hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

C#: Add test for decrypt.

Browse Source
This commit is contained in:
Michael Nebel
2022-06-21 14:26:28 +02:00
parent 410167671f
commit 52a9fb0de7
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.cs
View File

@@ -46,6 +46,9 @@ namespace HardcodedSymmetricEncryptionKey
// GOOD (this function hashes password)
var de = DecryptWithPassword(ct, c, iv);
// BAD: harc-coded password passed to Decrypt
var de1 = Decrypt(ct, c, iv);
// BAD [NOT DETECTED]
CreateCryptographicKey(null, byteArrayFromString);
@@ -53,6 +56,26 @@ namespace HardcodedSymmetricEncryptionKey
CreateCryptographicKey(null, File.ReadAllBytes("secret.key"));
}
public static string Decrypt(byte[] cipherText, byte[] password, byte[] IV)
{
byte[] rawPlaintext;
var salt = new byte[] { 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00 };
using (Aes aes = new AesManaged())
{
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, aes.CreateDecryptor(password, IV), CryptoStreamMode.Write))
{
cs.Write(cipherText, 0, cipherText.Length);
}
rawPlaintext = ms.ToArray();
}
return Encoding.Unicode.GetString(rawPlaintext);
}
}
public static string DecryptWithPassword(byte[] cipherText, byte[] password, byte[] IV)
{
byte[] rawPlaintext;