WIP: add properties

Author: nicolaswill

cpp/ql/lib/experimental/Quantum/Base.qll

@@ -9,11 +9,19 @@ signature module InputSig<LocationSig Location> {
   class LocatableElement {
     Location getLocation();
   }
+
+  class UnknownLocation instanceof Location;
 }
 
 module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
   final class LocatableElement = Input::LocatableElement;
 
+  final class UnknownLocation = Input::UnknownLocation;
+
+  final class UnknownPropertyValue extends string {
+    UnknownPropertyValue() { this = "<unknown>" }
+  }
+
   abstract class NodeBase instanceof LocatableElement {
     /**
      * Returns a string representation of this node, usually the name of the operation/algorithm/property.
@@ -25,17 +33,26 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
      */
     Location getLocation() { result = super.getLocation() }
 
+    /**
+     * Gets the origin of this node, e.g., a string literal in source describing it.
+     */
+    LocatableElement getOrigin(string value) { none() }
+
     /**
      * Returns the child of this node with the given edge name.
      *
      * This predicate is used by derived classes to construct the graph of cryptographic operations.
      */
-    NodeBase getChild(string edgeName) { edgeName = "origin" and result = this.getOrigin() }
+    NodeBase getChild(string edgeName) { none() }
 
     /**
-     * Gets the origin of this node, e.g., a string literal in source describing it.
+     * Defines properties of this node by name and either a value or location or both.
+     *
+     * This predicate is used by derived classes to construct the graph of cryptographic operations.
      */
-    NodeBase getOrigin() { none() }
+    predicate properties(string key, string value, Location location) {
+      key = "origin" and location = this.getOrigin(value).getLocation()
+    }
 
     /**
      * Returns the parent of this node.
@@ -86,7 +103,7 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
   abstract class HashOperation extends Operation {
     abstract override HashAlgorithm getAlgorithm();
 
-    override string getOperationName() { result = "hash" }
+    override string getOperationName() { result = "HASH" }
   }
 
   // Rule: no newtype representing a type of algorithm should be modelled with multiple interfaces
@@ -105,34 +122,40 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
     MD5() or
     SHA1() or
     SHA256() or
-    SHA512()
-
-  class HashAlgorithmType extends THashType {
-    string toString() { hashTypeToNameMapping(this, result) }
-  }
-
-  predicate hashTypeToNameMapping(THashType type, string name) {
-    type instanceof SHA1 and name = "SHA-1"
-    or
-    type instanceof SHA256 and name = "SHA-256"
-    or
-    type instanceof SHA512 and name = "SHA-512"
-  }
+    SHA512() or
+    OtherHashType()
 
   /**
    * A hashing algorithm that transforms variable-length input into a fixed-size hash value.
    */
   abstract class HashAlgorithm extends Algorithm {
-    abstract HashAlgorithmType getHashType();
+    final predicate hashTypeToNameMapping(THashType type, string name) {
+      type instanceof MD5 and name = "MD5"
+      or
+      type instanceof SHA1 and name = "SHA-1"
+      or
+      type instanceof SHA256 and name = "SHA-256"
+      or
+      type instanceof SHA512 and name = "SHA-512"
+      or
+      type instanceof OtherHashType and name = this.getRawAlgorithmName()
+    }
+
+    abstract THashType getHashType();
+
+    override string getAlgorithmName() { this.hashTypeToNameMapping(this.getHashType(), result) }
 
-    override string getAlgorithmName() { hashTypeToNameMapping(this.getHashType(), result) }
+    /**
+     * Gets the raw name of this hash algorithm from source.
+     */
+    abstract string getRawAlgorithmName();
   }
 
   /**
    * An operation that derives one or more keys from an input value.
    */
   abstract class KeyDerivationOperation extends Operation {
-    override string getOperationName() { result = "key derivation" }
+    override string getOperationName() { result = "KEY_DERIVATION" }
   }
 
   /**
@@ -143,7 +166,7 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
   }
 
   /**
-   * HKDF Extract+Expand key derivation function.
+   * HKDF key derivation function
    */
   abstract class HKDF extends KeyDerivationAlgorithm {
     final override string getAlgorithmName() { result = "HKDF" }
@@ -157,6 +180,9 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
     }
   }
 
+  /**
+   * PKCS #12 key derivation function
+   */
   abstract class PKCS12KDF extends KeyDerivationAlgorithm {
     final override string getAlgorithmName() { result = "PKCS12KDF" }
 
