Rust: Move ModelledHashOperation to a more logical location.

geoffw0 · geoffw0 · commit c115169dbeaa · 2025-01-10T12:36:05.000Z
diff --git a/rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll b/rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll
@@ -5,9 +5,6 @@
 private import rust
 private import codeql.rust.Concepts
 private import codeql.rust.dataflow.DataFlow
-private import codeql.rust.dataflow.FlowSource
-private import codeql.rust.dataflow.FlowSink
-private import codeql.rust.dataflow.internal.DataFlowImpl
 
 bindingset[algorithmName]
 private string simplifyAlgorithmName(string algorithmName) {
@@ -58,28 +55,3 @@ class StreamCipherInit extends Cryptography::CryptographicOperation::Range {
 
   override Cryptography::BlockMode getBlockMode() { result = "" }
 }
-
-/**
- * An externally modelled operation that hashes data, for example a call to `md5::Md5::digest(data)`.
- */
-class ModelledHashOperation extends Cryptography::CryptographicOperation::Range {
-  DataFlow::Node input;
-  CallExpr call;
-  string algorithmName;
-
-  ModelledHashOperation() {
-    sinkNode(input, "hasher-input") and
-    call = input.(Node::FlowSummaryNode).getSinkElement().getCall() and
-    call = this.asExpr().getExpr() and
-    algorithmName =
-      call.getFunction().(PathExpr).getPath().getQualifier().getPart().getNameRef().getText()
-  }
-
-  override DataFlow::Node getInitialization() { result = this }
-
-  override Cryptography::CryptographicAlgorithm getAlgorithm() { result.matchesName(algorithmName) }
-
-  override DataFlow::Node getAnInput() { result = input }
-
-  override Cryptography::BlockMode getBlockMode() { none() } // (does not apply for hashing)
-}
diff --git a/rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll b/rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll
@@ -12,6 +12,9 @@ import rust
 private import codeql.rust.Concepts
 private import codeql.rust.security.SensitiveData
 private import codeql.rust.dataflow.DataFlow
+private import codeql.rust.dataflow.FlowSource
+private import codeql.rust.dataflow.FlowSink
+private import codeql.rust.dataflow.internal.DataFlowImpl
 
 /**
  * Provides default sources, sinks and sanitizers for detecting "use of a broken or weak
@@ -169,3 +172,28 @@ module ComputationallyExpensiveHashFunction {
     }
   }
 }
+
+/**
+ * An externally modelled operation that hashes data, for example a call to `md5::Md5::digest(data)`.
+ */
+class ModelledHashOperation extends Cryptography::CryptographicOperation::Range {
+  DataFlow::Node input;
+  CallExpr call;
+  string algorithmName;
+
+  ModelledHashOperation() {
+    sinkNode(input, "hasher-input") and
+    call = input.(Node::FlowSummaryNode).getSinkElement().getCall() and
+    call = this.asExpr().getExpr() and
+    algorithmName =
+      call.getFunction().(PathExpr).getPath().getQualifier().getPart().getNameRef().getText()
+  }
+
+  override DataFlow::Node getInitialization() { result = this }
+
+  override Cryptography::CryptographicAlgorithm getAlgorithm() { result.matchesName(algorithmName) }
+
+  override DataFlow::Node getAnInput() { result = input }
+
+  override Cryptography::BlockMode getBlockMode() { none() } // (does not apply for hashing)
+}
