Swift: Risky or Broken Cryptographic Algorithm Query

config/identical-files.json

@@ -501,12 +501,14 @@
   "CryptoAlgorithms Python/JS/Ruby": [
     "javascript/ql/lib/semmle/javascript/security/CryptoAlgorithms.qll",
     "python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll",
-    "ruby/ql/lib/codeql/ruby/security/CryptoAlgorithms.qll"
+    "ruby/ql/lib/codeql/ruby/security/CryptoAlgorithms.qll",
+    "swift/ql/lib/codeql/swift/security/CryptoAlgorithms.qll"
   ],
   "CryptoAlgorithmNames Python/JS/Ruby": [
     "javascript/ql/lib/semmle/javascript/security/internal/CryptoAlgorithmNames.qll",
     "python/ql/lib/semmle/python/concepts/internal/CryptoAlgorithmNames.qll",
-    "ruby/ql/lib/codeql/ruby/security/internal/CryptoAlgorithmNames.qll"
+    "ruby/ql/lib/codeql/ruby/security/internal/CryptoAlgorithmNames.qll",
+    "swift/ql/lib/codeql/swift/security/internal/CryptoAlgorithmNames.qll"
   ],
   "SensitiveDataHeuristics Python/JS": [
     "javascript/ql/lib/semmle/javascript/security/internal/SensitiveDataHeuristics.qll",
@@ -543,7 +545,8 @@
   "Concepts Python/Ruby/JS": [
     "python/ql/lib/semmle/python/internal/ConceptsShared.qll",
     "ruby/ql/lib/codeql/ruby/internal/ConceptsShared.qll",
-    "javascript/ql/lib/semmle/javascript/internal/ConceptsShared.qll"
+    "javascript/ql/lib/semmle/javascript/internal/ConceptsShared.qll",
+    "swift/ql/lib/codeql/swift/internal/ConceptsShared.qll"
   ],
   "ApiGraphModels": [
     "javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll",

swift/ql/lib/codeql/swift/Concepts.qll

@@ -0,0 +1,7 @@
+/**
+ * Re-exports abstract classes representing generic concepts such as file system
+ * access or system command execution, for which individual framework libraries
+ * provide concrete subclasses.
+ */
+
+import codeql.swift.security.Cryptography as Cryptography

