hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Crypto: more non-ascii removal.

Browse Source
This commit is contained in:
REDMOND\brodes
2025-10-06 11:34:45 -04:00
parent abeb3141b1
commit 017a956d5e
2 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
java/ql/test/experimental/library-tests/quantum/jca/KeyDerivation1.java
View File

@@ -26,22 +26,22 @@ import javax.crypto.spec.SecretKeySpec;
* 1. PBKDF2 Examples: - Parent Classification: Password-Based Key Derivation
* Function (PBKDF). - SAST: * pbkdf2DerivationBasic: Uses PBKDF2WithHmacSHA256
* with 10,000 iterations - acceptable if parameters meet current standards. *
* pbkdf2LowIteration: Uses only 10 iterations flagged as insecure due to
* pbkdf2LowIteration: Uses only 10 iterations, flagged as insecure due to
* insufficient iteration count. * pbkdf2HighIteration: Uses 1,000,000
* iterations secure (though performance may be impacted). * pbkdf2HmacSHA1:
* Uses PBKDF2WithHmacSHA1 flagged as weaker compared to SHA-256, though
* iterations - secure (though performance may be impacted). * pbkdf2HmacSHA1:
* Uses PBKDF2WithHmacSHA1 - flagged as weaker compared to SHA-256, though
* sometimes seen in legacy systems. * pbkdf2HmacSHA512: Uses
* PBKDF2WithHmacSHA512 classified as secure.
* PBKDF2WithHmacSHA512 - classified as secure.
*
* 2. Scrypt Examples: - Parent Classification: Memory-Hard Key Derivation
* Function. - SAST: * scryptWeak: Uses weak parameters (n=1024, r=1, p=1)
* Function. - SAST: * scryptWeak: Uses weak parameters (n=1024, r=1, p=1) -
* flagged as insecure. * scryptStrong: Uses stronger parameters (n=16384, r=8,
* p=1) considered secure.
* p=1) - considered secure.
*
* 3. Argon2 Examples: - Parent Classification: Memory-Hard Key Derivation
* Function (Argon2id). - SAST: * argon2Derivation: Uses moderate memory and
* iterations considered secure. * argon2HighMemory: Uses high memory (128MB)
* and more iterations secure, though resource intensive.
* iterations - considered secure. * argon2HighMemory: Uses high memory (128MB)
* and more iterations - secure, though resource intensive.
*
* 4. Insecure Raw Hash Derivation: - Parent Classification: Raw Hash Usage for
* Key Derivation. - SAST: Using a single SHA-256 hash as a key and then using

10
java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java
View File

@@ -19,15 +19,15 @@ import javax.crypto.spec.SecretKeySpec;
*
* Flows include:
*
* 1. Secure HMAC-SHA2 (HMAC-SHA256) a widely accepted MAC. 2. Secure
* HMAC-SHA3 (HMAC-SHA3-256) an alternative using the SHA-3 family. 3. Secure
* Poly1305 MAC using BouncyCastles implementation. 4. Secure GMAC using
* AES-GCMs authentication tag in a dedicated MAC mode. 5. Secure KMAC using
* 1. Secure HMAC-SHA2 (HMAC-SHA256) - a widely accepted MAC. 2. Secure
* HMAC-SHA3 (HMAC-SHA3-256) - an alternative using the SHA-3 family. 3. Secure
* Poly1305 MAC - using BouncyCastles implementation. 4. Secure GMAC - using
* AES-GCMs authentication tag in a dedicated MAC mode. 5. Secure KMAC - using
* KMAC128 (from the SHA-3 family).
*
* Insecure examples include:
*
* 6. Insecure HMAC-SHA1 which is deprecated.
* 6. Insecure HMAC-SHA1 - which is deprecated.
*
* Further flows:
*