JS: Accept alerts for InsufficientKeySize

2026-04-26 17:25:19 +02:00 · 2025-02-12 15:36:10 +01:00
parent fc95702341
commit 0f8e85fa2f
2 changed files with 2 additions and 2 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-326/tst.js
+++ b/javascript/ql/test/query-tests/Security/CWE-326/tst.js
@@ -32,7 +32,7 @@ var bad9 = forge.cipher.createDecipher('3DES-CBC', key3); // $ Alert
 var key4 = myBuffer.getBytes(16);
 var good5 = forge.cipher.createDecipher('AES-CBC', key4);

-var bad10 = crypto.createDiffieHellman(512);
+var bad10 = crypto.createDiffieHellman(512); // $ Alert
 var good6 = crypto.createDiffieHellman(2048);

 const NodeRSA = require('node-rsa');
--- a/javascript/ql/test/query-tests/Security/CWE-326/tst.xsjs
+++ b/javascript/ql/test/query-tests/Security/CWE-326/tst.xsjs
@@ -1,5 +1,5 @@
 const crypto = $.require("crypto");

-const bad1 = crypto.generateKeyPairSync("rsa", { modulusLength: 1024 }); // NOT OK
+const bad1 = crypto.generateKeyPairSync("rsa", { modulusLength: 1024 }); // $ Alert

 const good1 = crypto.generateKeyPairSync("rsa", { modulusLength: 4096 }); // OK