Code review

ql/src/experimental/CWE-326/InsufficientKeySize.ql

@@ -11,19 +11,19 @@
 import go
 import DataFlow::PathGraph
 
+/**
+ * RSA key length data flow tracking configuration.
+ */
 class RsaKeyTrackingConfiguration extends DataFlow::Configuration {
   RsaKeyTrackingConfiguration() { this = "RsaKeyTrackingConfiguration" }
 
   override predicate isSource(DataFlow::Node source) {
-    exists(ValueExpr c |
-      source.asExpr() = c and
-      c.getIntValue() < 2048
-    )
+    source.asExpr().(ValueExpr).getIntValue() < 2048
   }
 
   override predicate isSink(DataFlow::Node sink) {
-    exists(CallExpr c |
-      sink.asExpr() = c.getArgument(1) and
+    exists(DataFlow::CallNode c |
+      sink = c.getArgument(1) and
       c.getTarget().hasQualifiedName("crypto/rsa", "GenerateKey")
     )
   }

ql/src/experimental/CWE-326/InsufficientKeySizeBad.go

@@ -13,4 +13,4 @@ func main() {
 		fmt.Println(err)
 	}
 	fmt.Println(pvk)
-}
+}

ql/src/experimental/CWE-326/InsufficientKeySizeGood.go

@@ -13,4 +13,4 @@ func main() {
 		fmt.Println(err)
 	}
 	fmt.Println(pvk)
-}
+}

ql/test/experimental/CWE-326/InsufficientKeySize.go

@@ -25,10 +25,3 @@ func foo4() {
 func foo5(size int) {
 	rsa.GenerateKey(rand.Reader, size)
 }
-
-func main() {
-	foo1()
-	foo2()
-	foo3()
-	foo4()
-}