "doFinal") and
-        not m.hasStringSignature("doFinal(byte[],int)")
-      )
+      m.hasQualifiedName("java.security", "Signature", "update")
+      or
+      m.hasQualifiedName("javax.crypto", ["Mac", "Cipher"], "update")
+      or
+      m.hasQualifiedName("javax.crypto", ["Mac", "Cipher"], "doFinal") and
+      not m.hasStringSignature("doFinal(byte[], int)")
     )
   }
 }
@@ -179,13 +183,10 @@ private class NonConstantTimeComparisonSink extends DataFlow::Node {
         anotherParameter = call.getQualifier()
       )
       or
-      exists(NonConstantTimeComparisonCall call |
-        call.getAnArgument() = this.asExpr() and
-        (
-          this.asExpr() = call.getArgument(0) and anotherParameter = call.getArgument(1)
-          or
-          this.asExpr() = call.getArgument(1) and anotherParameter = call.getArgument(0)
-        )
+      exists(NonConstantTimeComparisonCall call | call.getAnArgument() = this.asExpr() |
+        this.asExpr() = call.getArgument(0) and anotherParameter = call.getArgument(1)
+        or
+        this.asExpr() = call.getArgument(1) and anotherParameter = call.getArgument(0)
       )
     ) and
     not looksLikeConstant(anotherParameter)

Original file line number	Diff line number	Diff line change
`@@ -32,38 +32,44 @@ abstract private class ProduceCryptoCall extends MethodAccess {`
`32`	`32`	`/** A method call that produces a MAC. */`
`33`	`33`	`private class ProduceMacCall extends ProduceCryptoCall {`
`34`	`34`	`ProduceMacCall() {`
`35`		`- getMethod().hasQualifiedName("javax.crypto", "Mac", "doFinal") and`
	`35`	`+ getMethod().getDeclaringType().hasQualifiedName("javax.crypto", "Mac") and`
`36`	`36`	`(`
`37`		`- getMethod().getReturnType() instanceof Array and this = output`
	`37`	`+ getMethod().hasStringSignature(["doFinal()", "doFinal(byte[])"]) and this = output`
`38`	`38`	`or`
`39`		`- getMethod().getParameterType(0) instanceof Array and getArgument(0) = output`
	`39`	`+ getMethod().hasStringSignature("doFinal(byte[], int)") and getArgument(0) = output`
`40`	`40`	`)`
`41`	`41`	`}`
`42`	`42`	`}`
`43`	`43`
`44`	`44`	`/** A method call that produces a signature. */`
`45`	`45`	`private class ProduceSignatureCall extends ProduceCryptoCall {`
`46`	`46`	`ProduceSignatureCall() {`
`47`		`- getMethod().hasQualifiedName("java.security", "Signature", "sign") and`
	`47`	`+ getMethod().getDeclaringType().hasQualifiedName("java.security", "Signature") and`
`48`	`48`	`(`
`49`		`- getMethod().getReturnType() instanceof Array and this = output`
	`49`	`+ getMethod().hasStringSignature("sign()") and this = output`
`50`	`50`	`or`
`51`		`- getMethod().getParameterType(0) instanceof Array and getArgument(0) = output`
	`51`	`+ getMethod().hasStringSignature("sign(byte[], int, int)") and getArgument(0) = output`
`52`	`52`	`)`
`53`	`53`	`}`
`54`	`54`	`}`
`55`	`55`
`56`	`56`	`/** A method call that produces a ciphertext. */`
`57`	`57`	`private class ProduceCiphertextCall extends ProduceCryptoCall {`
`58`	`58`	`ProduceCiphertextCall() {`
`59`		`- getMethod().hasQualifiedName("javax.crypto", "Cipher", "doFinal") and`
	`59`	`+ getMethod().getDeclaringType().hasQualifiedName("javax.crypto", "Cipher") and`
`60`	`60`	`(`
`61`		`- getMethod().getReturnType() instanceof Array and this = output`
	`61`	`+ getMethod().hasStringSignature(["doFinal()", "doFinal(byte[])", "doFinal(byte[], int, int)"]) and`
	`62`	`+ this = output`
`62`	`63`	`or`
`63`		`- getMethod().getParameterType([0, 3]) instanceof Array and getArgument([0, 3]) = output`
	`64`	`+ getMethod().hasStringSignature("doFinal(byte[], int)") and getArgument(0) = output`
`64`	`65`	`or`
`65`		`- getMethod().getParameterType(1) instanceof ByteBuffer and`
`66`		`- getArgument(1) = output`
	`66`	`+ getMethod()`
	`67`	`+ .hasStringSignature([`
	`68`	`+ "doFinal(byte[], int, int, byte[])", "doFinal(byte[], int, int, byte[], int)"`
	`69`	`+ ]) and`
	`70`	`+ getArgument(3) = output`
	`71`	`+ or`
	`72`	`+ getMethod().hasStringSignature("doFinal(ByteBuffer, ByteBuffer)") and getArgument(1) = output`
`67`	`73`	`)`
`68`	`74`	`}`
`69`	`75`	`}`
`@@ -88,14 +94,12 @@ private class UserInputInCryptoOperationConfig extends TaintTracking2::Configura`
`88`	`94`	`call.getQualifier() = toNode.asExpr() and`
`89`	`95`	`call.getArgument(0) = fromNode.asExpr()`
`90`	`96`	`\|`
`91`		`- (`
`92`		`- m.hasQualifiedName("java.security", "Signature", "update")`
`93`		`- or`
`94`		`- m.hasQualifiedName("javax.crypto", ["Mac", "Cipher"], "update")`
`95`		`- or`
`96`		`- m.hasQualifiedName("javax.crypto", ["Mac", "Cipher"], "doFinal") and`
`97`		`- not m.hasStringSignature("doFinal(byte[],int)")`
`98`		`- )`
	`97`	`+ m.hasQualifiedName("java.security", "Signature", "update")`
	`98`	`+ or`
	`99`	`+ m.hasQualifiedName("javax.crypto", ["Mac", "Cipher"], "update")`
	`100`	`+ or`
	`101`	`+ m.hasQualifiedName("javax.crypto", ["Mac", "Cipher"], "doFinal") and`
	`102`	`+ not m.hasStringSignature("doFinal(byte[], int)")`
`99`	`103`	`)`
`100`	`104`	`}`
`101`	`105`	`}`
`@@ -179,13 +183,10 @@ private class NonConstantTimeComparisonSink extends DataFlow::Node {`
`179`	`183`	`anotherParameter = call.getQualifier()`
`180`	`184`	`)`
`181`	`185`	`or`
`182`		`- exists(NonConstantTimeComparisonCall call \|`
`183`		`- call.getAnArgument() = this.asExpr() and`
`184`		`- (`
`185`		`- this.asExpr() = call.getArgument(0) and anotherParameter = call.getArgument(1)`
`186`		`- or`
`187`		`- this.asExpr() = call.getArgument(1) and anotherParameter = call.getArgument(0)`
`188`		`- )`
	`186`	`+ exists(NonConstantTimeComparisonCall call \| call.getAnArgument() = this.asExpr() \|`
	`187`	`+ this.asExpr() = call.getArgument(0) and anotherParameter = call.getArgument(1)`
	`188`	`+ or`
	`189`	`+ this.asExpr() = call.getArgument(1) and anotherParameter = call.getArgument(0)`
`189`	`190`	`)`
`190`	`191`	`) and`
`191`	`192`	`not looksLikeConstant(anotherParameter)`