codeql/python/ql/src/Security/CWE-327/InsecureProtocol.ql at 2e948da3b4a5de3e0bc56d4ad0d19f4f787d5473 · github/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
/**
 * @name Use of insecure SSL/TLS version
 * @description Using an insecure SSL/TLS version may leave the connection vulnerable to attacks.
 * @id py/insecure-protocol
 * @kind problem
 * @problem.severity warning
 * @precision high
 * @tags security
 *       external/cwe/cwe-327
 */

import python
import FluentApiModel

string callName(AstNode call) {
  result = call.(Name).getId()
  or
  exists(Attribute a | a = call | result = callName(a.getObject()) + "." + a.getName())
}

string originName(DataFlow::Node contextOrigin) {
  result = "call to " + callName(contextOrigin.asCfgNode().(CallNode).getFunction().getNode())
  or
  not contextOrigin.asCfgNode() instanceof CallNode and
  not contextOrigin instanceof ContextCreation and
  result = "context modification"
}

string verb(boolean specific) {
  specific = true and result = "specified"
  or
  specific = false and result = "allowed"
}

from
  DataFlow::Node creation, string insecure_version, DataFlow::Node contextOrigin, boolean specific
where
  unsafe_connection_creation(creation, insecure_version, contextOrigin, specific)
  or
  unsafe_context_creation(creation, insecure_version) and
  contextOrigin = creation and
  specific = true
select creation,
  "Insecure SSL/TLS protocol version " + insecure_version + " " + verb(specific) + " by $@ ",
  contextOrigin, originName(contextOrigin)