swift/ql/lib/codeql/swift/frameworks/Cryptography/CommonCrypto.qll

@@ -0,0 +1,126 @@
+/** Provides models and concepts from the CommonCrypto C library */
+
+private import swift
+private import codeql.swift.dataflow.DataFlow
+private import codeql.swift.dataflow.ExternalFlow
+private import codeql.swift.security.Cryptography
+
+/**
+ * A model for CommonCrypto functions that permit taint flow.
+ */
+private class CommonCryptoSummaries extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        // "namespace; type; subtypes; name; signature; ext; input; output; kind"
+        ";;false;CCCryptorCreate(_:_:_:_:_:_:_:);;;Argument[1];Argument[6];value",
+        ";;false;CCCryptorCreateFromData(_:_:_:_:_:_:_:_:_:_:);;;Argument[1];Argument[8];value",
+        ";;false;CCCryptorCreateWithMode(_:_:_:_:_:_:_:_:_:_:_:_:);;;Argument[1..2];Argument[10];value",
+      ]
+  }
+}
+
+/** A data flow node for the output of a CommonCrypto encryption/decryption operation */
+abstract private class CommonCryptoOutputNode extends CryptographicOperation::Range {
+  override CryptographicAlgorithm getAlgorithm() { none() }
+
+  override DataFlow::Node getAnInput() { none() }
+
+  override BlockMode getBlockMode() { none() }
+}
+
+/**
+ * A declaration of a constant representing a value of the
+ * `CCAlgorithm` C enum, such as `kCCAlgorithmAES128`.
+ */
+private class AlgorithmConstantDecl extends VarDecl {
+  AlgorithmConstantDecl() { this.getName().matches("kCCAlgorithm%") }
+
+  string getAlgorithmName() { this.getName() = "kCCAlgorithm" + result }
+
+  CryptographicAlgorithm asAlgorithm() { result.matchesName(this.getAlgorithmName()) }
+}
+
+/**
+ * Data flow configuration from a `CCAlgorithm` constant (or `CCAlgorithm`-bearing `CCCryptorRef`)
+ * to a call where it appears as an argument, e.g. `CCCryptorCreate(…)`, `CCCryptorUpdate(…)`, etc.
+ */
+private module AlgorithmUseConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node n) {
+    n.asExpr().(DeclRefExpr).getDecl() instanceof AlgorithmConstantDecl
+  }
+
+  predicate isSink(DataFlow::Node n) {
+    exists(Argument arg | n.asExpr() = arg.getExpr() |
+      arg.getApplyExpr().getStaticTarget().getName().matches("CC%")
+    )
+  }
+
+  predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
+    // Flow through cast expressions like `CCAlgorithm(kCCAlgorithmAES128)`.
+    // TODO: turn this into a generally available flow step.
+    exists(NumericalCastExpr call |
+      n1.asExpr() = call.getArgument(0).getExpr() and
+      n2.asExpr() = call
+    )
+  }
+}
+
+private module AlgorithmUse = DataFlow::Global<AlgorithmUseConfig>;
+
+/**
+ * A call expression that uses a `CCAlgorithm` constant through an argument, e.g. `CCryptorCreate(…)`.
+ */
+private class AlgorithmUser extends CallExpr {
+  AlgorithmConstantDecl alg;
+
+  AlgorithmUser() {
+    exists(DataFlow::Node src, DataFlow::Node snk | AlgorithmUse::flow(src, snk) |
+      src.asExpr().(DeclRefExpr).getDecl() = alg and
+      snk.asExpr() = this.getAnArgument().getExpr()
+    )
+  }
+
+  CryptographicAlgorithm getAlgorithm() { result = alg.asAlgorithm() }
+}
+
+/**
+ * A call to an auto-generated numerical cast initializer, e.g. `CCAlgorithm(kCCAlgorithmAES128)`.
+ */
+private class NumericalCastExpr extends CallExpr {
+  NumericalCastExpr() { this.getStaticTarget() instanceof NumericalCastInitializer }
+}
+
+/**
+ * The declaration of an auto-generated numerical cast initializer.
+ */
+private class NumericalCastInitializer extends Initializer {
+  NumericalCastInitializer() {
+    this.getInterfaceType().getCanonicalType() instanceof NumericalCastType
+  }
+}
+
+/**
+ * The type of an auto-generated numerical cast initializer, which is a generic
+ * function type of the form `<Self, T where ...> (Self.Type) -> (T) -> Self`.
+ */
+private class NumericalCastType extends Type {
+  NumericalCastType() {
+    exists(
+      GenericFunctionType fntySelf, FunctionType fntyT, GenericTypeParamType genericSelf,
+      GenericTypeParamType genericT, MetatypeType metaSelf
+    |
+      this = fntySelf and
+      fntySelf = fntySelf.getCanonicalType() and
+      fntySelf.getNumberOfGenericParams() = 2 and
+      fntySelf.getGenericParam(0) = genericSelf and
+      fntySelf.getGenericParam(1) = genericT and
+      fntySelf.getNumberOfParamTypes() = 1 and
+      fntySelf.getParamType(0) = metaSelf and
+      fntySelf.getResult() = fntyT and
+      fntyT.getNumberOfParamTypes() = 1 and
+      fntyT.getParamType(0) = genericT and
+      fntyT.getResult() = genericSelf
+    )
+  }
+}

swift/ql/lib/codeql/swift/frameworks/Cryptography/CryptoKit.qll

@@ -0,0 +1,15 @@
+/** Provides models and concepts from the CryptoKit library */
+
+private import swift
+private import codeql.swift.dataflow.DataFlow
+private import codeql.swift.security.Cryptography
+
+private class CryptoKitCallNode extends CryptographicOperation::Range {
+  CryptoKitCallNode() { none() }
+
+  override CryptographicAlgorithm getAlgorithm() { none() }
+
+  override DataFlow::Node getAnInput() { none() }
+
+  override BlockMode getBlockMode() { none() }
+}

