hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: respond to PR comments on InsufficientKeySize

Browse Source
This commit is contained in:
Robert Marsh
2022-02-16 14:58:07 -05:00
parent cfd9c9d137
commit 103796dfa8
2 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cpp/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
View File

@@ -2,7 +2,7 @@
* @name Use of a cryptographic algorithm with insufficient key size
* @description Using cryptographic algorithms with too small a key size can
* allow an attacker to compromise security.
* @kind problem
* @kind path-problem
* @problem.severity error
* @precision high
* @id cpp/insufficient-key-size
@@ -43,13 +43,13 @@ class KeyStrengthFlow extends DataFlow::Configuration {
}
from
DataFlow::PathNode source, DataFlow::PathNode sink, KeyStrengthFlow conf, FunctionCall fc,
DataFlow::PathNode source, DataFlow::PathNode sink, KeyStrengthFlow conf, FunctionCall fc, int param,
string name, int bits
where
conf.hasFlowPath(source, sink) and
sink.getNode().asExpr() = fc.getArgument(1) and
sink.getNode().asExpr() = fc.getArgument(param) and
fc.getTarget().hasGlobalName(name) and
bits = getMinimumKeyStrength(name, _) and
bits = getMinimumKeyStrength(name, param) and
source.getNode().asInstruction().(ConstantValueInstruction).getValue().toInt() < bits
select fc, source, sink,
"The key size $@ is less than the recommended key size of " + bits.toString() + " bits.", source,

6
cpp/ql/test/query-tests/Security/CWE/CWE-326/InsufficientKeySize.expected
View File

@@ -1,3 +1,3 @@
| test.cpp:32:5:32:38 | call to EVP_PKEY_CTX_set_dsa_paramgen_bits | test.cpp:32:45:32:48 | 1024 | test.cpp:32:45:32:48 | 1024 | The key size $@ is insufficient for security | test.cpp:32:45:32:48 | 1024 | 1024 |
| test.cpp:33:5:33:42 | call to EVP_PKEY_CTX_set_dh_paramgen_prime_len | test.cpp:33:49:33:52 | 1024 | test.cpp:33:49:33:52 | 1024 | The key size $@ is insufficient for security | test.cpp:33:49:33:52 | 1024 | 1024 |
| test.cpp:35:5:35:36 | call to EVP_PKEY_CTX_set_rsa_keygen_bits | test.cpp:35:43:35:46 | 1024 | test.cpp:35:43:35:46 | 1024 | The key size $@ is insufficient for security | test.cpp:35:43:35:46 | 1024 | 1024 |
| test.cpp:34:5:34:38 | call to EVP_PKEY_CTX_set_dsa_paramgen_bits | test.cpp:34:45:34:48 | 1024 | test.cpp:34:45:34:48 | 1024 | The key size $@ is less than the recommended key size of 2048 bits. | test.cpp:34:45:34:48 | 1024 | 1024 |
| test.cpp:35:5:35:42 | call to EVP_PKEY_CTX_set_dh_paramgen_prime_len | test.cpp:35:49:35:52 | 1024 | test.cpp:35:49:35:52 | 1024 | The key size $@ is less than the recommended key size of 2048 bits. | test.cpp:35:49:35:52 | 1024 | 1024 |
| test.cpp:37:5:37:36 | call to EVP_PKEY_CTX_set_rsa_keygen_bits | test.cpp:37:43:37:46 | 1024 | test.cpp:37:43:37:46 | 1024 | The key size $@ is less than the recommended key size of 2048 bits. | test.cpp:37:43:37:46 | 1024 | 1024 |