hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 21:25:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

C#: Fix CWE tag for cs/insufficient-key-size

Browse Source 
Since this targets

CWE-326 Inadequate Encryption Strength

> The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
> \- https://cwe.mitre.org/data/definitions/326.html

and not

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

> The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.
> \- https://cwe.mitre.org/data/definitions/327.html

This matches what we do for similar query in Python: https://github.com/github/codeql/blob/main/python/ql/src/Security/CWE-326/WeakCryptoKey.ql
This commit is contained in:
Rasmus Wriedt Larsen
2021-09-07 12:59:10 +02:00
committed by GitHub
parent 1dc712f54d
commit 8f52089475
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
csharp/ql/src/Security Features/InsufficientKeySize.ql
View File

@@ -7,7 +7,7 @@
* @precision high
* @id cs/insufficient-key-size
* @tags security
* external/cwe/cwe-327
* external/cwe/cwe-326
*/
import csharp