hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Crypto: Reused nonce query updates and test updates to address false positives.

Browse Source
This commit is contained in:
REDMOND\brodes
2025-10-10 12:25:31 -04:00
parent fba80870a6
commit 758759a304
4 changed files with 115 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
java/ql/test/experimental/query-tests/quantum/examples/NonceReuse/Test.java
View File

@@ -83,6 +83,34 @@ public class Test {
byte[] ciphertext2 = cipher2.doFinal("Simple Test Data".getBytes());
}
public void falsePositive1() throws Exception {
byte[] iv = null;
new SecureRandom().nextBytes(iv);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKey key = generateAESKey();
if (iv != null) {
cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // GOOD
byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes());
} else if(iv.length > 0) {
cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // GOOD
byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes());
}
}
public void falsePositive2() throws Exception {
byte[] iv = null;
new SecureRandom().nextBytes(iv);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKey key = generateAESKey();
cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // GOOD
byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes());
cipher.init(Cipher.DECRYPT_MODE, key, ivSpec); // GOOD
byte[] decryptedData = cipher.doFinal(ciphertext);
}
public static void main(String[] args) {
try {
funcA2();