hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 01:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #18161 from owen-mc/java/weak-crypto-algo-more-informative

Browse Source 
Java: Make `java/weak-cryptographic-algorithm` give  a reason why the algo is insecure
This commit is contained in:
Owen Mansel-Chan
2025-01-13 23:43:04 +00:00
committed by GitHub
parent 599411b440 0728b3bd60
commit 883301938b
9 changed files with 67 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
View File

@@ -18,10 +18,11 @@ import InsecureCryptoFlow::PathGraph
from
InsecureCryptoFlow::PathNode source, InsecureCryptoFlow::PathNode sink, CryptoAlgoSpec spec,
BrokenAlgoLiteral algo
BrokenAlgoLiteral algo, string reason
where
sink.getNode().asExpr() = spec.getAlgoSpec() and
source.getNode().asExpr() = algo and
reason = getInsecureAlgorithmReason(algo.getValue()) and
InsecureCryptoFlow::flowPath(source, sink)
select spec, source, sink, "Cryptographic algorithm $@ is weak and should not be used.", algo,
select spec, source, sink, "Cryptographic algorithm $@ is insecure. " + reason, algo,
algo.getValue()