hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

add shared key sizes

Browse Source
This commit is contained in:
Jami Cogswell
2022-11-09 09:28:30 -05:00
committed by Jami
parent 2976daa8eb
commit 0fa05d47e3
5 changed files with 42 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/ql/lib/semmle/code/java/security/InsufficientKeySize.qll
View File

@@ -2,6 +2,7 @@
private import semmle.code.java.security.Encryption
private import semmle.code.java.dataflow.DataFlow
private import semmle.code.java.security.EncryptionKeySizes
/** A source for an insufficient key size. */
abstract class InsufficientKeySizeSource extends DataFlow::Node {
@@ -42,7 +43,7 @@ private module Asymmetric {
}
/** Returns the minimum recommended key size for RSA, DSA, and DH algorithms. */
private int getMinKeySize() { result = 2048 }
private int getMinKeySize() { result = minSecureKeySizeAsymmetricNonEc() }
/** An instance of an RSA, DSA, or DH algorithm specification. */
private class Spec extends ClassInstanceExpr {
@@ -87,7 +88,7 @@ private module Asymmetric {
}
/** Returns the minimum recommended key size for elliptic curve (EC) algorithms. */
private int getMinKeySize() { result = 256 }
private int getMinKeySize() { result = minSecureKeySizeAsymmetricEc() }
/** Returns the key size from an EC algorithm's curve name string */
bindingset[algorithm]
@@ -168,7 +169,7 @@ private module Symmetric {
}
/** Returns the minimum recommended key size for AES algorithms. */
private int getMinKeySize() { result = 128 }
private int getMinKeySize() { result = minSecureKeySizeSymmetric() }
/** A call to the `init` method declared in `javax.crypto.KeyGenerator`. */
private class KeyGenInit extends MethodAccess {

15
java/ql/lib/semmle/code/java/security/internal/EncryptionKeySizes.qll Normal file
View File

@@ -0,0 +1,15 @@
/**
* INTERNAL: Do not use.
*
* Provides predicates for recommended encryption key sizes.
* Such that we can share this logic across our CodeQL analysis of different languages.
*/
/** Returns the minimum recommended key size for asymmetric algorithms (RSA, DSA, and DH). */
int minSecureKeySizeAsymmetricNonEc() { result = 2048 }
/** Returns the minimum recommended key size for elliptic curve (EC) algorithms. */
int minSecureKeySizeAsymmetricEc() { result = 256 }
/** Returns the minimum recommended key size for symmetric algorithmms (AES). */
int minSecureKeySizeSymmetric() { result = 128 }