move files

2026-04-28 18:25:24 +02:00 · 2022-09-29 09:41:28 -04:00
parent fc810ddbf4
commit 9b7df354e6
7 changed files with 6 additions and 6 deletions
--- a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.java
+++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.java
@@ -1,37 +0,0 @@
-public class InsufficientKeySize {
-    public void CryptoMethod() {
-        KeyGenerator keyGen1 = KeyGenerator.getInstance("AES");
-        // BAD: Key size is less than 128
-        keyGen1.init(64);
-
-        KeyGenerator keyGen2 = KeyGenerator.getInstance("AES");
-        // GOOD: Key size is no less than 128
-        keyGen2.init(128);
-
-        KeyPairGenerator keyPairGen1 = KeyPairGenerator.getInstance("RSA");
-        // BAD: Key size is less than 2048
-        keyPairGen1.initialize(1024);
-
-        KeyPairGenerator keyPairGen2 = KeyPairGenerator.getInstance("RSA");
-        // GOOD: Key size is no less than 2048
-        keyPairGen2.initialize(2048);
-
-        KeyPairGenerator keyPairGen3 = KeyPairGenerator.getInstance("DSA");
-        // BAD: Key size is less than 2048
-        keyPairGen3.initialize(1024);
-
-        KeyPairGenerator keyPairGen4 = KeyPairGenerator.getInstance("DSA");
-        // GOOD: Key size is no less than 2048
-        keyPairGen4.initialize(2048);
-
-        KeyPairGenerator keyPairGen5 = KeyPairGenerator.getInstance("EC");
-        // BAD: Key size is less than 256
-        ECGenParameterSpec ecSpec1 = new ECGenParameterSpec("secp112r1");
-        keyPairGen5.initialize(ecSpec1);
-
-        KeyPairGenerator keyPairGen6 = KeyPairGenerator.getInstance("EC");
-        // GOOD: Key size is no less than 256
-        ECGenParameterSpec ecSpec2 = new ECGenParameterSpec("secp256r1");
-        keyPairGen6.initialize(ecSpec2);
-    }
-}
--- a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp
@@ -1,29 +0,0 @@
-<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
-<qhelp>
-    <overview>
-        <p>This rule finds uses of encryption algorithms with too small a key size. Encryption algorithms 
-are vulnerable to brute force attack when too small a key size is used.</p>
-    </overview>
-
-    <recommendation>
-        <p>The key should be at least 2048 bits long when using RSA and DSA encryption, 256 bits long when using EC encryption, and 128 bits long when using 
-symmetric encryption.</p>
-    </recommendation>
-    
-    <references>
-
-        <li>
-            Wikipedia.
-            <a href="http://en.wikipedia.org/wiki/Key_size">Key size</a>
-        </li>
-        <li>
-            SonarSource.
-            <a href="https://rules.sonarsource.com/java/type/Vulnerability/RSPEC-4426">Cryptographic keys should be robust</a>
-        </li>
-        <li>
-            CWE.
-            <a href="https://cwe.mitre.org/data/definitions/326.html">CWE-326: Inadequate Encryption Strength</a>
-        </li>
- 
-    </references>
-</qhelp>
--- a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
@@ -1,153 +0,0 @@
-/**
- * @name Weak encryption: Insufficient key size
- * @description Finds uses of encryption algorithms with too small a key size
- * @kind problem
- * @problem.severity warning
- * @precision medium
- * @id java/insufficient-key-size
- * @tags security
- *       external/cwe/cwe-326
- */
-
-import java
-import semmle.code.java.security.Encryption
-import semmle.code.java.dataflow.TaintTracking
-
-/** The Java class `java.security.spec.ECGenParameterSpec`. */
-class ECGenParameterSpec extends RefType {
-  ECGenParameterSpec() { this.hasQualifiedName("java.security.spec", "ECGenParameterSpec") }
-}
-
-/** The `init` method declared in `javax.crypto.KeyGenerator`. */
-class KeyGeneratorInitMethod extends Method {
-  KeyGeneratorInitMethod() {
-    this.getDeclaringType() instanceof KeyGenerator and
-    this.hasName("init")
-  }
-}
-
-/** The `initialize` method declared in `java.security.KeyPairGenerator`. */
-class KeyPairGeneratorInitMethod extends Method {
-  KeyPairGeneratorInitMethod() {
-    this.getDeclaringType() instanceof KeyPairGenerator and
-    this.hasName("initialize")
-  }
-}
-
-/** Returns the key size in the EC algorithm string */
-bindingset[algorithm]
-int getECKeySize(string algorithm) {
-  algorithm.matches("sec%") and // specification such as "secp256r1"
-  result = algorithm.regexpCapture("sec[p|t](\\d+)[a-zA-Z].*", 1).toInt()
-  or
-  algorithm.matches("X9.62%") and //specification such as "X9.62 prime192v2"
-  result = algorithm.regexpCapture("X9\\.62 .*[a-zA-Z](\\d+)[a-zA-Z].*", 1).toInt()
-  or
