Brodes/openssl refactor

[bdrodes]

No description provided.

[nicolaswill]

In this case, why not simply define the class as follows?
class EVP_Q_Digest_Operation extends EVP_Hash_Operation, OpenSSLAlgorithmValueConsumer

I would try to reduce fragmentation across files for very closely intertwined concepts in general, but in this particular case, we can even define both concepts as one class.

[nicolaswill]

Since this is supposed to be a heuristic, can you include examples?

Suggested change:

// Flow may propagate through return values or other arguments of the same type.
// Assume both incoming and outgoing flow use `asIndirectExpr` or `asDefiningArgument`,
// since pointers are likely involved.
// NOTE: This does not attempt to detect OpenSSL-specific copy/dup functions;
// it targets any function suspected to perform copying or duplication.

Also, what about type conversions, such as byte arrays to strings? Perhaps that's a different bit of logic and one handled anyway via taint-tracking, but I want to make clear what this case (vs the generic catch-all taint tracking flow steps) are for.

[nicolaswill]

Only asExpr or asIndirectExpr are going to be correct in any one given instance. If it depends on the function, then we need to specialize that per-function to avoid issues, particularly in the indirect case.

[nicolaswill]

Normalization to key size / alg family type should occur as it does in our JCA modelling and not via intermediate string types: map it to the 'fixed' internal family type as defined as Model.qll, with key size or algorithm variants defined separately (in this code, AES-128 and SHA-256 are two examples that stick out).

[nicolaswill]

Why do we need to extend OpenSSLAlgorithmValueConsumer here?

[nicolaswill]

This should be handled not in the instance but rather implicitly in the node. Documentation should exist to clarify which algorithms need getDigestLength() specified or a global predicate in Model.qll should exist as a helper to define those implicit type/digestlen mappings. I suggest a predicate on the node that takes the type from this.

[nicolaswill]

This implementation points to inconsistent logic; either we put the responsibility of defining the key size on the modeller in all instances or we accept that we need to "fill in the blank with an implicit default" in other cases.

This needs to be defined, with one clear path and instructions added as QLDoc comments on the instance level for modellers. If that's a global predicate in Model.qll that provides defaults, so be it. Otherwise, we need to define which types need to have a size provided and which don't.

[nicolaswill]

Also, we should unify getDigestLength and getKeySizeFixed as well as the Length/Size/Fixed/ terminology.

[nicolaswill]

Same issues as for getKeySizeFixed above: "we should unify getDigestLength and getKeySizeFixed as well as the Length/Size/Fixed/ terminology" and concerns about inconsistent modelling paths.

[nicolaswill]

Does this need to be abstract? Where are we using that functionality?

[nicolaswill]

Why is this necessary as opposed to defining abstract classes for specific types of algorithm value consumers, as done in the JCA, where we define specific abstract library-specific AVC classes for specific algorithm types, e.g., HashAlgorithmValueConsumer?

[nicolaswill]

I think there should be a giant "to-do" here at the very least: we should restrict source and sinks to analysis-relevant sources and sinks, with intermediate function calls that have context parameters modeled as additional steps (with state if necessary). As-is, this configuration is overly broad and under-specified.

[nicolaswill]

Suggested change

	abstract Expr getOperataionSubtypeArg();
	abstract Expr getOperationSubtypeArg();

Fixes a typo.

[nicolaswill]

Merging the changes now regardless (to revisit feedback)