Merge branch 'tob/quantum-csharp' of github.com:trailofbits/codeql into tob/quantum-csharp

Author: fcasal

csharp/ql/lib/experimental/quantum/Language.qll

@@ -1,4 +1,5 @@
 private import csharp as Language
+private import semmle.code.csharp.dataflow.DataFlow
 private import codeql.quantum.experimental.Model
 
 private class UnknownLocation extends Language::Location {
@@ -41,28 +42,142 @@ module CryptoInput implements InputSig<Language::Location> {
 // Instantiate the `CryptographyBase` module
 module Crypto = CryptographyBase<Language::Location, CryptoInput>;
 
-module ArtifactFlowConfig implements Language::DataFlow::ConfigSig {
-  predicate isSource(Language::DataFlow::Node source) {
+/**
+ * An additional flow step in generic data-flow configurations.
+ * Where a step is an edge between nodes `n1` and `n2`,
+ * `this` = `n1` and `getOutput()` = `n2`.
+ *
+ * FOR INTERNAL MODELING USE ONLY.
+ */
+abstract class AdditionalFlowInputStep extends DataFlow::Node {
+  abstract DataFlow::Node getOutput();
+
+  final DataFlow::Node getInput() { result = this }
+}
+
+/**
+ * Generic data source to node input configuration
+ */
+module GenericDataSourceFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
+    source = any(Crypto::GenericSourceInstance i).getOutputNode()
+  }
+
+  predicate isSink(DataFlow::Node sink) {
+    sink = any(Crypto::FlowAwareElement other).getInputNode()
+  }
+
+  predicate isBarrierOut(DataFlow::Node node) {
+    node = any(Crypto::FlowAwareElement element).getInputNode()
+  }
+
+  predicate isBarrierIn(DataFlow::Node node) {
+    node = any(Crypto::FlowAwareElement element).getOutputNode()
+  }
+
+  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
+    node1.(AdditionalFlowInputStep).getOutput() = node2
+  }
+}
+
+module ArtifactFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
     source = any(Crypto::ArtifactInstance artifact).getOutputNode()
   }
 
-  predicate isSink(Language::DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     sink = any(Crypto::FlowAwareElement other).getInputNode()
   }
 
-  predicate isBarrierOut(Language::DataFlow::Node node) {
+  predicate isBarrierOut(DataFlow::Node node) {
     node = any(Crypto::FlowAwareElement element).getInputNode()
   }
 
-  predicate isBarrierIn(Language::DataFlow::Node node) {
+  predicate isBarrierIn(DataFlow::Node node) {
     node = any(Crypto::FlowAwareElement element).getOutputNode()
   }
 
-  predicate isAdditionalFlowStep(Language::DataFlow::Node node1, Language::DataFlow::Node node2) {
-    none()
+  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
+    node1.(AdditionalFlowInputStep).getOutput() = node2
+  }
+}
+
+module GenericDataSourceFlow = TaintTracking::Global<GenericDataSourceFlowConfig>;
+
+module ArtifactFlow = DataFlow::Global<ArtifactFlowConfig>;
+
+/**
+ * A method access that returns random data or writes random data to an argument.
+ */
+abstract class RandomnessSource extends MethodCall {
+  /**
+   * Gets the expression representing the output of this source.
+   */
+  abstract Expr getOutput();
+
+  /**
+   * Gets the type of the source of randomness used by this call.
+   */
+  Type getGenerator() { result = this.getQualifier().getType() }
+}
+
+/**
+ * A call to `System.Security.Cryptography.RandomNumberGenerator.GetBytes`.
+ */
+class SecureRandomnessSource extends RandomnessSource {
+  SecureRandomnessSource() {
+    this.getTarget()
+        .hasFullyQualifiedName("System.Security.Cryptography", "RandomNumberGenerator", "GetBytes")
+  }
+
+  override Expr getOutput() { result = this.getArgument(0) }
+}
+
+/**
+ * A call to `System.Random.NextBytes`.
+ */
+class InsecureRandomnessSource extends RandomnessSource {
+  InsecureRandomnessSource() {
+    this.getTarget().hasFullyQualifiedName("System", "Random", "NextBytes")
+  }
+
+  override Expr getOutput() { result = this.getArgument(0) }
+}
+
+/**
+ * An instance of random number generation, modelled as the expression
+ * tied to an output node (i.e., the RNG output)
+ */
+abstract class RandomnessInstance extends Crypto::RandomNumberGenerationInstance {
+  override DataFlow::Node getOutputNode() { result.asExpr() = this }
+}
+
+/**
+ * An output instance from the system cryptographically secure RNG.
+ */
+class SecureRandomnessInstance extends RandomnessInstance {
+  RandomnessSource source;
+
+  SecureRandomnessInstance() {
+    source instanceof SecureRandomnessSource and
+    this = source.getOutput()
   }
+
+  override string getGeneratorName() { result = source.getGenerator().getName() }
 }
 
