Fix EVP Cipher class, predicate, and comment typos

nicolaswill · nicolaswill · commit 1d8a57e7da52 · 2025-05-08T02:56:52.000+02:00
diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPCipherInitializer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPCipherInitializer.qll
@@ -10,14 +10,14 @@ module EncValToInitEncArgConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source.asExpr().getValue().toInt() in [0, 1] }
 
   predicate isSink(DataFlow::Node sink) {
-    exists(EVP_Cipher_Inititalizer initCall | sink.asExpr() = initCall.getOperataionSubtypeArg())
+    exists(EVP_Cipher_Initializer initCall | sink.asExpr() = initCall.getOperationSubtypeArg())
   }
 }
 
 module EncValToInitEncArgFlow = DataFlow::Global<EncValToInitEncArgConfig>;
 
 int getEncConfigValue(Expr e) {
-  exists(EVP_Cipher_Inititalizer initCall | e = initCall.getOperataionSubtypeArg()) and
+  exists(EVP_Cipher_Initializer initCall | e = initCall.getOperationSubtypeArg()) and
   exists(DataFlow::Node a, DataFlow::Node b |
     EncValToInitEncArgFlow::flow(a, b) and b.asExpr() = e and result = a.asExpr().getValue().toInt()
   )
@@ -34,7 +34,7 @@ Crypto::KeyOperationSubtype intToCipherOperationSubtype(int i) {
 }
 
 // TODO: need to add key consumer
-abstract class EVP_Cipher_Inititalizer extends Call {
+abstract class EVP_Cipher_Initializer extends Call {
   Expr getContextArg() { result = this.(Call).getArgument(0) }
 
   Expr getAlgorithmArg() { result = this.(Call).getArgument(1) }
@@ -44,7 +44,7 @@ abstract class EVP_Cipher_Inititalizer extends Call {
   abstract Expr getIVArg();
 
   //   abstract Crypto::CipherOperationSubtype getCipherOperationSubtype();
-  abstract Expr getOperataionSubtypeArg();
+  abstract Expr getOperationSubtypeArg();
 
   Crypto::KeyOperationSubtype getCipherOperationSubtype() {
     if this.(Call).getTarget().getName().toLowerCase().matches("%encrypt%")
@@ -53,19 +53,19 @@ abstract class EVP_Cipher_Inititalizer extends Call {
       if this.(Call).getTarget().getName().toLowerCase().matches("%decrypt%")
       then result instanceof Crypto::TDecryptMode
       else
-        if exists(getEncConfigValue(this.getOperataionSubtypeArg()))
-        then result = intToCipherOperationSubtype(getEncConfigValue(this.getOperataionSubtypeArg()))
+        if exists(getEncConfigValue(this.getOperationSubtypeArg()))
+        then result = intToCipherOperationSubtype(getEncConfigValue(this.getOperationSubtypeArg()))
         else result instanceof Crypto::TUnknownKeyOperationMode
   }
 }
 
-abstract class EVP_EX_Initializer extends EVP_Cipher_Inititalizer {
+abstract class EVP_EX_Initializer extends EVP_Cipher_Initializer {
   override Expr getKeyArg() { result = this.(Call).getArgument(3) }
 
   override Expr getIVArg() { result = this.(Call).getArgument(4) }
 }
 
-abstract class EVP_EX2_Initializer extends EVP_Cipher_Inititalizer {
+abstract class EVP_EX2_Initializer extends EVP_Cipher_Initializer {
   override Expr getKeyArg() { result = this.(Call).getArgument(2) }
 
   override Expr getIVArg() { result = this.(Call).getArgument(3) }
@@ -78,7 +78,7 @@ class EVP_Cipher_EX_Init_Call extends EVP_EX_Initializer {
       ]
   }
 
-  override Expr getOperataionSubtypeArg() {
+  override Expr getOperationSubtypeArg() {
     this.(Call).getTarget().getName().toLowerCase().matches("%cipherinit%") and
     result = this.(Call).getArgument(5)
   }
@@ -92,7 +92,7 @@ class EVP_Cipher_EX2_or_Simple_Init_Call extends EVP_EX2_Initializer {
       ]
   }
 
-  override Expr getOperataionSubtypeArg() {
+  override Expr getOperationSubtypeArg() {
     this.(Call).getTarget().getName().toLowerCase().matches("%cipherinit%") and
     result = this.(Call).getArgument(4)
   }
@@ -101,23 +101,23 @@ class EVP_Cipher_EX2_or_Simple_Init_Call extends EVP_EX2_Initializer {
 class EVP_CipherInit_SKEY_Call extends EVP_EX2_Initializer {
   EVP_CipherInit_SKEY_Call() { this.(Call).getTarget().getName() in ["EVP_CipherInit_SKEY"] }
 
