commit before adding taint flow back (since no taint flow doesn't capture all cases)

2026-04-30 03:05:15 +02:00 · 2022-10-05 09:48:51 -04:00
parent 8ffd2522e7
commit ac707198d5
2 changed files with 29 additions and 19 deletions
--- a/java/ql/test/query-tests/security/CWE-326/InsufficientKeySizeTest.java
+++ b/java/ql/test/query-tests/security/CWE-326/InsufficientKeySizeTest.java
@@ -103,12 +103,15 @@ public class InsufficientKeySizeTest {
        keyPairGen18.initialize(size2); // $ hasInsufficientKeySize

        int keysize = 1024;
-        test(keysize);
+        KeyPairGenerator keyPairGen20 = KeyPairGenerator.getInstance("DSA");
+        test(keysize, keyPairGen20);
    }

-    public static void test(int keySize) throws java.security.NoSuchAlgorithmException, java.security.InvalidAlgorithmParameterException {
+    public static void test(int keySize, KeyPairGenerator kpg) throws java.security.NoSuchAlgorithmException, java.security.InvalidAlgorithmParameterException {
        KeyPairGenerator keyPairGen19 = KeyPairGenerator.getInstance("RSA");
        // BAD: Key size is less than 128
        keyPairGen19.initialize(keySize); // $ hasInsufficientKeySize
+
+        kpg.initialize(1024); // $ hasInsufficientKeySize
    }
 }