hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

No longer require a mode in Cipher.init

Browse Source
This commit is contained in:
Tony Torralba
2022-08-19 16:40:52 +02:00
parent 75f62098e0
commit 3c6c09b0f8
1 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll
View File

@@ -95,17 +95,15 @@ private class StaticInitializationVectorSource extends DataFlow::Node {
}
/**
* A sink that initializes a cipher for encryption with unsafe parameters.
* A sink that initializes a cipher with unsafe parameters.
*/
private class EncryptionInitializationSink extends DataFlow::Node {
EncryptionInitializationSink() {
exists(MethodAccess ma, Method m, FieldRead fr | m = ma.getMethod() |
exists(MethodAccess ma, Method m | m = ma.getMethod() |
m.hasQualifiedName("javax.crypto", "Cipher", "init") and
m.getParameterType(2)
.(RefType)
.hasQualifiedName("java.security.spec", "AlgorithmParameterSpec") and
fr.getField().hasQualifiedName("javax.crypto", "Cipher", "ENCRYPT_MODE") and
DataFlow::localExprFlow(fr, ma.getArgument(0)) and
ma.getArgument(2) = this.asExpr()
)
}