forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathInsufficientHashIterationsQuery.qll
More file actions
41 lines (32 loc) · 1.43 KB
/
InsufficientHashIterationsQuery.qll
File metadata and controls
41 lines (32 loc) · 1.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
/**
* Provides a taint tracking configuration to find insufficient hash
* iteration vulnerabilities.
*/
import swift
import codeql.swift.dataflow.DataFlow
import codeql.swift.dataflow.TaintTracking
import codeql.swift.security.InsufficientHashIterationsExtensions
/**
* An `Expr` that is used to initialize a password-based encryption key.
*/
abstract private class IterationsSource extends Expr { }
/**
* A literal integer that is 120,000 or less is a source of taint for iterations.
*/
private class IntLiteralSource extends IterationsSource instanceof IntegerLiteralExpr {
IntLiteralSource() { this.getStringValue().toInt() < 120000 }
}
/**
* A taint tracking configuration from the hash iterations source to expressions that use
* it to initialize hash functions.
*/
module InsufficientHashIterationsConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) { node.asExpr() instanceof IterationsSource }
predicate isSink(DataFlow::Node node) { node instanceof InsufficientHashIterationsSink }
predicate isBarrier(DataFlow::Node node) { node instanceof InsufficientHashIterationsBarrier }
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(InsufficientHashIterationsAdditionalFlowStep s).step(nodeFrom, nodeTo)
}
predicate observeDiffInformedIncrementalMode() { any() }
}
module InsufficientHashIterationsFlow = TaintTracking::Global<InsufficientHashIterationsConfig>;