hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Generelize MaybeBrokenCryptoAlgorithmQuery.qll

Browse Source
This commit is contained in:
Tony Torralba
2023-12-22 10:15:40 +01:00
parent 8051cfcef5
commit 8ad787f3b8
2 changed files with 29 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
View File

@@ -18,24 +18,10 @@ import semmle.code.java.frameworks.Properties
import semmle.code.java.security.MaybeBrokenCryptoAlgorithmQuery
import InsecureCryptoFlow::PathGraph
/**
* Get the string value represented by the given expression.
*
* If the value is a string literal, get the literal value.
* If the value is a call to `java.util.Properties::getProperty`, get the potential values of the property.
*/
string getStringValue(DataFlow::Node algo) {
result = algo.asExpr().(StringLiteral).getValue()
or
exists(string value | value = algo.asExpr().(PropertiesGetPropertyMethodCall).getPropertyValue() |
result = value and not value.regexpMatch(getSecureAlgorithmRegex())
)
}
from InsecureCryptoFlow::PathNode source, InsecureCryptoFlow::PathNode sink, CryptoAlgoSpec c
where
sink.getNode().asExpr() = c.getAlgoSpec() and
InsecureCryptoFlow::flowPath(source, sink)
select c, source, sink,
"Cryptographic algorithm $@ may not be secure, consider using a different algorithm.", source,
getStringValue(source.getNode())
source.getNode().asExpr().(InsecureAlgorithm).getStringValue()