hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #16482 from grakshith/rakshith/tune-java-crypto

Browse Source 
Java: Add RSA/ECB/OEAP ciphers to the list of secure algorithms
This commit is contained in:
Tony Torralba
2024-06-10 17:27:35 +02:00
committed by GitHub
parent 7ecf1f9010 798a736d16
commit 7336dd1ae5
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/lib/semmle/code/java/security/BrokenCryptoAlgorithmQuery.qll
View File

@@ -15,6 +15,8 @@ private class ShortStringLiteral extends StringLiteral {
class BrokenAlgoLiteral extends ShortStringLiteral {
BrokenAlgoLiteral() {
this.getValue().regexpMatch(getInsecureAlgorithmRegex()) and
// Exclude RSA/ECB/.* ciphers.
not this.getValue().regexpMatch("RSA/ECB.*") and
// Exclude German and French sentences.
not this.getValue().regexpMatch(".*\\p{IsLowercase} des \\p{IsLetter}.*")
}

4
java/ql/src/change-notes/2024-05-13-rsa-ecb-secure.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: majorAnalysis
---
* The query `java/weak-cryptographic-algorithm` no longer alerts about `RSA/ECB` algorithm strings.