hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Refactor RsaWithoutOaep.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2023-03-15 10:37:54 +01:00
parent b3b5c2c767
commit 6408d7cbbe
3 changed files with 31 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll
View File

@@ -4,8 +4,12 @@ import java
import Encryption
import semmle.code.java.dataflow.DataFlow
/** A configuration for finding RSA ciphers initialized without using OAEP padding. */
class RsaWithoutOaepConfig extends DataFlow::Configuration {
/**
* DEPRECATED: Use `RsaWithoutOaepFlow` instead.
*
* A configuration for finding RSA ciphers initialized without using OAEP padding.
*/
deprecated class RsaWithoutOaepConfig extends DataFlow::Configuration {
RsaWithoutOaepConfig() { this = "RsaWithoutOaepConfig" }
override predicate isSource(DataFlow::Node src) {
@@ -21,3 +25,21 @@ class RsaWithoutOaepConfig extends DataFlow::Configuration {
exists(CryptoAlgoSpec cr | sink.asExpr() = cr.getAlgoSpec())
}
}
private module RsaWithoutOaepConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node src) {
exists(CompileTimeConstantExpr specExpr, string spec |
specExpr.getStringValue() = spec and
specExpr = src.asExpr() and
spec.matches("RSA/%") and
not spec.matches("%OAEP%")
)
}
predicate isSink(DataFlow::Node sink) {
exists(CryptoAlgoSpec cr | sink.asExpr() = cr.getAlgoSpec())
}
}
/** Flow for finding RSA ciphers initialized without using OAEP padding. */
module RsaWithoutOaepFlow = DataFlow::Make<RsaWithoutOaepConfig>;