Crypto: Adding bad decrypt then mac order query.#20696
Merged
nicolaswill merged 4 commits intogithub:mainfrom Oct 24, 2025
Merged
Crypto: Adding bad decrypt then mac order query.#20696nicolaswill merged 4 commits intogithub:mainfrom
nicolaswill merged 4 commits intogithub:mainfrom
Conversation
…MacOnEncryptPlaintext as well.
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds detection capability for the "decrypt-then-MAC" vulnerability pattern, where decryption occurs before MAC verification. The changes introduce a new query to identify this security issue and refactor existing code to improve reuse of plaintext tracking for both MAC and encryption operations.
Key changes:
- Adds new query
BadMacOrderDecryptThenMac.qlto detect unsafe decrypt-then-MAC ordering - Refactors wrapper argument tracking logic with new predicates (
encryptWrapperArg,decryptWrapperArg,macWrapperArg) - Renames
InterimArgtoEncryptOrMacCallArgandTargetArgto improve code clarity
Reviewed Changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| BadMacUse.java | Adds test case decryptThenMac() demonstrating the unsafe decrypt-then-MAC pattern |
| BadMacOrderMacOnEncryptPlaintext.expected | Updates test expectations for plaintext reuse detection with new flow paths |
| BadMacOrderDecryptToMac.expected | Adds test failure expectation for missing source annotation |
| BadMacOrderDecryptThenMac.qlref | Creates query reference file for the new decrypt-then-MAC detection query |
| BadMacOrderDecryptThenMac.expected | Defines expected test results for the new decrypt-then-MAC query |
| BadMacOrderMacOnEncryptPlaintext.ql | Updates variable name from InterimArg to EncryptOrMacCallArg |
| BadMacOrderDecryptThenMac.ql | Implements new query to detect decrypt-then-MAC vulnerability pattern |
| BadMacOrder.qll | Refactors core logic with new wrapper predicates and flow configurations |
| not_included_in_qls.expected | Registers the new query in the excluded queries list |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -0,0 +1,19 @@ | |||
| /** | |||
| * @name Bad MAC order: decrypt then mac | |||
| * @description Decryption on cipher text, then MAC on ciopher text, is incorrect order | |||
There was a problem hiding this comment.
Corrected spelling of 'ciopher' to 'cipher'.
Suggested change
| * @description Decryption on cipher text, then MAC on ciopher text, is incorrect order | |
| * @description Decryption on cipher text, then MAC on cipher text, is incorrect order |
Comment on lines
223
to
234
| // /** | ||
| // * An argument of a target sink or a parent call whose parameter flows to a target sink | ||
| // */ | ||
| // class EncryptOrMacPartialFlowArg extends DataFlow::Node { | ||
| // DataFlow::Node targetSink; | ||
| // EncryptOrMacPartialFlowArg() { | ||
| // encryptWrapperArg(this, targetSink) | ||
| // or | ||
| // macWrapperArg(this, targetSink) | ||
| // } | ||
| // DataFlow::Node getTargetSink() { result = targetSink } | ||
| // } |
There was a problem hiding this comment.
The commented-out class EncryptOrMacPartialFlowArg should be removed if it's no longer needed. Leaving dead code in the codebase reduces maintainability and can cause confusion.
Suggested change
| // /** | |
| // * An argument of a target sink or a parent call whose parameter flows to a target sink | |
| // */ | |
| // class EncryptOrMacPartialFlowArg extends DataFlow::Node { | |
| // DataFlow::Node targetSink; | |
| // EncryptOrMacPartialFlowArg() { | |
| // encryptWrapperArg(this, targetSink) | |
| // or | |
| // macWrapperArg(this, targetSink) | |
| // } | |
| // DataFlow::Node getTargetSink() { result = targetSink } | |
| // } |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
nicolaswill
approved these changes
Oct 24, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds capability to detect decrypt THEN mac. Also fixes to improve reuse of plaintext for mac and encryption.