query format

Author: chanel-y

powershell/ql/lib/semmle/code/powershell/security/cryptography/Concepts.qll

@@ -1,4 +1,3 @@
 import CryptoAlgorithmNames
 import CryptoArtifact
-
-import CryptographyModule
+import CryptographyModule

powershell/ql/lib/semmle/code/powershell/security/cryptography/CryptoAlgorithmNames.qll

@@ -1,5 +1,6 @@
 predicate isHashingAlgorithm(string name) {
-  name = [
+  name =
+    [
       "blake2", "blake2b", "blake2s", "sha2", "sha224", "sha256", "sha384", "sha512", "sha512224",
       "sha512256", "sha3", "sha3224", "sha3256", "sha3384", "sha3512", "shake128", "shake256",
       "sm3", "whirlpool", "poly1305", "havel128", "md2", "md4", "md5", "panama", "ripemd",
@@ -9,7 +10,8 @@ predicate isHashingAlgorithm(string name) {
 }
 
 predicate isSymmetricAlgorithm(string name) {
-  name = [
+  name =
+    [
       "aes", "aes128", "aes192", "aes256", "aria", "blowfish", "bf", "ecies", "cast", "cast5",
       "camellia", "camellia128", "camellia192", "camellia256", "chacha", "chacha20",
       "chacha20poly1305", "gost", "gostr34102001", "gostr341094", "gostr341194", "gost2814789",
@@ -24,4 +26,4 @@ predicate isCipherBlockModeAlgorithm(string name) {
   name = ["cbc", "gcm", "ccm", "cfb", "ofb", "cfb8", "ctr", "openpgp", "xts", "eax", "siv", "ecb"]
 }
 
-string unknownAlgorithm() { result = "UNKNOWN" }
+string unknownAlgorithm() { result = "UNKNOWN" }

powershell/ql/lib/semmle/code/powershell/security/cryptography/CryptoArtifact.qll

@@ -35,4 +35,4 @@ abstract class BlockMode extends CryptographicAlgorithm {
     then isCipherBlockModeAlgorithm(result) and result = this.getName()
     else result = unknownAlgorithm()
   }
-}
+}

powershell/ql/lib/semmle/code/powershell/security/cryptography/CryptographyModule.qll

@@ -1,198 +1,209 @@
 import powershell
 import semmle.code.powershell.dataflow.DataFlow
 import semmle.code.powershell.ApiGraphs
-
 import CryptoArtifact
 
 class CryptoAlgorithmObjectCreation extends DataFlow::ObjectCreationNode {
-    string objectName; 
-    CryptoAlgorithmObjectCreation(){
-        objectName = this.getExprNode().getExpr().(CallExpr).getAnArgument().getValue().asString().toLowerCase()
-    }
-    string getObjectName() {
-      result = objectName
-    }
+  string objectName;
+
+  CryptoAlgorithmObjectCreation() {
+    objectName =
+      this.getExprNode().getExpr().(CallExpr).getAnArgument().getValue().asString().toLowerCase()
+  }
+
+  string getObjectName() { result = objectName }
 }
 
 class CryptoAlgorithmCreateCall extends DataFlow::CallNode {
-  string objectName; 
-    CryptoAlgorithmCreateCall() {
-      this = API::getTopLevelMember("system").getMember("security").getMember("cryptography").getMember(objectName).getMember("create").asCall()  
-  }
+  string objectName;
 
-  string getObjectName() {
-    result = objectName
+  CryptoAlgorithmCreateCall() {
+    this =
+      API::getTopLevelMember("system")
+          .getMember("security")
+          .getMember("cryptography")
+          .getMember(objectName)
+          .getMember("create")
+          .asCall()
   }
+
+  string getObjectName() { result = objectName }
 }
 
 class CryptoAlgorithmCreateArgCall extends DataFlow::CallNode {
-  string objectName; 
-    CryptoAlgorithmCreateArgCall() {
+  string objectName;
+
+  CryptoAlgorithmCreateArgCall() {
     (
-        this = API::getTopLevelMember("system").getMember("security").getMember("cryptography").getMember(_).getMember("create").asCall() or
-        this = API::getTopLevelMember("system").getMember("security").getMember("cryptography").getMember("create").asCall() 
-    ) and 
-      objectName = this.getAnArgument().asExpr().getValue().asString().toLowerCase()
+      this =
+        API::getTopLevelMember("system")
+            .getMember("security")
+            .getMember("cryptography")
+            .getMember(_)
+            .getMember("create")
+            .asCall() or
+      this =
+        API::getTopLevelMember("system")
+            .getMember("security")
+            .getMember("cryptography")
+            .getMember("create")
+            .asCall()
+    ) and
+    objectName = this.getAnArgument().asExpr().getValue().asString().toLowerCase()
   }
 
