hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13934 from egregius313/egregius313/add-dashes-to-sha-algorithms

Browse Source 
Java: Add dashes to SHA algorithm names in `Encryption.qll`
This commit is contained in:
Edward Minnix III
2023-08-17 13:03:15 -04:00
committed by GitHub
parent 700f383bab cafd08521e
commit 41a527cf72
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/lib/change-notes/2023-08-15-add-dashes-to-sha-algorithms.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Modified the `getSecureAlgorithmName` predicate in `Encryption.qll` to also include `SHA-256` and `SHA-512`. Previously only the versions of the names without dashes were considered secure.

2
java/ql/lib/semmle/code/java/security/Encryption.qll
View File

@@ -270,7 +270,7 @@ string getInsecureAlgorithmRegex() {
string getASecureAlgorithmName() {
result =
[
"RSA", "SHA256", "SHA512", "CCM", "GCM", "AES(?![^a-zA-Z](ECB|CBC/PKCS[57]Padding))",
"RSA", "SHA-?256", "SHA-?512", "CCM", "GCM", "AES(?![^a-zA-Z](ECB|CBC/PKCS[57]Padding))",
"Blowfish", "ECIES"
]
}