Skip to content

Commit 6c38f55

Browse files
geoffw0geoffw0
committed
CPP: QLDoc protocols.qll.
1 parent e886cf7 commit 6c38f55

File tree

1 file changed

+32
-29
lines changed

1 file changed

+32
-29
lines changed

cpp/ql/src/semmle/code/cpp/security/boostorg/asio/protocols.qll

Lines changed: 32 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ import semmle.code.cpp.dataflow.DataFlow
33

44
module BoostorgAsio {
55
/**
6-
* Represents boost::asio::ssl::context enum
6+
* Represents the `boost::asio::ssl::context` enum.
77
*/
88
class SslContextMethod extends Enum {
99
SslContextMethod() {
@@ -12,7 +12,7 @@ module BoostorgAsio {
1212
}
1313

1414
/**
15-
* returns the value for a banned protocol
15+
* Gets an enumeration constant for a banned protocol.
1616
*/
1717
EnumConstant getABannedProtocolConstant() {
1818
result = this.getAnEnumConstant() and
@@ -56,15 +56,15 @@ module BoostorgAsio {
5656
}
5757

5858
/**
59-
* returns the value for an approved protocol, but that are hard-coded
60-
* (that is, no protocol negotiation)
59+
* Gets an enumeration constant for an approved protocol, that is hard-coded
60+
* (no protocol negotiation).
6161
*/
6262
EnumConstant getAnApprovedButHardcodedProtocolConstant() {
6363
result = this.getATls12ProtocolConstant()
6464
}
6565

6666
/**
67-
* returns the value for a TLS v1.2 protocol
67+
* Gets an enumeration constant for a TLS v1.2 protocol.
6868
*/
6969
EnumConstant getATls12ProtocolConstant() {
7070
result = this.getAnEnumConstant() and
@@ -81,7 +81,7 @@ module BoostorgAsio {
8181
}
8282

8383
/**
84-
* returns the value for a TLS v1.3 protocol
84+
* Gets an enumeration constant for a TLS v1.3 protocol.
8585
*/
8686
EnumConstant getATls13ProtocolConstant() {
8787
result = this.getAnEnumConstant() and
@@ -98,7 +98,7 @@ module BoostorgAsio {
9898
}
9999

100100
/**
101-
* returns the value of a generic TLS or SSL/TLS protocol
101+
* Gets an enumeration constant for a generic TLS or SSL/TLS protocol.
102102
*/
103103
EnumConstant getAGenericTlsProtocolConstant() {
104104
result = this.getAnEnumConstant() and
@@ -117,7 +117,7 @@ module BoostorgAsio {
117117
}
118118

119119
/**
120-
* returns the value of a generic SSL/TLS protocol
120+
* Gets an enumeration constant for a generic SSL/TLS protocol.
121121
*/
122122
EnumConstant getASslv23ProtocolConstant() {
123123
result = this.getAnEnumConstant() and
@@ -136,55 +136,57 @@ module BoostorgAsio {
136136
}
137137

138138
/**
139-
* NOTE: ignore - Modern versions of OpenSSL do not support SSL v2 anymore, so this option is for backwards compatibility only
139+
* Gets the value for the no_sslv2 constant, right shifted by 16 bits.
140+
*
141+
* Note that modern versions of OpelSSL do not support SSL v2, so this option is for backwards compatibility only.
140142
*/
141143
int getShiftedSslOptionsNoSsl2() {
142144
// SSL_OP_NO_SSLv2 was removed from modern OpenSSL versions
143145
result = 0
144146
}
145147

146148
/**
147-
* RightShift(16) value for no_sslv3 constant
149+
* Gets the value for the no_sslv3 constant, right shifted by 16 bits.
148150
*/
149151
int getShiftedSslOptionsNoSsl3() {
150152
// SSL_OP_NO_SSLv3 == 0x02000000U
151153
result = 512
152154
}
153155

154156
/**
155-
* RightShift(16) value for no_tlsv1 constant
157+
* Gets the value for the no_tlsv1 constant, right shifted by 16 bits.
156158
*/
157159
int getShiftedSslOptionsNoTls1() {
158160
// SSL_OP_NO_TLSv1 == 0x04000000U
159161
result = 1024
160162
}
161163

162164
/**
163-
* RightShift(16) value for no_tlsv1_1 constant
165+
* Gets the value for the no_tlsv1_1 constant, right shifted by 16 bits.
164166
*/
165167
int getShiftedSslOptionsNoTls1_1() {
166168
// SSL_OP_NO_TLSv1_1 == 0x10000000U
167169
result = 4096
168170
}
169171

170172
/**
171-
* RightShift(16) value for no_tlsv1_2 constant
173+
* Gets the value for the no_tlsv1_2 constant, right shifted by 16 bits.
172174
*/
173175
int getShiftedSslOptionsNoTls1_2() {
174176
// SSL_OP_NO_TLSv1_2 == 0x08000000U
175177
result = 2048
176178
}
177179

178180
/**
179-
* RightShift(16) value for no_tlsv1_3 constant
181+
* Gets the value for the no_tlsv1_3 constant, right shifted by 16 bits.
180182
*/
181183
int getShiftedSslOptionsNoTls1_3() {
182184
// SSL_OP_NO_TLSv1_2 == 0x20000000U
183185
result = 8192
184186
}
185187

186188
/**
187-
* Represents boost::asio::ssl::context class
189+
* Represents the `boost::asio::ssl::context` class.
188190
*/
189191
class SslContextClass extends Class {
190192
SslContextClass() { this.getQualifiedName() = "boost::asio::ssl::context" }
@@ -197,7 +199,7 @@ module BoostorgAsio {
197199
}
198200

