Crypto: Update WeakAsymmetricKeyGenSize to a path problem.

bdrodes · bdrodes · commit 7e8acd76c3bc · 2025-10-13T15:48:32.000-04:00
diff --git a/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql b/java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql
@@ -2,7 +2,7 @@
  * @name Weak Asymmetric Key Size
  * @id java/quantum/weak-asymmetric-key-gen-size
  * @description An asymmetric key of known size is less than 2048 bits for any non-elliptic curve key operation.
- * @kind problem
+ * @kind path-problem
  * @problem.severity error
  * @precision high
  * @tags quantum
@@ -12,12 +12,57 @@
 import java
 import experimental.quantum.Language
 
-from Crypto::KeyArtifactNode key, int keySize, Crypto::AlgorithmNode alg
+module KeySizeFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
+    source = any(Crypto::GenericSourceInstance i).getOutputNode() or
+    source = any(Crypto::ArtifactInstance artifact).getOutputNode()
+  }
+
+  predicate isSink(DataFlow::Node sink) {
+    exists(Crypto::KeyCreationOperationNode kgen |
+      sink = kgen.getKeySizeConsumer().getConsumer().getInputNode()
+    )
+  }
+
+  predicate isBarrierOut(DataFlow::Node node) {
+    node = any(Crypto::FlowAwareElement element).getInputNode()
+  }
+
+  predicate isBarrierIn(DataFlow::Node node) {
+    node = any(Crypto::FlowAwareElement element).getOutputNode()
+  }
+
+  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
+    node1.(AdditionalFlowInputStep).getOutput() = node2
+    or
+    exists(MethodCall m |
+      m.getMethod().hasQualifiedName("java.lang", "String", "getBytes") and
+      node1.asExpr() = m.getQualifier() and
+      node2.asExpr() = m
+    )
+  }
+}
+
+module KeySizeFlow = TaintTracking::Global<KeySizeFlowConfig>;
+
+import KeySizeFlow::PathGraph
+
+from
+  Crypto::KeyCreationOperationNode keygen, int keySize, Crypto::AlgorithmNode alg,
+  KeySizeFlow::PathNode srcNode, KeySizeFlow::PathNode sinkNode
 where
-  key.getCreatingOperation().getAKeySizeSource().asElement().(Literal).getValue().toInt() = keySize and
-  alg = key.getAKnownAlgorithm() and // NOTE: if algorithm is not known (doesn't bind) we need a separate query
+  // ASSUMPTION/NOTE: if the key size is set on a key creation, but the key creation itself is not observed
+  // (i.e., the size is initialized but the operation not observed) currently we will not
+  // detect the size. A key creation operation currently must be observed.
+  keygen.getAKeySizeSource().asElement().(Literal).getValue().toInt() = keySize and
+  // NOTE: if algorithm is not known (doesn't bind) we need a separate query
+  // Also note the algorithm may also be re-specified at a use of the key
+  alg = keygen.getAKnownAlgorithm() and
   not alg instanceof Crypto::EllipticCurveNode and // Elliptic curve sizes are handled separately and are more tied directly to the algorithm
   alg instanceof Crypto::AsymmetricAlgorithmNode and
-  keySize < 2048
-select key, "Use of weak asymmetric key size (" + keySize.toString() + " bits) for algorithm $@",
-  alg, alg.getAlgorithmName()
+  keySize < 2048 and
+  srcNode.getNode().asExpr() = keygen.getAKeySizeSource().asElement() and
+  sinkNode.getNode() = keygen.getKeySizeConsumer().getConsumer().getInputNode()
+select sinkNode, srcNode, sinkNode,
+  "Use of weak asymmetric key size (" + keySize.toString() + " bits) for algorithm $@", alg,
+  alg.getAlgorithmName()
diff --git a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.expected b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/WeakOrUnknownAsymmetricKeyGenSize.expected
@@ -1,3 +1,13 @@
-| InsufficientAsymmetricKeySize.java:6:9:6:37 | Key | Use of weak asymmetric key size (1024 bits) for algorithm $@ | InsufficientAsymmetricKeySize.java:4:69:4:73 | KeyOperationAlgorithm | RSA |
-| InsufficientAsymmetricKeySize.java:10:9:10:37 | Key | Use of weak asymmetric key size (1024 bits) for algorithm $@ | InsufficientAsymmetricKeySize.java:8:69:8:73 | KeyOperationAlgorithm | DSA |
-| InsufficientAsymmetricKeySize.java:14:9:14:37 | Key | Use of weak asymmetric key size (1024 bits) for algorithm $@ | InsufficientAsymmetricKeySize.java:12:69:12:72 | KeyAgreementAlgorithm | DH |
+edges
+nodes
+| InsufficientAsymmetricKeySize.java:5:32:5:35 | 1024 | semmle.label | 1024 |
+| InsufficientAsymmetricKeySize.java:9:32:9:35 | 1024 | semmle.label | 1024 |
+| InsufficientAsymmetricKeySize.java:13:32:13:35 | 1024 | semmle.label | 1024 |
+| InsufficientAsymmetricKeySize.java:17:32:17:35 | 2048 | semmle.label | 2048 |
+| InsufficientAsymmetricKeySize.java:21:32:21:35 | 2048 | semmle.label | 2048 |
+| InsufficientAsymmetricKeySize.java:25:32:25:35 | 2048 | semmle.label | 2048 |
+subpaths
+#select
+| InsufficientAsymmetricKeySize.java:5:32:5:35 | 1024 | InsufficientAsymmetricKeySize.java:5:32:5:35 | 1024 | InsufficientAsymmetricKeySize.java:5:32:5:35 | 1024 | Use of weak asymmetric key size (1024 bits) for algorithm $@ | InsufficientAsymmetricKeySize.java:4:69:4:73 | KeyOperationAlgorithm | RSA |
+| InsufficientAsymmetricKeySize.java:9:32:9:35 | 1024 | InsufficientAsymmetricKeySize.java:9:32:9:35 | 1024 | InsufficientAsymmetricKeySize.java:9:32:9:35 | 1024 | Use of weak asymmetric key size (1024 bits) for algorithm $@ | InsufficientAsymmetricKeySize.java:8:69:8:73 | KeyOperationAlgorithm | DSA |
+| InsufficientAsymmetricKeySize.java:13:32:13:35 | 1024 | InsufficientAsymmetricKeySize.java:13:32:13:35 | 1024 | InsufficientAsymmetricKeySize.java:13:32:13:35 | 1024 | Use of weak asymmetric key size (1024 bits) for algorithm $@ | InsufficientAsymmetricKeySize.java:12:69:12:72 | KeyAgreementAlgorithm | DH |
