hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: weak-crypto: Make algorithm selection less brittle

Browse Source 
As discussed in https://github.com/github/codeql/pull/5635#discussion_r633477154
This commit is contained in:
Rasmus Wriedt Larsen
2021-05-19 17:46:10 +02:00
parent 22d4d7956a
commit 753dca91b1
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
python/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql
View File

@@ -16,8 +16,9 @@ from Cryptography::CryptographicOperation operation, Cryptography::Cryptographic
where
algorithm = operation.getAlgorithm() and
algorithm.isWeak() and
not algorithm instanceof Cryptography::HashingAlgorithm and // handled by `py/weak-sensitive-data-hashing`
not algorithm instanceof Cryptography::PasswordHashingAlgorithm // handled by `py/weak-sensitive-data-hashing`
// `Cryptography::HashingAlgorithm` and `Cryptography::PasswordHashingAlgorithm` are
// handled by `py/weak-sensitive-data-hashing`
algorithm instanceof Cryptography::EncryptionAlgorithm
select operation,
"The cryptographic algorithm " + algorithm.getName() +
" is broken or weak, and should not be used."