-module ArtifactFlow = Language::DataFlow::Global<ArtifactFlowConfig>;
+/**
+ * An output instance from an insecure RNG.
+ */
+class InsecureRandomnessInstance extends RandomnessInstance {
+  RandomnessSource source;
+
+  InsecureRandomnessInstance() {
+    not source instanceof SecureRandomnessSource and
+    this = source.getOutput()
+  }
+
+  override string getGeneratorName() { result = source.getGenerator().getName() }
+}
 
 import dotnet

csharp/ql/lib/experimental/quantum/dotnet/FlowAnalysis.qll

@@ -1,5 +1,6 @@
 private import csharp
 private import semmle.code.csharp.dataflow.DataFlow
+private import experimental.quantum.Language
 private import OperationInstances
 private import AlgorithmValueConsumers
 private import Cryptography
@@ -51,15 +52,6 @@ module CreationToUseFlow<CreationCallSig Creation, UseCallSig Use> {
     sink.getNode().asExpr() = use.(QualifiableExpr).getQualifier() and
     CreationToUseFlow::flowPath(source, sink)
   }
-
-  // TODO: Remove this.
-  Expr flowsTo(Expr expr) {
-    exists(CreationToUseFlow::PathNode source, CreationToUseFlow::PathNode sink |
-      source.getNode().asExpr() = expr and
-      sink.getNode().asExpr() = result and
-      CreationToUseFlow::flowPath(source, sink)
-    )
-  }
 }
 
 /**
@@ -271,3 +263,20 @@ module StreamFlow {
     StreamFlow::flowPath(source, sink)
   }
 }
+
+/**
+ * An additional flow step across property assignments used to track flow from
+ * output artifacts to consumers.
+ *
+ * TODO: Figure out why this is needed.
+ */
+class PropertyWriteFlowStep extends AdditionalFlowInputStep {
+  Assignment assignment;
+
+  PropertyWriteFlowStep() {
+    this.asExpr() = assignment.getRValue() and
+    assignment.getLValue() instanceof PropertyWrite
+  }
+
+  override DataFlow::Node getOutput() { result.asExpr() = assignment.getLValue() }
+}

csharp/ql/test/experimental/library-tests/quantum/dotnet/ciphers/AesCfbExample.cs

@@ -0,0 +1,102 @@
+using System;
+using System.IO;
+using System.Security.Cryptography;
+using System.Text;
+
+namespace QuantumExamples.Cryptography
+{
+    public class AesCfbExample
+    {
+        public static void RunExample()
+        {
+            const string originalMessage = "This is a secret message!";
+
+            byte[] key = GenerateRandomKey();
+            byte[] iv = GenerateRandomIV();
+
+            byte[] encryptedData = EncryptStringWithCfb(originalMessage, key, iv);
+            string decryptedMessage = DecryptStringWithCfb(encryptedData, key, iv);
+
+            bool isSuccessful = originalMessage == decryptedMessage;
+            Console.WriteLine("Decryption successful: {0}", isSuccessful);
+        }
+
+        private static byte[] EncryptStringWithCfb(string plainText, byte[] key, byte[] iv)
+        {
+            byte[] encrypted;
+
+            using (Aes aes = Aes.Create())
+            {
+                // Set the key and IV on the AES instance.
+                aes.Key = key;
+                aes.IV = iv;
+                aes.Mode = CipherMode.CFB;
+                aes.Padding = PaddingMode.None;
+
+                ICryptoTransform encryptor = aes.CreateEncryptor();
+                byte[] plainBytes = Encoding.UTF8.GetBytes(plainText);
+
+                // Create an empty memory stream and write the plaintext to the crypto stream.
+                using (MemoryStream msEncrypt = new MemoryStream())
+                {
+                    using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
+                    {
+                        csEncrypt.Write(plainBytes, 0, plainBytes.Length);
+                        csEncrypt.FlushFinalBlock();
+                    }
+                    encrypted = msEncrypt.ToArray();
+                }
+            }
+            return encrypted;
+        }
+
+        private static string DecryptStringWithCfb(byte[] cipherText, byte[] key, byte[] iv)
+        {
+            string decrypted;
+
+            using (Aes aes = Aes.Create())
+            {
+                aes.Mode = CipherMode.CFB;
+                aes.Padding = PaddingMode.None;
+
+                // Pass the key and IV to the decryptor directly.
+                ICryptoTransform decryptor = aes.CreateDecryptor(key, iv);
+
+                // Pass the ciphertext to the memory stream directly.
+                using (MemoryStream msDecrypt = new MemoryStream(cipherText))
+                {
+                    using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
+                    {
+                        using (MemoryStream msPlain = new MemoryStream())
+                        {
+                            csDecrypt.CopyTo(msPlain);
+                            byte[] plainBytes = msPlain.ToArray();
+                            decrypted = Encoding.UTF8.GetString(plainBytes);
+                        }
+                    }
+                }
+            }
+            return decrypted;
+        }
+
+        private static byte[] GenerateRandomKey()
+        {
+            byte[] key = new byte[32]; // 256-bit key
+            using (var rng = RandomNumberGenerator.Create())
+            {
+                rng.GetBytes(key);
+            }
+            return key;
+        }
+
+        private static byte[] GenerateRandomIV()
+        {
+            byte[] iv = new byte[16]; // 128-bit IV
+            using (var rng = RandomNumberGenerator.Create())
+            {
+                rng.GetBytes(iv);
+            }
+            return iv;
+        }
+    }
+}

