-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathFluentApiModel.qll
More file actions
75 lines (66 loc) · 2.31 KB
/
FluentApiModel.qll
File metadata and controls
75 lines (66 loc) · 2.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
import python
import TlsLibraryModel
/**
* Configuration to track flow from the creation of a context to
* that context being used to create a connection.
* Flow is broken if the insecure protocol of interest is being restricted.
*/
class InsecureContextConfiguration extends DataFlow::Configuration {
TlsLibrary library;
ProtocolVersion tracked_version;
InsecureContextConfiguration() {
this = library + "Allows" + tracked_version and
tracked_version.isInsecure()
}
ProtocolVersion getTrackedVersion() { result = tracked_version }
override predicate isSource(DataFlow::Node source) {
// source = library.unspecific_context_creation()
exists(ProtocolUnrestriction pu |
pu = library.protocol_unrestriction() and
pu.getUnrestriction() = tracked_version
|
source = pu.getContext()
)
}
override predicate isSink(DataFlow::Node sink) {
sink = library.connection_creation().getContext()
}
override predicate isBarrierOut(DataFlow::Node node) {
exists(ProtocolRestriction r |
r = library.protocol_restriction() and
node = r.getContext() and
r.getRestriction() = tracked_version
)
}
override predicate isBarrierIn(DataFlow::Node node) { this.isSource(node) }
}
/**
* A connection is created from a context allowing an insecure protocol,
* and that protocol has not been restricted appropriately.
*/
predicate unsafe_connection_creation(
DataFlow::Node creation, ProtocolVersion insecure_version, DataFlow::Node source, boolean specific
) {
// Connection created from a context allowing `insecure_version`.
exists(InsecureContextConfiguration c, ProtocolUnrestriction cc | c.hasFlow(cc, creation) |
insecure_version = c.getTrackedVersion() and
source = cc and
specific = false
)
or
// Connection created from a context specifying `insecure_version`.
exists(TlsLibrary l, DataFlow::CfgNode cc |
cc = l.insecure_connection_creation(insecure_version)
|
creation = cc and
source = cc and
specific = true
)
}
/** A connection is created insecurely without reference to a context. */
predicate unsafe_context_creation(DataFlow::Node node, string insecure_version, CallNode call) {
exists(TlsLibrary l, ContextCreation cc | cc = l.insecure_context_creation(insecure_version) |
cc = node and
cc.getNode() = call
)
}