hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 00:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix minor error in Weak Hashing

Browse Source
This commit is contained in:
Ed Minnix
2023-12-20 22:16:45 -05:00
parent e43fafc249
commit 7f9dff2dc7
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/lib/semmle/code/java/security/MaybeBrokenCryptoAlgorithmQuery.qll
View File

@@ -44,10 +44,12 @@ module InsecureCryptoConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node n) {
n.asExpr() instanceof InsecureAlgoLiteral
or
exists(PropertiesGetPropertyMethodCall mc | n.asExpr() = mc |
exists(PropertiesGetPropertyMethodCall mc, string value |
n.asExpr() = mc and value = mc.getPropertyValue()
|
// Since properties pairs are not included in the java/weak-crypto-algorithm,
// The check for values from properties files can be less strict than `InsecureAlgoLiteral`.
not mc.getPropertyValue().regexpMatch(getSecureAlgorithmRegex())
not value.regexpMatch(getSecureAlgorithmRegex())
)
}