rsa_private_decrypt

API 概述

rsa_private_decrypt 是 openssl 中的一个API。该规属于param-value 类型。该规则是使用 Advance 生成的。

规则描述

提示

信息

标签：param-value

参数下标：N/A

CWE类别：N/A

规则代码

import cpp
import semmle.code.cpp.dataflow.TaintTracking
import semmle.code.cpp.dataflow.DataFlow
import semmle.code.cpp.security.Security
import DataFlow::PathGraph
class TestConfiguration extends TaintTracking::Configuration {
  TestConfiguration() { this = "TestConfiguration" }

  override predicate isSource(DataFlow::Node source) {
    exists(FunctionCall fc |source.asExpr() = fc and fc.getTarget().getName().matches("%alloc%"))
    or source.asExpr().getType() instanceof ArrayType
  }

  override predicate isSink(DataFlow::Node sink) {
    exists(FunctionCall fc |
      fc.getTarget().hasName("RSA_private_decrypt")
      and fc.getArgument(2) = sink.asExpr()
    )
  }
}
from TestConfiguration cfg, FunctionCall fc
where fc.getTarget().hasName("RSA_private_decrypt")
  and not exists(DataFlow::PathNode source, DataFlow::PathNode sink, FunctionCall fc2|
      cfg.hasFlowPath(source, sink)
      //RSA_size(host_pkey->pkey.rsa)
      and fc2.getTarget().hasName("RSA_size")
      and fc2.getArgument(0) = fc.getArgument(3)
      //RSA_private_decrypt(, RSA_size(), )
      and source.getNode().asExpr() = fc2
  )
select fc.getLocation()