C#: Re-factor HardCodedSymmetricEncryptionKey to use the new API.

michaelnebel · michaelnebel · commit c03ce2f63b56 · 2023-03-29T13:19:56.000+02:00
diff --git a/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll b/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll
@@ -62,6 +62,8 @@ module HardcodedSymmetricEncryptionKey {
   }
 
   /**
+   * DEPRECATED: Use `HardCodedSymmetricEncryption` instead.
+   *
    * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities.
    */
   class TaintTrackingConfiguration extends TaintTracking::Configuration {
@@ -85,4 +87,32 @@ module HardcodedSymmetricEncryptionKey {
       )
     }
   }
+
+  /**
+   * A taint-tracking configuration for uncontrolled data in path expression vulnerabilities.
+   */
+  private module HardCodedSymmetricEncryptionConfig implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+    predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+
+    predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+    /**
+     * Since `CryptographicBuffer` uses native code inside, taint tracking doesn't pass through it.
+     * Need to create an additional custom step.
+     */
+    predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
+      exists(MethodCall mc, CryptographicBuffer c |
+        pred.asExpr() = mc.getAnArgument() and
+        mc.getTarget() = c.getAMethod() and
+        succ.asExpr() = mc
+      )
+    }
+  }
+
+  /**
+   * A taint-tracking module for uncontrolled data in path expression vulnerabilities.
+   */
+  module HardCodedSymmetricEncryption = TaintTracking::Global<HardCodedSymmetricEncryptionConfig>;
 }
diff --git a/csharp/ql/src/Security Features/CWE-321/HardcodedSymmetricEncryptionKey.ql b/csharp/ql/src/Security Features/CWE-321/HardcodedSymmetricEncryptionKey.ql
@@ -15,10 +15,10 @@
 
 import csharp
 import semmle.code.csharp.security.cryptography.HardcodedSymmetricEncryptionKey::HardcodedSymmetricEncryptionKey
-import DataFlow::PathGraph
+import HardCodedSymmetricEncryption::PathGraph
 
-from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink
-where c.hasFlowPath(source, sink)
+from HardCodedSymmetricEncryption::PathNode source, HardCodedSymmetricEncryption::PathNode sink
+where HardCodedSymmetricEncryption::flowPath(source, sink)
 select sink.getNode(), source, sink,
   "Hard-coded symmetric $@ is used in symmetric algorithm in " +
     sink.getNode().(Sink).getDescription() + ".", source.getNode(), "key"