@@ -168,4 +194,31 @@ module CryptographyBase<LocationSig Location, InputSig<Location> Input> {
       edgeName = "digest" and result = this.getHashAlgorithm()
     }
   }
+
+  /**
+   * Elliptic curve algorithm
+   */
+  abstract class EllipticCurve extends Algorithm {
+    abstract string getVersion(Location location);
+
+    abstract string getKeySize(Location location);
+
+    override predicate properties(string key, string value, Location location) {
+      super.properties(key, value, location)
+      or
+      key = "version" and
+      if exists(this.getVersion(location))
+      then value = this.getVersion(location)
+      else (
+        value instanceof UnknownPropertyValue and location instanceof UnknownLocation
+      )
+      or
+      key = "key_size" and
+      if exists(this.getKeySize(location))
+      then value = this.getKeySize(location)
+      else (
+        value instanceof UnknownPropertyValue and location instanceof UnknownLocation
+      )
+    }
+  }
 }

cpp/ql/lib/experimental/Quantum/Language.qll

@@ -3,6 +3,8 @@ private import cpp as Lang
 
 module CryptoInput implements InputSig<Lang::Location> {
   class LocatableElement = Lang::Locatable;
+
+  class UnknownLocation = Lang::UnknownDefaultLocation;
 }
 
 module Crypto = CryptographyBase<Lang::Location, CryptoInput>;

cpp/ql/lib/experimental/Quantum/OpenSSL.qll

@@ -9,7 +9,9 @@ module OpenSSLModel {
   class SHA1Algo extends Crypto::HashAlgorithm instanceof MacroAccess {
     SHA1Algo() { this.getMacro().getName() = "SN_sha1" }
 
-    override Crypto::HashAlgorithmType getHashType() { result instanceof Crypto::SHA1 }
+    override string getRawAlgorithmName() { result = "SN_sha1" }
+
+    override Crypto::THashType getHashType() { result instanceof Crypto::SHA1 }
   }
 
   module AlgorithmToEVPKeyDeriveConfig implements DataFlow::ConfigSig {
@@ -77,7 +79,9 @@ module OpenSSLModel {
 
     override Crypto::HashAlgorithm getHashAlgorithm() { none() }
 
-    override Crypto::NodeBase getOrigin() { result = origin }
+    override Crypto::LocatableElement getOrigin(string name) {
+      result = origin and name = origin.toString()
+    }
   }
 
   class TestKeyDerivationOperationHacky extends KeyDerivationOperation instanceof FunctionCall {
@@ -97,6 +101,8 @@ module OpenSSLModel {
 
     override Crypto::HashAlgorithm getHashAlgorithm() { none() }
 
-    override Crypto::NodeBase getOrigin() { result = origin }
+    override Crypto::NodeBase getOrigin(string name) {
+      result = origin and name = origin.toString()
+    }
   }
 }

cpp/ql/src/experimental/Quantum/Test.ql

@@ -5,7 +5,33 @@
 
 import experimental.Quantum.Language
 
-query predicate nodes(Crypto::NodeBase node) { any() }
+string getValueAndLocationPairs(Crypto::NodeBase node, string key) {
+  exists(string value, Location location |
+    node.properties(key, value, location) and
+    result = "(" + value + "," + location.toString() + ")"
+  )
+}
+
+string properties(Crypto::NodeBase node) {
+  forex(string key | node.properties(key, _, _) |
+    result = key + ":" + strictconcat(getValueAndLocationPairs(node, key), ",")
+  )
+}
+
+string getLabel(Crypto::NodeBase node) {
+  result =
+    "[" + node.toString() + "]" +
+      any(string prop |
+        if exists(properties(node)) then prop = " " + properties(node) else prop = ""
+      |
+        prop
+      )
+}
+
+query predicate nodes(Crypto::NodeBase node, string key, string value) {
+  key = "semmle.label" and
+  value = getLabel(node)
+}
 
 query predicate edges(Crypto::NodeBase source, Crypto::NodeBase target, string key, string value) {
   target = source.getChild(value) and

cpp/ql/src/experimental/Quantum/Test2.ql

@@ -4,5 +4,5 @@
 
 import experimental.Quantum.Language
 
-from Crypto::KeyDerivationAlgorithm n
-select n
+from Crypto::NodeBase node
+select node