Skip to content

Commit e480c11

Browse files
author
Ted Reed
committed
Add OpenSSL common utilities to OpenSSLVerify.qll
1 parent d9ceead commit e480c11

File tree

3 files changed

+28
-35
lines changed

3 files changed

+28
-35
lines changed

CodeQL_Queries/cpp/OpenSSL-hostname-validation/OpenSSLMissingVerifyCallback.ql

Lines changed: 1 addition & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -20,32 +20,12 @@
2020

2121
import cpp
2222
import semmle.code.cpp.dataflow.TaintTracking
23-
24-
class SslSetVerifyFunctionCall extends FunctionCall {
25-
SslSetVerifyFunctionCall() { this.getTarget().hasName("SSL_set_verify") }
26-
}
27-
28-
class SslCtxSetVerifyFunctionCall extends FunctionCall {
29-
SslCtxSetVerifyFunctionCall() { this.getTarget().hasName("SSL_CTX_set_verify") }
30-
}
31-
32-
class SslLikeSetVerifyFunctionCall extends FunctionCall {
33-
SslLikeSetVerifyFunctionCall() {
34-
this instanceof SslCtxSetVerifyFunctionCall or
35-
this instanceof SslSetVerifyFunctionCall
36-
}
37-
}
23+
import OpenSSLVerify
3824

3925
class SslSet1HostFunctionCall extends FunctionCall {
4026
SslSet1HostFunctionCall() { this.getTarget().hasName("SSL_set1_host") }
4127
}
4228

43-
class SslCtxSetCertVerifyCallbackFunctionCall extends FunctionCall {
44-
SslCtxSetCertVerifyCallbackFunctionCall() {
45-
this.getTarget().hasName("SSL_CTX_set_cert_verify_callback")
46-
}
47-
}
48-
4929
class SslLikeCheckHostnameFunctionCall extends FunctionCall {
5030
SslLikeCheckHostnameFunctionCall() {
5131
this instanceof SslSet1HostFunctionCall or

CodeQL_Queries/cpp/OpenSSL-hostname-validation/OpenSSLPreverifyIgnored.ql

Lines changed: 1 addition & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -13,20 +13,7 @@
1313
*/
1414

1515
import cpp
16-
17-
class SslSetVerifyFunctionCall extends FunctionCall {
18-
SslSetVerifyFunctionCall() { this.getTarget().hasName("SSL_set_verify") }
19-
}
20-
21-
class SslCtxSetVerifyFunctionCall extends FunctionCall {
22-
SslCtxSetVerifyFunctionCall() { this.getTarget().hasName("SSL_CTX_set_verify") }
23-
}
24-
25-
class SslCtxSetCertVerifyCallbackFunctionCall extends FunctionCall {
26-
SslCtxSetCertVerifyCallbackFunctionCall() {
27-
this.getTarget().hasName("SSL_CTX_set_cert_verify_callback")
28-
}
29-
}
16+
import OpenSSLVerify
3017

3118
class SetVerifyCallbackFunctionCall extends FunctionCall {
3219
SetVerifyCallbackFunctionCall() { this.getTarget().hasName("set_verify_callback") }

CodeQL_Queries/cpp/OpenSSL-hostname-validation/OpenSSLVerify.qll

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
import cpp
2+
3+
/**
4+
* Common utilities for OpenSSL certificate verification.
5+
*/
6+
7+
class SslSetVerifyFunctionCall extends FunctionCall {
8+
SslSetVerifyFunctionCall() { this.getTarget().hasName("SSL_set_verify") }
9+
}
10+
11+
class SslCtxSetVerifyFunctionCall extends FunctionCall {
12+
SslCtxSetVerifyFunctionCall() { this.getTarget().hasName("SSL_CTX_set_verify") }
13+
}
14+
15+
class SslLikeSetVerifyFunctionCall extends FunctionCall {
16+
SslLikeSetVerifyFunctionCall() {
17+
this instanceof SslCtxSetVerifyFunctionCall or
18+
this instanceof SslSetVerifyFunctionCall
19+
}
20+
}
21+
22+
class SslCtxSetCertVerifyCallbackFunctionCall extends FunctionCall {
23+
SslCtxSetCertVerifyCallbackFunctionCall() {
24+
this.getTarget().hasName("SSL_CTX_set_cert_verify_callback")
25+
}
26+
}

0 commit comments

Comments
 (0)