-  override Expr getOperataionSubtypeArg() { result = this.(Call).getArgument(5) }
+  override Expr getOperationSubtypeArg() { result = this.(Call).getArgument(5) }
 }
 
 class EVPCipherInitializerAlgorithmArgument extends Expr {
   EVPCipherInitializerAlgorithmArgument() {
-    exists(EVP_Cipher_Inititalizer initCall | this = initCall.getAlgorithmArg())
+    exists(EVP_Cipher_Initializer initCall | this = initCall.getAlgorithmArg())
   }
 }
 
 class EVPCipherInitializerKeyArgument extends Expr {
   EVPCipherInitializerKeyArgument() {
-    exists(EVP_Cipher_Inititalizer initCall | this = initCall.getKeyArg())
+    exists(EVP_Cipher_Initializer initCall | this = initCall.getKeyArg())
   }
 }
 
 class EVPCipherInitializerIVArgument extends Expr {
   EVPCipherInitializerIVArgument() {
-    exists(EVP_Cipher_Inititalizer initCall | this = initCall.getIVArg())
+    exists(EVP_Cipher_Initializer initCall | this = initCall.getIVArg())
   }
 }
diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPCipherOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPCipherOperation.qll
@@ -45,7 +45,7 @@ abstract class EVP_Cipher_Operation extends OpenSSLOperation, Crypto::KeyOperati
     this.(Call).getTarget().getName().toLowerCase().matches("%cipher%")
   }
 
-  EVP_Cipher_Inititalizer getInitCall() {
+  EVP_Cipher_Initializer getInitCall() {
     CTXFlow::ctxArgFlowsToCtxArg(result.getContextArg(), this.getContextArg())
   }
 
@@ -74,14 +74,14 @@ abstract class EVP_Final_Call extends EVP_Cipher_Operation {
 
 // TODO: only model Final (model final as operation and model update but not as an operation)
 // Updates are multiple input consumers (most important)
-// PUNT assuming update doesn't ouput, otherwise it outputs arifacts, but is not an operation
+// TODO: assuming update doesn't ouput, otherwise it outputs artifacts, but is not an operation
 class EVP_Cipher_Call extends EVP_Cipher_Operation {
   EVP_Cipher_Call() { this.(Call).getTarget().getName() = "EVP_Cipher" }
 
   override Expr getInputArg() { result = this.(Call).getArgument(2) }
 }
 
-// ******* TODO  NEED to model UPDATE but not as the coree operation, rather a step towards final,
+// ******* TODO: model UPDATE but not as the core operation, rather a step towards final
 // see the JCA
 // class EVP_Encrypt_Decrypt_or_Cipher_Update_Call extends EVP_Update_Call {
 //   EVP_Encrypt_Decrypt_or_Cipher_Update_Call() {