-  (algorithm.matches("prime%") or algorithm.matches("c2tnb%")) and //specification such as "prime192v2"
-  result = algorithm.regexpCapture(".*[a-zA-Z](\\d+)[a-zA-Z].*", 1).toInt()
-}
-
-/** Taint configuration tracking flow from a key generator to a `init` method call. */
-class KeyGeneratorInitConfiguration extends TaintTracking::Configuration {
-  KeyGeneratorInitConfiguration() { this = "KeyGeneratorInitConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) {
-    source.asExpr() instanceof JavaxCryptoKeyGenerator
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(MethodAccess ma |
-      ma.getMethod() instanceof KeyGeneratorInitMethod and
-      sink.asExpr() = ma.getQualifier()
-    )
-  }
-}
-
-/** Taint configuration tracking flow from a keypair generator to a `initialize` method call. */
-class KeyPairGeneratorInitConfiguration extends TaintTracking::Configuration {
-  KeyPairGeneratorInitConfiguration() { this = "KeyPairGeneratorInitConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) {
-    source.asExpr() instanceof JavaSecurityKeyPairGenerator
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(MethodAccess ma |
-      ma.getMethod() instanceof KeyPairGeneratorInitMethod and
-      sink.asExpr() = ma.getQualifier()
-    )
-  }
-}
-
-/** Holds if a symmetric `KeyGenerator` implementing encryption algorithm `type` and initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */
-bindingset[type]
-predicate hasShortSymmetricKey(MethodAccess ma, string msg, string type) {
-  ma.getMethod() instanceof KeyGeneratorInitMethod and
-  exists(
-    JavaxCryptoKeyGenerator jcg, KeyGeneratorInitConfiguration cc, DataFlow::PathNode source,
-    DataFlow::PathNode dest
-  |
-    jcg.getAlgoSpec().(StringLiteral).getValue() = type and
-    source.getNode().asExpr() = jcg and
-    dest.getNode().asExpr() = ma.getQualifier() and
-    cc.hasFlowPath(source, dest)
-  ) and
-  ma.getArgument(0).(IntegerLiteral).getIntValue() < 128 and
-  msg = "Key size should be at least 128 bits for " + type + " encryption."
-}
-
-/** Holds if an AES `KeyGenerator` initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */
-predicate hasShortAESKey(MethodAccess ma, string msg) { hasShortSymmetricKey(ma, msg, "AES") }
-
-/** Holds if an asymmetric `KeyPairGenerator` implementing encryption algorithm `type` and initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */
-bindingset[type]
-predicate hasShortAsymmetricKeyPair(MethodAccess ma, string msg, string type) {
-  ma.getMethod() instanceof KeyPairGeneratorInitMethod and
-  exists(
-    JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorInitConfiguration kc,
-    DataFlow::PathNode source, DataFlow::PathNode dest
-  |
-    jpg.getAlgoSpec().(StringLiteral).getValue().toUpperCase() = type and
-    source.getNode().asExpr() = jpg and
-    dest.getNode().asExpr() = ma.getQualifier() and
-    kc.hasFlowPath(source, dest)
-  ) and
-  ma.getArgument(0).(IntegerLiteral).getIntValue() < 2048 and
-  msg = "Key size should be at least 2048 bits for " + type + " encryption."
-}
-
-/** Holds if a DSA `KeyPairGenerator` initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */
-predicate hasShortDsaKeyPair(MethodAccess ma, string msg) {
-  hasShortAsymmetricKeyPair(ma, msg, "DSA") or hasShortAsymmetricKeyPair(ma, msg, "DH")
-}
-
-/** Holds if a RSA `KeyPairGenerator` initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */
-predicate hasShortRsaKeyPair(MethodAccess ma, string msg) {
-  hasShortAsymmetricKeyPair(ma, msg, "RSA")
-}
-
-/** Holds if an EC `KeyPairGenerator` initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */
-predicate hasShortECKeyPair(MethodAccess ma, string msg) {
-  ma.getMethod() instanceof KeyPairGeneratorInitMethod and
-  exists(
-    JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorInitConfiguration kc,
-    DataFlow::PathNode source, DataFlow::PathNode dest, ClassInstanceExpr cie
-  |
-    jpg.getAlgoSpec().(StringLiteral).getValue().matches("EC%") and // ECC variants such as ECDH and ECDSA
-    source.getNode().asExpr() = jpg and
-    dest.getNode().asExpr() = ma.getQualifier() and
-    kc.hasFlowPath(source, dest) and
-    DataFlow::localExprFlow(cie, ma.getArgument(0)) and
-    ma.getArgument(0).getType() instanceof ECGenParameterSpec and
-    getECKeySize(cie.getArgument(0).(StringLiteral).getValue()) < 256
-  ) and
-  msg = "Key size should be at least 256 bits for EC encryption."
-}
-
-from Expr e, string msg
-where
-  hasShortAESKey(e, msg) or
-  hasShortDsaKeyPair(e, msg) or
-  hasShortRsaKeyPair(e, msg) or
-  hasShortECKeyPair(e, msg)
-select e, msg