-  string getObjectName() {
-    result = objectName
-  }
+  string getObjectName() { result = objectName }
 }
 
-
 class CryptoAlgorithmCreateFromNameCall extends DataFlow::CallNode {
-  string objectName; 
-    CryptoAlgorithmCreateFromNameCall() {
-      this = API::getTopLevelMember("system").getMember("security").getMember("cryptography").getMember("cryptoconfig").getMember("createfromname").asCall() and
-      objectName = this.getAnArgument().asExpr().getValue().asString().toLowerCase()
-  }
+  string objectName;
 
-  string getObjectName() {
-    result = objectName
+  CryptoAlgorithmCreateFromNameCall() {
+    this =
+      API::getTopLevelMember("system")
+          .getMember("security")
+          .getMember("cryptography")
+          .getMember("cryptoconfig")
+          .getMember("createfromname")
+          .asCall() and
+    objectName = this.getAnArgument().asExpr().getValue().asString().toLowerCase()
   }
+
+  string getObjectName() { result = objectName }
 }
 
 class HashAlgorithmObjectCreation extends HashAlgorithm, CryptoAlgorithmObjectCreation {
-  string algName; 
-    HashAlgorithmObjectCreation() {
+  string algName;
+
+  HashAlgorithmObjectCreation() {
     (
-        this.getObjectName() = "system.security.cryptography." + algName or
-        this.getObjectName() = "system.security.cryptography." + algName + "cryptoserviceprovider"
-    )
-    and
-      isHashingAlgorithm(algName) 
+      this.getObjectName() = "system.security.cryptography." + algName or
+      this.getObjectName() = "system.security.cryptography." + algName + "cryptoserviceprovider"
+    ) and
+    isHashingAlgorithm(algName)
   }
 
-  override string getName() {
-    result = algName
-  }
+  override string getName() { result = algName }
 }
 
 class HashAlgorithmCreateCall extends HashAlgorithm, CryptoAlgorithmCreateCall {
-  string algName; 
-    HashAlgorithmCreateCall() {
-        isHashingAlgorithm(this.getObjectName()) and 
-        (
-        this.getObjectName() = algName or 
-        this.getObjectName() = "system.security.cryptography." + algName 
-        )
-  }
-  override string getName() {
-    result = algName
+  string algName;
+
+  HashAlgorithmCreateCall() {
+    isHashingAlgorithm(this.getObjectName()) and
+    (
+      this.getObjectName() = algName or
+      this.getObjectName() = "system.security.cryptography." + algName
+    )
   }
+
+  override string getName() { result = algName }
 }
 
 class HashAlgorithmCreateFromNameCall extends HashAlgorithm, CryptoAlgorithmCreateFromNameCall {
-  string algName; 
-    HashAlgorithmCreateFromNameCall() {
-      (
-        this.getObjectName() = algName or 
-        this.getObjectName() = "system.security.cryptography." + algName 
-      ) and
-      isHashingAlgorithm(algName) 
-  }
+  string algName;
 
-  override string getName() {
-    result = algName
+  HashAlgorithmCreateFromNameCall() {
+    (
+      this.getObjectName() = algName or
+      this.getObjectName() = "system.security.cryptography." + algName
+    ) and
+    isHashingAlgorithm(algName)
   }
+
+  override string getName() { result = algName }
 }
 
 class SymmetricAlgorithmObjectCreation extends SymmetricAlgorithm, CryptoAlgorithmObjectCreation {
-  string algName; 
-    SymmetricAlgorithmObjectCreation() {
+  string algName;
+
+  SymmetricAlgorithmObjectCreation() {
     (
-        this.getObjectName() = "system.security.cryptography." + algName or
-        this.getObjectName() = "system.security.cryptography." + algName + "cryptoserviceprovider" or 
-        this.getObjectName() = "system.security.cryptography.symmetricalgorithm." + algName
-    )
-    and
-      isSymmetricAlgorithm(algName) 
+      this.getObjectName() = "system.security.cryptography." + algName or
+      this.getObjectName() = "system.security.cryptography." + algName + "cryptoserviceprovider" or
+      this.getObjectName() = "system.security.cryptography.symmetricalgorithm." + algName
+    ) and
+    isSymmetricAlgorithm(algName)
   }
 