swift/ql/lib/codeql/swift/frameworks/Cryptography/CryptoSwift.qll

@@ -0,0 +1,15 @@
+/** Provides models and concepts from the CryptoSwift library */
+
+private import swift
+private import codeql.swift.dataflow.DataFlow
+private import codeql.swift.security.Cryptography
+
+private class CryptoSwiftCallNode extends CryptographicOperation::Range {
+  CryptoSwiftCallNode() { none() }
+
+  override CryptographicAlgorithm getAlgorithm() { none() }
+
+  override DataFlow::Node getAnInput() { none() }
+
+  override BlockMode getBlockMode() { none() }
+}

swift/ql/lib/codeql/swift/frameworks/Cryptography/Cryptography.qll

@@ -0,0 +1,7 @@
+/**
+ * This file imports all models of Cryptography-related frameworks and libraries.
+ */
+
+import CryptoKit
+import CryptoSwift
+import CommonCrypto

swift/ql/lib/codeql/swift/frameworks/Frameworks.qll

@@ -6,3 +6,4 @@ private import Alamofire.Alamofire
 private import StandardLibrary.StandardLibrary
 private import UIKit.UIKit
 private import Xml.Xml
+private import Cryptography.Cryptography

swift/ql/lib/codeql/swift/internal/ConceptsImports.qll

@@ -0,0 +1,7 @@
+/**
+ * This file contains imports required for the Swift version of `ConceptsShared.qll`.
+ * Since they are language-specific, they can't be placed directly in that file, as it is shared between languages.
+ */
+
+import codeql.swift.dataflow.DataFlow
+import codeql.swift.security.CryptoAlgorithms as CryptoAlgorithms