Original file line number	Diff line number	Diff line change
`@@ -10,14 +10,14 @@ module EncValToInitEncArgConfig implements DataFlow::ConfigSig {`
`10`	`10`	`predicate isSource(DataFlow::Node source) { source.asExpr().getValue().toInt() in [0, 1] }`
`11`	`11`
`12`	`12`	`predicate isSink(DataFlow::Node sink) {`
`13`		`- exists(EVP_Cipher_Inititalizer initCall \| sink.asExpr() = initCall.getOperataionSubtypeArg())`
	`13`	`+ exists(EVP_Cipher_Initializer initCall \| sink.asExpr() = initCall.getOperationSubtypeArg())`
`14`	`14`	`}`
`15`	`15`	`}`
`16`	`16`
`17`	`17`	`module EncValToInitEncArgFlow = DataFlow::Global<EncValToInitEncArgConfig>;`
`18`	`18`
`19`	`19`	`int getEncConfigValue(Expr e) {`
`20`		`- exists(EVP_Cipher_Inititalizer initCall \| e = initCall.getOperataionSubtypeArg()) and`
	`20`	`+ exists(EVP_Cipher_Initializer initCall \| e = initCall.getOperationSubtypeArg()) and`
`21`	`21`	`exists(DataFlow::Node a, DataFlow::Node b \|`
`22`	`22`	`EncValToInitEncArgFlow::flow(a, b) and b.asExpr() = e and result = a.asExpr().getValue().toInt()`
`23`	`23`	`)`
`@@ -34,7 +34,7 @@ Crypto::KeyOperationSubtype intToCipherOperationSubtype(int i) {`
`34`	`34`	`}`
`35`	`35`
`36`	`36`	`// TODO: need to add key consumer`
`37`		`-abstract class EVP_Cipher_Inititalizer extends Call {`
	`37`	`+abstract class EVP_Cipher_Initializer extends Call {`
`38`	`38`	`Expr getContextArg() { result = this.(Call).getArgument(0) }`
`39`	`39`
`40`	`40`	`Expr getAlgorithmArg() { result = this.(Call).getArgument(1) }`
`@@ -44,7 +44,7 @@ abstract class EVP_Cipher_Inititalizer extends Call {`
`44`	`44`	`abstract Expr getIVArg();`
`45`	`45`
`46`	`46`	`// abstract Crypto::CipherOperationSubtype getCipherOperationSubtype();`
`47`		`- abstract Expr getOperataionSubtypeArg();`
	`47`	`+ abstract Expr getOperationSubtypeArg();`
`48`	`48`
`49`	`49`	`Crypto::KeyOperationSubtype getCipherOperationSubtype() {`
`50`	`50`	`if this.(Call).getTarget().getName().toLowerCase().matches("%encrypt%")`
`@@ -53,19 +53,19 @@ abstract class EVP_Cipher_Inititalizer extends Call {`
`53`	`53`	`if this.(Call).getTarget().getName().toLowerCase().matches("%decrypt%")`
`54`	`54`	`then result instanceof Crypto::TDecryptMode`
`55`	`55`	`else`
`56`		`- if exists(getEncConfigValue(this.getOperataionSubtypeArg()))`
`57`		`- then result = intToCipherOperationSubtype(getEncConfigValue(this.getOperataionSubtypeArg()))`
	`56`	`+ if exists(getEncConfigValue(this.getOperationSubtypeArg()))`
	`57`	`+ then result = intToCipherOperationSubtype(getEncConfigValue(this.getOperationSubtypeArg()))`
`58`	`58`	`else result instanceof Crypto::TUnknownKeyOperationMode`
`59`	`59`	`}`
`60`	`60`	`}`
`61`	`61`
`62`		`-abstract class EVP_EX_Initializer extends EVP_Cipher_Inititalizer {`
	`62`	`+abstract class EVP_EX_Initializer extends EVP_Cipher_Initializer {`
`63`	`63`	`override Expr getKeyArg() { result = this.(Call).getArgument(3) }`
`64`	`64`
`65`	`65`	`override Expr getIVArg() { result = this.(Call).getArgument(4) }`
`66`	`66`	`}`
`67`	`67`
`68`		`-abstract class EVP_EX2_Initializer extends EVP_Cipher_Inititalizer {`
	`68`	`+abstract class EVP_EX2_Initializer extends EVP_Cipher_Initializer {`
`69`	`69`	`override Expr getKeyArg() { result = this.(Call).getArgument(2) }`
`70`	`70`
`71`	`71`	`override Expr getIVArg() { result = this.(Call).getArgument(3) }`
`@@ -78,7 +78,7 @@ class EVP_Cipher_EX_Init_Call extends EVP_EX_Initializer {`
`78`	`78`	`]`
`79`	`79`	`}`
`80`	`80`
`81`		`- override Expr getOperataionSubtypeArg() {`
	`81`	`+ override Expr getOperationSubtypeArg() {`
`82`	`82`	`this.(Call).getTarget().getName().toLowerCase().matches("%cipherinit%") and`
`83`	`83`	`result = this.(Call).getArgument(5)`
`84`	`84`	`}`
`@@ -92,7 +92,7 @@ class EVP_Cipher_EX2_or_Simple_Init_Call extends EVP_EX2_Initializer {`
`92`	`92`	`]`
`93`	`93`	`}`
`94`	`94`
`95`		`- override Expr getOperataionSubtypeArg() {`
	`95`	`+ override Expr getOperationSubtypeArg() {`
`96`	`96`	`this.(Call).getTarget().getName().toLowerCase().matches("%cipherinit%") and`
`97`	`97`	`result = this.(Call).getArgument(4)`
`98`	`98`	`}`
`@@ -101,23 +101,23 @@ class EVP_Cipher_EX2_or_Simple_Init_Call extends EVP_EX2_Initializer {`
`101`	`101`	`class EVP_CipherInit_SKEY_Call extends EVP_EX2_Initializer {`
`102`	`102`	`EVP_CipherInit_SKEY_Call() { this.(Call).getTarget().getName() in ["EVP_CipherInit_SKEY"] }`
`103`	`103`
`104`		`- override Expr getOperataionSubtypeArg() { result = this.(Call).getArgument(5) }`
	`104`	`+ override Expr getOperationSubtypeArg() { result = this.(Call).getArgument(5) }`
`105`	`105`	`}`
`106`	`106`
`107`	`107`	`class EVPCipherInitializerAlgorithmArgument extends Expr {`
`108`	`108`	`EVPCipherInitializerAlgorithmArgument() {`
`109`		`- exists(EVP_Cipher_Inititalizer initCall \| this = initCall.getAlgorithmArg())`
	`109`	`+ exists(EVP_Cipher_Initializer initCall \| this = initCall.getAlgorithmArg())`
`110`	`110`	`}`
`111`	`111`	`}`
`112`	`112`
`113`	`113`	`class EVPCipherInitializerKeyArgument extends Expr {`
`114`	`114`	`EVPCipherInitializerKeyArgument() {`
`115`		`- exists(EVP_Cipher_Inititalizer initCall \| this = initCall.getKeyArg())`
	`115`	`+ exists(EVP_Cipher_Initializer initCall \| this = initCall.getKeyArg())`
`116`	`116`	`}`
`117`	`117`	`}`
`118`	`118`
`119`	`119`	`class EVPCipherInitializerIVArgument extends Expr {`
`120`	`120`	`EVPCipherInitializerIVArgument() {`
`121`		`- exists(EVP_Cipher_Inititalizer initCall \| this = initCall.getIVArg())`
	`121`	`+ exists(EVP_Cipher_Initializer initCall \| this = initCall.getIVArg())`
`122`	`122`	`}`
`123`	`123`	`}`