codeql/java/ql/src/experimental/quantum/Analysis/WeakBlockModes.ql at c5cf0ffa75ba55201346f786fe6db8cb4f610223 · Santandersecurityresearch/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
/**
 * @name Weak AES Block mode
 * @id java/quantum/weak-block-modes
 * @description An AES cipher is in use with an insecure block mode
 * @kind problem
 * @problem.severity error
 * @security.severity low
 * @precision high
 * @tags quantum
 *       experimental
 */

import java
import experimental.quantum.Language

class WeakAESBlockModeAlgNode extends Crypto::KeyOperationAlgorithmNode {
  WeakAESBlockModeAlgNode() {
    this.getAlgorithmType() = Crypto::KeyOpAlg::TSymmetricCipher(Crypto::KeyOpAlg::AES()) and
    (this.getModeOfOperation().getModeType() = Crypto::KeyOpAlg::ECB() or
     this.getModeOfOperation().getModeType() = Crypto::KeyOpAlg::CFB() or
     this.getModeOfOperation().getModeType() = Crypto::KeyOpAlg::OFB() or
     this.getModeOfOperation().getModeType() = Crypto::KeyOpAlg::CTR()
    )
  }
}

from Crypto::KeyOperationNode op, Crypto::KeyOperationOutputNode codeNode
where op.getAKnownAlgorithm() instanceof WeakAESBlockModeAlgNode and
    codeNode = op.getAnOutputArtifact()
select op, "Weak AES block mode instance."