199201
/**
200-
* Represents boost::asio::ssl::context::set_options member function
202+
* Represents `boost::asio::ssl::context::set_options` member function.
201203
*/
202204
class SslSetOptionsFunction extends Function {
203205
SslSetOptionsFunction() {
@@ -206,7 +208,7 @@ module BoostorgAsio {
206208
}
207209

208210
/**
209-
* holds if the expression represents a banned protocol
211+
* Holds if the expression represents a banned protocol.
210212
*/
211213
predicate isExprBannedBoostProtocol(Expr e) {
212214
exists(Literal va | va = e |
@@ -245,7 +247,7 @@ module BoostorgAsio {
245247
}
246248

247249
/**
248-
* holds if the expression represents a TLS v1.2 protocol
250+
* Holds if the expression represents a TLS v1.2 protocol.
249251
*/
250252
predicate isExprTls12BoostProtocol(Expr e) {
251253
exists(Literal va | va = e |
@@ -270,7 +272,7 @@ module BoostorgAsio {
270272
}
271273

272274
/**
273-
* holds if the expression represents a protocol that requires Crypto Board approval
275+
* Holds if the expression represents a protocol that requires Crypto Board approval.
274276
*/
275277
predicate isExprTls13BoostProtocol(Expr e) {
276278
exists(Literal va | va = e |
@@ -295,7 +297,7 @@ module BoostorgAsio {
295297
}
296298

297299
/**
298-
* holds if the expression represents a generic TLS or SSL/TLS protocol
300+
* Holds if the expression represents a generic TLS or SSL/TLS protocol.
299301
*/
300302
predicate isExprTlsBoostProtocol(Expr e) {
301303
exists(Literal va | va = e |
@@ -326,7 +328,7 @@ module BoostorgAsio {
326328
}
327329

328330
/**
329-
* holds if the expression represents a generic SSl/TLS protocol
331+
* Holds if the expression represents a generic SSl/TLS protocol.
330332
*/
331333
predicate isExprSslV23BoostProtocol(Expr e) {
332334
exists(Literal va | va = e |
@@ -352,7 +354,8 @@ module BoostorgAsio {
352354

353355
//////////////////////// Dataflow /////////////////////
354356
/**
355-
* Abstract - Protocol value Flows to the first argument of the context constructor
357+
* Abstract class for flows of protocol values to the first argument of a context
358+
* constructor.
356359
*/
357360
abstract class SslContextCallAbstractConfig extends DataFlow::Configuration {
358361
bindingset[this]
@@ -367,7 +370,7 @@ module BoostorgAsio {
367370
}
368371

369372
/**
370-
* any Protocol value Flows to the first argument of the context constructor
373+
* Any protocol value that flows to the first argument of a context constructor.
371374
*/
372375
class SslContextCallConfig extends SslContextCallAbstractConfig {
373376
SslContextCallConfig() { this = "SslContextCallConfig" }
@@ -381,7 +384,7 @@ module BoostorgAsio {
381384
}
382385

383386
/**
384-
* a banned protocol value Flows to the first argument of the context constructor
387+
* A banned protocol value that flows to the first argument of a context constructor.
385388
*/
386389
class SslContextCallBannedProtocolConfig extends SslContextCallAbstractConfig {
387390
SslContextCallBannedProtocolConfig() { this = "SslContextCallBannedProtocolConfig" }
@@ -396,7 +399,7 @@ module BoostorgAsio {
396399
}
397400

398401
/**
399-
* a TLS 1.2 protocol value Flows to the first argument of the context constructor
402+
* A TLS 1.2 protocol value that flows to the first argument of a context constructor.
400403
*/
401404
class SslContextCallTls12ProtocolConfig extends SslContextCallAbstractConfig {
402405
SslContextCallTls12ProtocolConfig() { this = "SslContextCallTls12ProtocolConfig" }
@@ -411,7 +414,7 @@ module BoostorgAsio {
411414
}
412415

413416
/**
414-
* a TLS 1.3 protocol value Flows to the first argument of the context constructor
417+
* A TLS 1.3 protocol value that flows to the first argument of a context constructor.
415418
*/
416419
class SslContextCallTls13ProtocolConfig extends SslContextCallAbstractConfig {
417420
SslContextCallTls13ProtocolConfig() { this = "SslContextCallTls12ProtocolConfig" }
@@ -426,7 +429,7 @@ module BoostorgAsio {
426429
}
427430

428431
/**
429-
* a generic TLS protocol value Flows to the first argument of the context constructor
432+
* A generic TLS protocol value that flows to the first argument of a context constructor.
430433
*/
431434
class SslContextCallTlsProtocolConfig extends SslContextCallAbstractConfig {
432435
SslContextCallTlsProtocolConfig() { this = "SslContextCallTlsProtocolConfig" }
@@ -441,7 +444,7 @@ module BoostorgAsio {
441444
}
442445

443446
/**
444-
* a context constructor call flows to a call calling SetOptions()
447+
* A context constructor call that flows to a call to `SetOptions()`.
445448
*/
446449
class SslContextFlowsToSetOptionConfig extends DataFlow::Configuration {
447450
SslContextFlowsToSetOptionConfig() { this = "SslContextFlowsToSetOptionConfig" }
@@ -465,7 +468,7 @@ module BoostorgAsio {
465468
}
466469

467470
/**
468-
* an option value flows to the 1st parameter of SetOptions()
471+
* An option value that flows to the first parameter of a call to `SetOptions()`.
469472
*/
470473
class SslOptionConfig extends DataFlow::Configuration {
471474
SslOptionConfig() { this = "SslOptionConfig" }

0 commit comments

Comments
 (0)