hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Use consistent abbreviations in weak-crypto query message.

Browse Source
This commit is contained in:
Mark Shannon
2018-11-28 10:09:57 +00:00
parent 4f0a666a43
commit b3eaa46f14
2 changed files with 3 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
python/ql/src/Security/CWE-326/WeakCrypto.ql
View File

@@ -16,7 +16,7 @@ int minimumSecureKeySize(string algo) {
or
algo = "RSA" and result = 2048
or
algo = "elliptic curve" and result = 224
algo = "ECC" and result = 224
}
predicate dsaRsaKeySizeArg(FunctionObject obj, string algorithm, string arg) {
@@ -39,9 +39,6 @@ predicate dsaRsaKeySizeArg(FunctionObject obj, string algorithm, string arg) {
or
mod.getName() = "Cryptodome.PublicKey.RSA" and arg = "bits"
)
or
algorithm = "elliptic curve" and
mod.getName() = "cryptography.hazmat.primitives.asymmetric.ec" and arg = "curve"
)
}
@@ -68,7 +65,7 @@ predicate algorithmAndKeysizeForCall(CallNode call, string algorithm, int keySiz
exists(ClassObject curve |
arg.refersTo(_, curve, keyOrigin) and
ecKeySizeArg(func, argname) and
algorithm = "elliptic curve" and
algorithm = "ECC" and
keySize = keySizeFromCurve(curve)
)
)

2
python/ql/test/query-tests/Security/CWE-326/WeakCrypto.expected
View File

@@ -1,5 +1,5 @@
| weak_crypto.py:67:1:67:30 | ControlFlowNode for dsa_gen_key() | Creation of an DSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:12:12:12:15 | ControlFlowNode for IntegerLiteral | 1024 |
| weak_crypto.py:68:1:68:28 | ControlFlowNode for ec_gen_key() | Creation of an elliptic curve key uses $@ bits, which is below 224 and considered breakable. | weak_crypto.py:21:11:21:33 | ControlFlowNode for FakeWeakEllipticCurve() | 160 |
| weak_crypto.py:68:1:68:28 | ControlFlowNode for ec_gen_key() | Creation of an ECC key uses $@ bits, which is below 224 and considered breakable. | weak_crypto.py:21:11:21:33 | ControlFlowNode for FakeWeakEllipticCurve() | 160 |
| weak_crypto.py:69:1:69:37 | ControlFlowNode for rsa_gen_key() | Creation of an RSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:12:12:12:15 | ControlFlowNode for IntegerLiteral | 1024 |
| weak_crypto.py:71:1:71:22 | ControlFlowNode for Attribute() | Creation of an DSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:12:12:12:15 | ControlFlowNode for IntegerLiteral | 1024 |
| weak_crypto.py:72:1:72:22 | ControlFlowNode for Attribute() | Creation of an RSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:12:12:12:15 | ControlFlowNode for IntegerLiteral | 1024 |