Rust: Implement the query.

Author: geoffw0

rust/ql/lib/codeql/rust/Concepts.qll

@@ -172,3 +172,32 @@ module SqlSanitization {
    */
   abstract class Range extends DataFlow::Node { }
 }
+
+/**
+ * Provides models for cryptographic things.
+ */
+module Cryptography {
+  private import codeql.rust.internal.ConceptsShared::Cryptography as SC
+
+  /**
+   * A data-flow node that is an application of a cryptographic algorithm. For example,
+   * encryption, decryption, signature-validation.
+   *
+   * Extend this class to refine existing API models. If you want to model new APIs,
+   * extend `CryptographicOperation::Range` instead.
+   */
+  class CryptographicOperation extends SC::CryptographicOperation instanceof CryptographicOperation::Range
+  { }
+
+  class EncryptionAlgorithm = SC::EncryptionAlgorithm;
+
+  class HashingAlgorithm = SC::HashingAlgorithm;
+
+  class PasswordHashingAlgorithm = SC::PasswordHashingAlgorithm;
+
+  module CryptographicOperation = SC::CryptographicOperation;
+
+  class BlockMode = SC::BlockMode;
+
+  class CryptographicAlgorithm = SC::CryptographicAlgorithm;
+}

rust/ql/src/queries/security/CWE-327/BrokenCryptoAlgorithm.ql

@@ -11,7 +11,15 @@
  */
 
 import rust
+import codeql.rust.Concepts
 
-from int i
-where none()
-select i
+from Cryptography::CryptographicOperation operation, string msgPrefix
+where
+  exists(Cryptography::EncryptionAlgorithm algorithm | algorithm = operation.getAlgorithm() |
+    algorithm.isWeak() and
+    msgPrefix = "The cryptographic algorithm " + algorithm.getName()
+  )
+  or
+  operation.getBlockMode().isWeak() and msgPrefix = "The block mode " + operation.getBlockMode()
+select operation, "$@ is broken or weak, and should not be used.", operation.getInitialization(),
+  msgPrefix