Ruby: Add rb/weak-cryptographic-algorithm query

2026-05-03 04:39:29 +02:00 · 2022-03-13 17:36:37 +00:00
parent 40b87e6df7
commit 94d5f3bb1f
1 changed files with 20 additions and 0 deletions
--- a/ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.ql
+++ b/ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.ql
@@ -0,0 +1,20 @@
+/**
+ * @name Use of a broken or weak cryptographic algorithm
+ * @description Using broken or weak cryptographic algorithms can compromise security.
+ * @kind problem
+ * @problem.severity warning
+ * @security-severity 7.5
+ * @precision high
+ * @id rb/weak-cryptographic-algorithm
+ * @tags security
+ *       external/cwe/cwe-327
+ */
+
+import ruby
+import codeql.ruby.Concepts
+
+from Cryptography::CryptographicOperation operation
+where operation.isWeak()
+select operation,
+  "The cryptographic algorithm " + operation.getAlgorithm().getName() +
+    " is broken or weak, and should not be used."