Merge pull request github#12080 from alexrford/js-use-shared-cryptography

JS: Use shared `CryptographicOperation` concept

Author: alexrford

javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll

@@ -409,7 +409,7 @@ private class CryptographicOperationFlowCharacteristic extends NotASinkCharacter
   CryptographicOperationFlowCharacteristic() { this = "CryptographicOperationFlow" }
 
   override predicate appliesToEndpoint(DataFlow::Node n) {
-    any(CryptographicOperation op).getInput() = n
+    any(CryptographicOperation op).getAnInput() = n
   }
 }
 

javascript/ql/lib/change-notes/2023-02-15-cryptographic-operation-getinput-deprecated.md

@@ -0,0 +1,7 @@
+---
+category: breaking
+---
+* The `CryptographicOperation` concept has been changed to use a range pattern. This is a breaking change and existing implementations of `CryptographicOperation` will need to be updated in order to compile. These implementations can be updated by:
+  1. Extending `CryptographicOperation::Range` rather than `CryptographicOperation`
+  2. Renaming the `getInput()` member predicate as `getAnInput()`
+  3. Implementing the `BlockMode getBlockMode()` member predicate. The implementation for this can be `none()` if the operation is a hashing operation or an encryption operation using a stream cipher.

javascript/ql/lib/semmle/javascript/Concepts.qll

@@ -110,3 +110,40 @@ abstract class PersistentWriteAccess extends DataFlow::Node {
    */
   abstract DataFlow::Node getValue();
 }
+
+/**
+ * Provides models for cryptographic things.
+ */
+module Cryptography {
+  private import semmle.javascript.internal.ConceptsShared::Cryptography as SC
+
+  /**
+   * A data-flow node that is an application of a cryptographic algorithm. For example,
+   * encryption, decryption, signature-validation.
+   *
+   * Extend this class to refine existing API models. If you want to model new APIs,
+   * extend `CryptographicOperation::Range` instead.
+   */
+  class CryptographicOperation extends SC::CryptographicOperation instanceof CryptographicOperation::Range {
+    /**
+     * DEPRECATED. This predicate has been renamed to `getAnInput`.
+     *
+     * To implement `CryptographicOperation`, please extend
+     * `CryptographicOperation::Range` and implement `getAnInput` instead of
+     * extending this class directly.
+     */
+    deprecated final DataFlow::Node getInput() { result = this.getAnInput() }
+  }
+
+  class EncryptionAlgorithm = SC::EncryptionAlgorithm;
+
+  class HashingAlgorithm = SC::HashingAlgorithm;
+
+  class PasswordHashingAlgorithm = SC::PasswordHashingAlgorithm;
+
+  module CryptographicOperation = SC::CryptographicOperation;
+
+  class BlockMode = SC::BlockMode;
+
+  class CryptographicAlgorithm = SC::CryptographicAlgorithm;
+}