hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Crypto: Make WeakAsymmetricKeyGenSize a path problem.

Browse Source
This commit is contained in:
REDMOND\brodes
2025-10-13 17:04:29 -04:00
parent 7e8acd76c3
commit 55bbcee301
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/experimental/quantum/Examples/WeakAsymmetricKeyGenSize.ql
View File

@@ -59,10 +59,12 @@ where
// Also note the algorithm may also be re-specified at a use of the key
alg = keygen.getAKnownAlgorithm() and
not alg instanceof Crypto::EllipticCurveNode and // Elliptic curve sizes are handled separately and are more tied directly to the algorithm
not alg.(Crypto::KeyAgreementAlgorithmNode).getKeyAgreementType() = Crypto::ECDH() and // ECDH key sizes should be handled with elliptic curves
alg instanceof Crypto::AsymmetricAlgorithmNode and
keySize < 2048 and
srcNode.getNode().asExpr() = keygen.getAKeySizeSource().asElement() and
sinkNode.getNode() = keygen.getKeySizeConsumer().getConsumer().getInputNode()
sinkNode.getNode() = keygen.getKeySizeConsumer().getConsumer().getInputNode() and
KeySizeFlow::flowPath(srcNode, sinkNode)
select sinkNode, srcNode, sinkNode,
"Use of weak asymmetric key size (" + keySize.toString() + " bits) for algorithm $@", alg,
alg.getAlgorithmName()