-  override string getName() {
-    result = algName
-  }
+  override string getName() { result = algName }
 }
 
 class SymmetricAlgorithmCreateCall extends SymmetricAlgorithm, CryptoAlgorithmCreateCall {
-  string algName; 
-    SymmetricAlgorithmCreateCall() {
-        isSymmetricAlgorithm(this.getObjectName()) and 
-        (
-            this.getObjectName() = algName or 
-            this.getObjectName() = "system.security.cryptography." + algName or 
-            this.getObjectName() = "system.security.cryptography.symmetricalgorithm." + algName 
-        )
-  }
-  override string getName() {
-    result = algName
+  string algName;
+
+  SymmetricAlgorithmCreateCall() {
+    isSymmetricAlgorithm(this.getObjectName()) and
+    (
+      this.getObjectName() = algName or
+      this.getObjectName() = "system.security.cryptography." + algName or
+      this.getObjectName() = "system.security.cryptography.symmetricalgorithm." + algName
+    )
   }
+
+  override string getName() { result = algName }
 }
 
 class SymmetricAlgorithmCreateArgCall extends SymmetricAlgorithm, CryptoAlgorithmCreateArgCall {
-  string algName; 
-    SymmetricAlgorithmCreateArgCall() {
-        
-        (
-            algName = this.getObjectName() and
-            isSymmetricAlgorithm(algName) 
-        ) or 
-        (
-            this.getObjectName() = "system.security.cryptography." + algName and
-            isSymmetricAlgorithm(algName)
-        )
-  }
-  override string getName() {
-    result = algName
+  string algName;
+
+  SymmetricAlgorithmCreateArgCall() {
+    algName = this.getObjectName() and
+    isSymmetricAlgorithm(algName)
+    or
+    this.getObjectName() = "system.security.cryptography." + algName and
+    isSymmetricAlgorithm(algName)
   }
+
+  override string getName() { result = algName }
 }
 
-class SymmetricAlgorithmCreateFromNameCall extends SymmetricAlgorithm, CryptoAlgorithmCreateFromNameCall {
-  string algName; 
-    SymmetricAlgorithmCreateFromNameCall() {
-      (
-        this.getObjectName() = algName or 
-        this.getObjectName() = "system.security.cryptography." + algName or
-        this.getObjectName() = "system.security.cryptography.symmetricalgorithm." + algName 
-      ) and
-      isSymmetricAlgorithm(algName) 
-  }
+class SymmetricAlgorithmCreateFromNameCall extends SymmetricAlgorithm,
+  CryptoAlgorithmCreateFromNameCall
+{
+  string algName;
 
-  override string getName() {
-    result = algName
+  SymmetricAlgorithmCreateFromNameCall() {
+    (
+      this.getObjectName() = algName or
+      this.getObjectName() = "system.security.cryptography." + algName or
+      this.getObjectName() = "system.security.cryptography.symmetricalgorithm." + algName
+    ) and
+    isSymmetricAlgorithm(algName)
   }
+
+  override string getName() { result = algName }
 }
 
 class CipherBlockStringConstExpr extends BlockMode {
-    string modeName; 
+  string modeName;
+
   CipherBlockStringConstExpr() {
-    exists(StringConstExpr s | 
-        s = this.asExpr().getExpr() and
-        modeName = s.getValueString().toLowerCase() and
-        isCipherBlockModeAlgorithm(modeName)
+    exists(StringConstExpr s |
+      s = this.asExpr().getExpr() and
+      modeName = s.getValueString().toLowerCase() and
+      isCipherBlockModeAlgorithm(modeName)
     )
   }
-  override string getName() {
-    result = modeName
-  }
+
+  override string getName() { result = modeName }
 }
 
 class CipherBlockModeEnum extends BlockMode {
-    string modeName; 
+  string modeName;
+
   CipherBlockModeEnum() {
-    exists(API::Node node | 
-        node =
+    exists(API::Node node |
+      node =
         API::getTopLevelMember("system")
             .getMember("security")
             .getMember("cryptography")
             .getMember("ciphermode")
             .getMember(modeName) and
-        this = node.asSource() and
-        isCipherBlockModeAlgorithm(modeName)
+      this = node.asSource() and
+      isCipherBlockModeAlgorithm(modeName)
     )
   }
-  override string getName() {
-    result = modeName
-  }
-}
+
+  override string getName() { result = modeName }
+}