hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-14 11:34:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add EC to secure algorithm whitelist for Java CWE-327 query

Browse Source
This commit is contained in:
MarkLee131
2026-03-27 19:08:27 +08:00
parent a8b52acaa9
commit a9449cc991
3 changed files with 42 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/lib/semmle/code/java/security/Encryption.qll
View File

@@ -259,7 +259,11 @@ string getASecureAlgorithmName() {
result =
[
"RSA", "SHA-?(256|384|512)", "CCM", "GCM", "AES(?![^a-zA-Z](ECB|CBC/PKCS[57]Padding))",
"Blowfish", "ECIES", "SHA3-(256|384|512)"
"Blowfish", "ECIES", "SHA3-(256|384|512)",
// Elliptic Curve algorithms: EC (key generation), ECDSA (signatures), ECDH (key agreement),
// EdDSA/Ed25519/Ed448 (Edwards-curve signatures), XDH/X25519/X448 (key agreement).
// These are modern, secure algorithms recommended by NIST and other standards bodies.
"EC", "ECDSA", "ECDH", "EdDSA", "Ed25519", "Ed448", "XDH", "X25519", "X448"
]
}