swift/ql/lib/codeql/swift/internal/ConceptsShared.qll

@@ -0,0 +1,175 @@
+/**
+ * Provides Concepts which are shared across languages.
+ *
+ * Each language has a language specific `Concepts.qll` file that can import the
+ * shared concepts from this file. A language can either re-export the concept directly,
+ * or can add additional member-predicates that are needed for that language.
+ *
+ * Moving forward, `Concepts.qll` will be the staging ground for brand new concepts from
+ * each language, but we will maintain a discipline of moving those concepts to
+ * `ConceptsShared.qll` ASAP.
+ */
+
+private import ConceptsImports
+
+/**
+ * Provides models for cryptographic concepts.
+ *
+ * Note: The `CryptographicAlgorithm` class currently doesn't take weak keys into
+ * consideration for the `isWeak` member predicate. So RSA is always considered
+ * secure, although using a low number of bits will actually make it insecure. We plan
+ * to improve our libraries in the future to more precisely capture this aspect.
+ */
+module Cryptography {
+  class CryptographicAlgorithm = CryptoAlgorithms::CryptographicAlgorithm;
+
+  class EncryptionAlgorithm = CryptoAlgorithms::EncryptionAlgorithm;
+
+  class HashingAlgorithm = CryptoAlgorithms::HashingAlgorithm;
+
+  class PasswordHashingAlgorithm = CryptoAlgorithms::PasswordHashingAlgorithm;
+
+  /**
+   * A data-flow node that is an application of a cryptographic algorithm. For example,
+   * encryption, decryption, signature-validation.
+   *
+   * Extend this class to refine existing API models. If you want to model new APIs,
+   * extend `CryptographicOperation::Range` instead.
+   */
+  class CryptographicOperation extends DataFlow::Node instanceof CryptographicOperation::Range {
+    /** Gets the algorithm used, if it matches a known `CryptographicAlgorithm`. */
+    CryptographicAlgorithm getAlgorithm() { result = super.getAlgorithm() }
+
+    /** Gets an input the algorithm is used on, for example the plain text input to be encrypted. */
+    DataFlow::Node getAnInput() { result = super.getAnInput() }
+
+    /**
+     * Gets the block mode used to perform this cryptographic operation.
+     *
+     * This predicate is only expected to have a result if two conditions hold:
+     *  1. The operation is an encryption operation, i.e. the algorithm used is an `EncryptionAlgorithm`, and
+     *  2. The algorithm used is a block cipher (not a stream cipher).
+     *
+     * If either of these conditions do not hold, then this predicate should have no result.
+     */
+    BlockMode getBlockMode() { result = super.getBlockMode() }
+  }
+
+  /** Provides classes for modeling new applications of a cryptographic algorithms. */
+  module CryptographicOperation {
+    /**
+     * A data-flow node that is an application of a cryptographic algorithm. For example,
+     * encryption, decryption, signature-validation.
+     *
+     * Extend this class to model new APIs. If you want to refine existing API models,
+     * extend `CryptographicOperation` instead.
+     */
+    abstract class Range extends DataFlow::Node {
+      /** Gets the algorithm used, if it matches a known `CryptographicAlgorithm`. */
+      abstract CryptographicAlgorithm getAlgorithm();
+
+      /** Gets an input the algorithm is used on, for example the plain text input to be encrypted. */
+      abstract DataFlow::Node getAnInput();
+
+      /**
+       * Gets the block mode used to perform this cryptographic operation.
+       *
+       * This predicate is only expected to have a result if two conditions hold:
+       *  1. The operation is an encryption operation, i.e. the algorithm used is an `EncryptionAlgorithm`, and
+       *  2. The algorithm used is a block cipher (not a stream cipher).
+       *
+       * If either of these conditions do not hold, then this predicate should have no result.
+       */
+      abstract BlockMode getBlockMode();
+    }
+  }
+
+  /**
+   * A cryptographic block cipher mode of operation. This can be used to encrypt
+   * data of arbitrary length using a block encryption algorithm.
+   */
+  class BlockMode extends string {
+    BlockMode() {
+      this =
+        [
+          "ECB", "CBC", "GCM", "CCM", "CFB", "OFB", "CTR", "OPENPGP",
+          "XTS", // https://csrc.nist.gov/publications/detail/sp/800-38e/final
+          "EAX" // https://en.wikipedia.org/wiki/EAX_mode
+        ]
+    }
+
+    /** Holds if this block mode is considered to be insecure. */
+    predicate isWeak() { this = "ECB" }
+
+    /** Holds if the given string appears to match this block mode. */
+    bindingset[s]
+    predicate matchesString(string s) { s.toUpperCase().matches("%" + this + "%") }
+  }
+}
+
+/** Provides classes for modeling HTTP-related APIs. */
+module Http {
+  /** Provides classes for modeling HTTP clients. */
+  module Client {
+    /**
+     * A data-flow node that makes an outgoing HTTP request.
+     *
+     * Extend this class to refine existing API models. If you want to model new APIs,
+     * extend `Http::Client::Request::Range` instead.
+     */
+    class Request extends DataFlow::Node instanceof Request::Range {
+      /**
+       * Gets a data-flow node that contributes to the URL of the request.
+       * Depending on the framework, a request may have multiple nodes which contribute to the URL.
+       */
+      DataFlow::Node getAUrlPart() { result = super.getAUrlPart() }
+
+      /** Gets a string that identifies the framework used for this request. */
+      string getFramework() { result = super.getFramework() }
+
+      /**
+       * Holds if this request is made using a mode that disables SSL/TLS
+       * certificate validation, where `disablingNode` represents the point at
+       * which the validation was disabled, and `argumentOrigin` represents the origin
+       * of the argument that disabled the validation (which could be the same node as
+       * `disablingNode`).
+       */
+      predicate disablesCertificateValidation(
+        DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
+      ) {
+        super.disablesCertificateValidation(disablingNode, argumentOrigin)
+      }
+    }
+
+    /** Provides a class for modeling new HTTP requests. */
+    module Request {
+      /**
+       * A data-flow node that makes an outgoing HTTP request.
+       *
+       * Extend this class to model new APIs. If you want to refine existing API models,
+       * extend `Http::Client::Request` instead.
+       */
+      abstract class Range extends DataFlow::Node {
+        /**
+         * Gets a data-flow node that contributes to the URL of the request.
+         * Depending on the framework, a request may have multiple nodes which contribute to the URL.
+         */
+        abstract DataFlow::Node getAUrlPart();
+
+        /** Gets a string that identifies the framework used for this request. */
+        abstract string getFramework();
+
+        /**
+         * Holds if this request is made using a mode that disables SSL/TLS
+         * certificate validation, where `disablingNode` represents the point at
+         * which the validation was disabled, and `argumentOrigin` represents the origin
+         * of the argument that disabled the validation (which could be the same node as
+         * `disablingNode`).
+         */
+        abstract predicate disablesCertificateValidation(
+          DataFlow::Node disablingNode, DataFlow::Node argumentOrigin
+        );
+      }
+    }
+  }
+}