Misc. cleanup

bdrodes · bdrodes · commit 5694f029de96 · 2025-05-02T14:03:50.000-04:00
diff --git a/cpp/ql/lib/experimental/Quantum/Language.qll b/cpp/ql/lib/experimental/Quantum/Language.qll
@@ -1,6 +1,7 @@
 private import codeql.cryptography.Model
 import semmle.code.cpp.ir.IR
 import semmle.code.cpp.security.FlowSources as FlowSources
+import semmle.code.cpp.dataflow.new.DataFlow
 private import cpp as Lang
 
 module CryptoInput implements InputSig<Lang::Location> {
@@ -15,10 +16,44 @@ module CryptoInput implements InputSig<Lang::Location> {
     result = node.asParameter() or
     result = node.asVariable()
   }
+
+  string locationToFileBaseNameAndLineNumberString(Location location) {
+    result = location.getFile().getBaseName() + ":" + location.getStartLine()
+  }
+
+  predicate artifactOutputFlowsToGenericInput(
+    DataFlow::Node artifactOutput, DataFlow::Node otherInput
+  ) {
+    ArtifactFlow::flow(artifactOutput, otherInput)
+  }
 }
 
 module Crypto = CryptographyBase<Lang::Location, CryptoInput>;
 
+module ArtifactFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
+    source = any(Crypto::ArtifactInstance artifact).getOutputNode()
+  }
+
+  predicate isSink(DataFlow::Node sink) {
+    sink = any(Crypto::FlowAwareElement other).getInputNode()
+  }
+
+  predicate isBarrierOut(DataFlow::Node node) {
+    node = any(Crypto::FlowAwareElement element).getInputNode()
+  }
+
+  predicate isBarrierIn(DataFlow::Node node) {
+    node = any(Crypto::FlowAwareElement element).getOutputNode()
+  }
+
+  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
+    node1.(AdditionalFlowInputStep).getOutput() = node2
+  }
+}
+
+module ArtifactFlow = DataFlow::Global<ArtifactFlowConfig>;
+
 /**
  * Artifact output to node input configuration
  */
@@ -31,9 +66,9 @@ abstract class AdditionalFlowInputStep extends DataFlow::Node {
 /**
  * Generic data source to node input configuration
  */
-module GenericDataSourceUniversalFlowConfig implements DataFlow::ConfigSig {
+module GenericDataSourceFlowConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) {
-    source = any(Crypto::GenericDataSourceInstance i).getOutputNode()
+    source = any(Crypto::GenericSourceInstance i).getOutputNode()
   }
 
   predicate isSink(DataFlow::Node sink) {
@@ -53,41 +88,6 @@ module GenericDataSourceUniversalFlowConfig implements DataFlow::ConfigSig {
   }
 }
 
-// // // TODO: I think this will be inefficient, no?
-// // class ConstantDataSource extends Crypto::GenericConstantOrAllocationSource instanceof Literal {
-// //   override DataFlow::Node getOutputNode() {
-// //     result.asExpr() = this
-// //   }
-// //   override predicate flowsTo(Crypto::FlowAwareElement other) {
-// //     // TODO: separate config to avoid blowing up data-flow analysis
-// //     GenericDataSourceUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
-// //   }
-// //   override string getAdditionalDescription() { result = this.toString() }
-// // }
-// /**
-//  * Definitions of various generic data sources
-//  */
-// // final class DefaultFlowSource = SourceNode;
-// // final class DefaultRemoteFlowSource = RemoteFlowSource;
-// // class GenericLocalDataSource extends Crypto::GenericLocalDataSource {
-// //   GenericLocalDataSource() {
-// //     any(DefaultFlowSource src | not src instanceof DefaultRemoteFlowSource).asExpr() = this
-// //   }
-// //   override DataFlow::Node getOutputNode() { result.asExpr() = this }
-// //   override predicate flowsTo(Crypto::FlowAwareElement other) {
-// //     GenericDataSourceUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
-// //   }
-// //   override string getAdditionalDescription() { result = this.toString() }
-// // }
-// // class GenericRemoteDataSource extends Crypto::GenericRemoteDataSource {
-// //   GenericRemoteDataSource() { any(DefaultRemoteFlowSource src).asExpr() = this }
-// //   override DataFlow::Node getOutputNode() { result.asExpr() = this }
-// //   override predicate flowsTo(Crypto::FlowAwareElement other) {
-// //     GenericDataSourceUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
-// //   }
-// //   override string getAdditionalDescription() { result = this.toString() }
-// // }
-// module GenericDataSourceUniversalFlow = DataFlow::Global<GenericDataSourceUniversalFlowConfig>;
 module ArtifactUniversalFlowConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) {
     source = any(Crypto::ArtifactInstance artifact).getOutputNode()
@@ -112,10 +112,12 @@ module ArtifactUniversalFlowConfig implements DataFlow::ConfigSig {
 
 module ArtifactUniversalFlow = DataFlow::Global<ArtifactUniversalFlowConfig>;
 
-abstract class CipherOutputArtifact extends Crypto::KeyOperationOutputArtifactInstance {
-  override predicate flowsTo(Crypto::FlowAwareElement other) {
-    ArtifactUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
-  }
-}
-
+// abstract class CipherOutputArtifact extends Crypto::KeyOperationOutputArtifactInstance {
+//   override predicate flowsTo(Crypto::FlowAwareElement other) {
+//     ArtifactUniversalFlow::flow(this.getOutputNode(), other.getInputNode())
+//   }
+// }
+// // final override predicate flowsTo(FlowAwareElement other) {
+// //   Input::artifactOutputFlowsToGenericInput(this.getOutputNode(), other.getInputNode())
+// // }
 import OpenSSL.OpenSSL
diff --git a/cpp/ql/lib/experimental/Quantum/OpenSSL/CtxFlow.qll b/cpp/ql/lib/experimental/Quantum/OpenSSL/CtxFlow.qll
@@ -1,9 +1,11 @@
+//TODO: model as data on open APIs should be able to get common flows, and obviate some of this
+// e.g., copy/dup calls, need to ingest those models for openSSL and refactor.
 /**
  * In OpenSSL, flow between 'context' parameters is often used to
  * store state/config of how an operation will eventually be performed.
  * Tracing algorithms and configurations to operations therefore
- * requires tracing context parameters for many OpenSSL apis. 
- * 
+ * requires tracing context parameters for many OpenSSL apis.
+ *
  * This library provides a dataflow analysis to track context parameters
  * between any two functions accepting openssl context parameters.
  * The dataflow takes into consideration flowing through duplication and copy calls
@@ -88,7 +90,7 @@ module OpenSSLCTXArgumentFlowConfig implements DataFlow::ConfigSig {
 
 module OpenSSLCTXArgumentFlow = DataFlow::Global<OpenSSLCTXArgumentFlowConfig>;
 
-predicate ctxFlowsTo(CTXPointerArgument source, CTXPointerArgument sink) {
+predicate ctxArgFlowsToCtxArg(CTXPointerArgument source, CTXPointerArgument sink) {
   exists(DataFlow::Node a, DataFlow::Node b |
     OpenSSLCTXArgumentFlow::flow(a, b) and
     a.asExpr() = source and
diff --git a/cpp/ql/lib/experimental/Quantum/OpenSSL/OpenSSL.qll b/cpp/ql/lib/experimental/Quantum/OpenSSL/OpenSSL.qll
