@@ -12,13 +12,11 @@ abstract class WeakCryptoSink extends TaintSink {
12
12
}
13
13
}
14
14
15
+ /** Modeling the 'pycrypto' package https://github.com/dlitz/pycrypto (latest release 2013) */
15
16
module Pycrypto {
16
17
17
- ModuleObject cipher ( string name ) {
18
- exists ( PackageObject crypto |
19
- crypto .getName ( ) = "Crypto.Cipher" |
20
- crypto .submodule ( name ) = result
21
- )
18
+ ModuleValue cipher ( string name ) {
19
+ result = Module:: named ( "Crypto.Cipher" ) .attr ( name )
22
20
}
23
21
24
22
class CipherInstance extends TaintKind {
@@ -51,15 +49,15 @@ module Pycrypto {
51
49
CipherInstanceSource ( ) {
52
50
exists ( AttrNode attr |
53
51
this .( CallNode ) .getFunction ( ) = attr and
54
- attr .getObject ( "new" ) .refersTo ( cipher ( instance .getName ( ) ) )
52
+ attr .getObject ( "new" ) .pointsTo ( cipher ( instance .getName ( ) ) )
55
53
)
56
54
}
57
55
58
56
override string toString ( ) {
59
57
result = "Source of " + instance
60
58
}
61
59
62
- override predicate isSourceOf ( TaintKind kind ) {
60
+ override predicate isSourceOf ( TaintKind kind ) {
63
61
kind = instance
64
62
}
65
63
@@ -70,12 +68,12 @@ module Pycrypto {
70
68
string name ;
71
69
72
70
PycryptoWeakCryptoSink ( ) {
73
- exists ( CallNode call , AttrNode method , CipherInstance Cipher |
71
+ exists ( CallNode call , AttrNode method , CipherInstance cipher |
74
72
call .getAnArg ( ) = this and
75
73
call .getFunction ( ) = method and
76
- Cipher .taints ( method .getObject ( "encrypt" ) ) and
77
- Cipher .isWeak ( ) and
78
- Cipher .getName ( ) = name
74
+ cipher .taints ( method .getObject ( "encrypt" ) ) and
75
+ cipher .isWeak ( ) and
76
+ cipher .getName ( ) = name
79
77
)
80
78
}
81
79
@@ -89,25 +87,25 @@ module Pycrypto {
89
87
90
88
module Cryptography {
91
89
92
- PackageObject ciphers ( ) {
93
- result .getName ( ) = "cryptography.hazmat.primitives.ciphers"
90
+ ModuleValue ciphers ( ) {
91
+ result = Module:: named ( "cryptography.hazmat.primitives.ciphers" ) and
92
+ result .isPackage ( )
94
93
}
95
94
96
- class CipherClass extends ClassObject {
95
+ class CipherClass extends ClassValue {
97
96
CipherClass ( ) {
98
97
ciphers ( ) .attr ( "Cipher" ) = this
99
98
}
100
-
101
99
}
102
100
103
- class AlgorithmClass extends ClassObject {
101
+ class AlgorithmClass extends ClassValue {
104
102
105
103
AlgorithmClass ( ) {
106
- ciphers ( ) .submodule ( "algorithms" ) .attr ( _) = this
104
+ ciphers ( ) .attr ( "algorithms" ) .attr ( _) = this
107
105
}
108
106
109
107
string getAlgorithmName ( ) {
110
- result = this .declaredAttribute ( "name" ) .( StringObject ) .getText ( )
108
+ result = this .declaredAttribute ( "name" ) .( StringValue ) .getText ( )
111
109
}
112
110
113
111
predicate isWeak ( ) {
@@ -134,7 +132,7 @@ module Cryptography {
134
132
cls .isWeak ( )
135
133
}
136
134
137
- override TaintKind getTaintOfMethodResult ( string name ) {
135
+ override TaintKind getTaintOfMethodResult ( string name ) {
138
136
name = "encryptor" and
139
137
result .( Encryptor ) .getAlgorithm ( ) = this .getAlgorithm ( )
140
138
}
@@ -144,11 +142,11 @@ module Cryptography {
144
142
class CipherSource extends TaintSource {
145
143
146
144
CipherSource ( ) {
147
- this .( CallNode ) .getFunction ( ) .refersTo ( any ( CipherClass cls ) )
145
+ this .( CallNode ) .getFunction ( ) .pointsTo ( any ( CipherClass cls ) )
148
146
}
149
147
150
148
override predicate isSourceOf ( TaintKind kind ) {
151
- this .( CallNode ) .getArg ( 0 ) .refersTo ( _ , kind .( CipherInstance ) .getAlgorithm ( ) , _ )
149
+ this .( CallNode ) .getArg ( 0 ) .pointsTo ( ) . getClass ( ) = kind .( CipherInstance ) .getAlgorithm ( )
152
150
}
153
151
154
152
override string toString ( ) {
@@ -203,5 +201,3 @@ private class CipherConfig extends TaintTracking::Configuration {
203
201
}
204
202
205
203
}
206
-
207
-
0 commit comments