csharp/ql/test/experimental/library-tests/quantum/dotnet/ciphers/cipher_key_sources.expected

@@ -0,0 +1,2 @@
+| AesCfbExample.cs:42:53:42:114 | EncryptOperation | AesCfbExample.cs:31:17:31:23 | Key | AesCfbExample.cs:87:30:87:32 | RandomNumberGeneration |
+| AesCfbExample.cs:68:53:68:113 | DecryptOperation | AesCfbExample.cs:63:66:63:68 | Key | AesCfbExample.cs:87:30:87:32 | RandomNumberGeneration |

csharp/ql/test/experimental/library-tests/quantum/dotnet/ciphers/cipher_key_sources.ql

@@ -0,0 +1,6 @@
+import csharp
+import experimental.quantum.Language
+
+from Crypto::CipherOperationNode op, Crypto::KeyArtifactNode k
+where op.getAKey() = k
+select op, k, k.getSourceNode()

csharp/ql/test/experimental/library-tests/quantum/dotnet/ciphers/cipher_nonce_sources.expected

@@ -0,0 +1,2 @@
+| AesCfbExample.cs:42:53:42:114 | EncryptOperation | AesCfbExample.cs:32:17:32:22 | Nonce | AesCfbExample.cs:97:30:97:31 | RandomNumberGeneration |
+| AesCfbExample.cs:68:53:68:113 | DecryptOperation | AesCfbExample.cs:63:71:63:72 | Nonce | AesCfbExample.cs:97:30:97:31 | RandomNumberGeneration |

csharp/ql/test/experimental/library-tests/quantum/dotnet/ciphers/cipher_nonce_sources.ql

@@ -0,0 +1,6 @@
+import csharp
+import experimental.quantum.Language
+
+from Crypto::CipherOperationNode op, Crypto::NonceArtifactNode n
+where op.getANonce() = n
+select op, n, n.getSourceNode()

csharp/ql/test/experimental/library-tests/quantum/dotnet/ciphers/cipher_operations.expected

@@ -0,0 +1,2 @@
+| AesCfbExample.cs:42:53:42:114 | EncryptOperation | AesCfbExample.cs:44:41:44:50 | Message | AesCfbExample.cs:47:33:47:51 | KeyOperationOutput | AesCfbExample.cs:31:17:31:23 | Key | AesCfbExample.cs:32:17:32:22 | Nonce | AesCfbExample.cs:28:30:28:41 | KeyOperationAlgorithm | Encrypt |
+| AesCfbExample.cs:68:53:68:113 | DecryptOperation | AesCfbExample.cs:66:66:66:75 | Message | AesCfbExample.cs:73:49:73:65 | KeyOperationOutput | AesCfbExample.cs:63:66:63:68 | Key | AesCfbExample.cs:63:71:63:72 | Nonce | AesCfbExample.cs:57:30:57:41 | KeyOperationAlgorithm | Decrypt |

csharp/ql/test/experimental/library-tests/quantum/dotnet/ciphers/cipher_operations.ql

@@ -0,0 +1,6 @@
+import csharp
+import experimental.quantum.Language
+
+from Crypto::CipherOperationNode n
+select n, n.getAnInputArtifact(), n.getAnOutputArtifact(), n.getAKey(), n.getANonce(),
+  n.getAnAlgorithmOrGenericSource(), n.getKeyOperationSubtype()

csharp/ql/test/experimental/library-tests/quantum/dotnet/ciphers/options

@@ -0,0 +1,2 @@
+semmle-extractor-options: /nostdlib /noconfig
+semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj