mirror of
https://github.com/github/codeql.git
synced 2026-04-25 08:45:14 +02:00
Move test case to query tests
This commit is contained in:
Ed Minnix
@@ -1,6 +1,8 @@
|
||||
edges
|
||||
nodes
|
||||
| Test.java:34:48:34:52 | "foo" | semmle.label | "foo" |
|
||||
| WeakHashing.java:15:55:15:83 | getProperty(...) | semmle.label | getProperty(...) |
|
||||
subpaths
|
||||
#select
|
||||
| Test.java:34:21:34:53 | new SecretKeySpec(...) | Test.java:34:48:34:52 | "foo" | Test.java:34:48:34:52 | "foo" | Cryptographic algorithm $@ may not be secure, consider using a different algorithm. | Test.java:34:48:34:52 | "foo" | foo |
|
||||
| WeakHashing.java:15:29:15:84 | getInstance(...) | WeakHashing.java:15:55:15:83 | getProperty(...) | WeakHashing.java:15:55:15:83 | getProperty(...) | Cryptographic algorithm $@ may not be secure, consider using a different algorithm. | WeakHashing.java:15:55:15:83 | getProperty(...) | MD5 |
|
||||
|
||||
@@ -0,0 +1,20 @@
|
||||
package test.cwe327.semmle.tests;
|
||||
|
||||
import java.util.Properties;
|
||||
import java.io.FileInputStream;
|
||||
import java.io.IOException;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
|
||||
public class WeakHashing {
|
||||
void hashing() throws NoSuchAlgorithmException, IOException {
|
||||
java.util.Properties props = new java.util.Properties();
|
||||
props.load(new FileInputStream("example.properties"));
|
||||
|
||||
// BAD: Using a weak hashing algorithm
|
||||
MessageDigest bad = MessageDigest.getInstance(props.getProperty("hashAlg1"));
|
||||
|
||||
// GOOD: Using a strong hashing algorithm
|
||||
MessageDigest ok = MessageDigest.getInstance(props.getProperty("hashAlg2"));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
hashAlg1=MD5
|
||||
hashAlg2=SHA-256
|
||||
Reference in New Issue
Block a user