Tags for crypto libs and methods (#67)

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
AppThreat · Jan 28, 2024 · 7a5d94c · 7a5d94c
1 parent 7c68f06
commit 7a5d94c
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 4 deletions.
diff --git a/build.sbt b/build.sbt
@@ -1,6 +1,6 @@
 name                     := "chen"
 ThisBuild / organization := "io.appthreat"
-ThisBuild / version      := "2.0.5"
+ThisBuild / version      := "2.0.6"
 ThisBuild / scalaVersion := "3.3.1"
 
 val cpgVersion = "1.0.0"

diff --git a/codemeta.json b/codemeta.json
@@ -7,7 +7,7 @@
   "downloadUrl": "https://github.com/AppThreat/chen",
   "issueTracker": "https://github.com/AppThreat/chen/issues",
   "name": "chen",
-  "version": "2.0.5",
+  "version": "2.0.6",
   "description": "Code Hierarchy Exploration Net (chen) is an advanced exploration toolkit for your application source code and its dependency hierarchy.",
   "applicationCategory": "code-analysis",
   "keywords": [

diff --git a/meta.yaml b/meta.yaml
@@ -1,4 +1,4 @@
-{% set version = "2.0.5" %}
+{% set version = "2.0.6" %}
 
 package:
   name: chen

diff --git a/platform/frontends/x2cpg/src/main/scala/io/appthreat/x2cpg/passes/taggers/EasyTagsPass.scala b/platform/frontends/x2cpg/src/main/scala/io/appthreat/x2cpg/passes/taggers/EasyTagsPass.scala
@@ -109,5 +109,33 @@ class EasyTagsPass(atom: Cpg) extends CpgPass(atom):
             atom.method.name("wp_signon").newTagNode("authentication").store()(dstGraph)
             atom.method.name("wp_remote_.*").newTagNode("http").store()(dstGraph)
         end if
+        if language == Languages.JAVA || language == Languages.JAVASRC then
+            atom.identifier.typeFullName("java.security.*").newTagNode("crypto").store()(dstGraph)
+            atom.identifier.typeFullName("org.bouncycastle.*").newTagNode("crypto").store()(
+              dstGraph
+            )
+            atom.identifier.typeFullName("javax.(security|crypto).*").newTagNode("crypto").store()(
+              dstGraph
+            )
+            atom.call.methodFullName("java.security.*").newTagNode("crypto").store()(dstGraph)
+            atom.call.methodFullName("org.bouncycastle.*").newTagNode("crypto").store()(dstGraph)
+            atom.call.methodFullName("javax.(security|crypto).*").newTagNode("crypto").store()(
+              dstGraph
+            )
+            atom.call.methodFullName("java.security.*doFinal.*").newTagNode(
+              "crypto-generate"
+            ).store()(dstGraph)
+            atom.call.methodFullName("org.bouncycastle.*(doFinal|generate).*").newTagNode(
+              "crypto-generate"
+            ).store()(dstGraph)
+            atom.call.methodFullName("javax.(security|crypto).*doFinal.*").newTagNode(
+              "crypto-generate"
+            ).store()(
+              dstGraph
+            )
+            atom.literal.code(
+              "\"(DSA|ECDSA|GOST-3410|ECGOST-3410|MD5|SHA1|SHA224|SHA384|SHA512|ECDH|PKCS12|DES|DESEDE|IDEA|RC2|RC5|MD2|MD4|MD5|RIPEMD128|RIPEMD160|RIPEMD256|AES|Blowfish|CAST5|CAST6|DES|DESEDE|GOST-28147|IDEA|RC6|Rijndael|Serpent|Skipjack|Twofish|OpenPGPCFB|PKCS7Padding|ISO10126-2Padding|ISO7816-4Padding|TBCPadding|X9.23Padding|ZeroBytePadding|PBEWithMD5AndDES|PBEWithSHA1AndDES|PBEWithSHA1AndRC2|PBEWithMD5AndRC2|PBEWithSHA1AndIDEA|PBEWithSHA1And3-KeyTripleDES|PBEWithSHA1And2-KeyTripleDES|PBEWithSHA1And40BitRC2|PBEWithSHA1And40BitRC4|PBEWithSHA1And128BitRC2|PBEWithSHA1And128BitRC4|PBEWithSHA1AndTwofish|ChaCha20|ChaCha20-Poly1305|DESede|DiffieHellman|OAEP|PBEWithMD5AndDES|PBEWithHmacSHA256AndAES|RSASSA-PSS|X25519|X448|XDH|X.509|PKCS7|PkiPath|PKIX|AESWrap|ARCFOUR|ISO10126Padding|OAEPWithMD5AndMGF1Padding|OAEPWithSHA-512AndMGF1Padding|PKCS1Padding|PKCS5Padding|SSL3Padding|ECMQV|HmacMD5|HmacSHA1|HmacSHA224|HmacSHA256|HmacSHA384|HmacSHA512|HmacSHA3-224|HmacSHA3-256|HmacSHA3-384|HmacSHA3-512|SHA3-224|SHA3-256|SHA3-384|SHA3-512|SHA-1|SHA-224|SHA-256|SHA-384|SHA-512|CRAM-MD5|DIGEST-MD5|GSSAPI|NTLM|PBKDF2WithHmacSHA256|NativePRNG|NativePRNGBlocking|NativePRNGNonBlocking|SHA1PRNG|Windows-PRNG|NONEwithRSA|MD2withRSA|MD5withRSA|SHA1withRSA|SHA224withRSA|SHA256withRSA|SHA384withRSA|SHA512withRSA|SHA3-224withRSA|SHA3-256withRSA|SHA3-384withRSA|SHA3-512withRSA|NONEwithECDSAinP1363Format|SHA1withECDSAinP1363Format|SHA224withECDSAinP1363Format|SHA256withECDSAinP1363Format|SHA384withECDSAinP1363Format|SHA512withECDSAinP1363Format|SSLv2|SSLv3|TLSv1|DTLS|SSL_|TLS_).*"
+            ).newTagNode("crypto-algorithm").store()(dstGraph)
+        end if
     end run
 end EasyTagsPass
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "appthreat-chen"
-version = "2.0.5"
+version = "2.0.6"
 description = "Code Hierarchy Exploration Net (chen)"
 authors = ["Team AppThreat <cloud@appthreat.com>"]
 license = "Apache-2.0"