Merge pull request #9982 from joefarebrother/rsa-without-oaep

Java: Add query for RSA without OAEP
2026-05-04 05:05:12 +02:00 · 2022-08-23 09:14:46 +01:00
parent a3f27d4abe e8f027dab2
commit ac79866799
8 changed files with 108 additions and 0 deletions
--- a/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.expected
+++ b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.expected
--- a/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.java
+++ b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.java
@@ -0,0 +1,17 @@
+import javax.crypto.Cipher;
+
+class RsaWithoutOaep {
+    public void test() throws Exception {
+        Cipher rsaBad = Cipher.getInstance("RSA/ECB/NoPadding"); // $hasTaintFlow
+
+        Cipher rsaGood = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding"); 
+    }
+
+    public Cipher getCipher(String spec) throws Exception {
+        return Cipher.getInstance(spec); // $hasTaintFlow
+    }
+
+    public void test2() throws Exception {
+        Cipher rsa = getCipher("RSA/ECB/NoPadding");
+    }
+}
--- a/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql
+++ b/java/ql/test/query-tests/security/CWE-780/RsaWithoutOaepTest.ql
@@ -0,0 +1,10 @@
+import java
+import TestUtilities.InlineExpectationsTest
+import TestUtilities.InlineFlowTest
+import semmle.code.java.security.RsaWithoutOaepQuery
+
+class HasFlowTest extends InlineFlowTest {
+  override DataFlow::Configuration getTaintFlowConfig() { result instanceof RsaWithoutOaepConfig }
+
+  override DataFlow::Configuration getValueFlowConfig() { none() }
+}