hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Use consistent abbreviations in weak-crypto query message.

Browse Source
This commit is contained in:
Mark Shannon
2018-11-28 10:09:57 +00:00
parent 4f0a666a43
commit b3eaa46f14
2 changed files with 3 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
python/ql/src/Security/CWE-326/WeakCrypto.ql
View File

@@ -16,7 +16,7 @@ int minimumSecureKeySize(string algo) {
or
algo = "RSA" and result = 2048
or
algo = "elliptic curve" and result = 224
algo = "ECC" and result = 224
}
predicate dsaRsaKeySizeArg(FunctionObject obj, string algorithm, string arg) {
@@ -39,9 +39,6 @@ predicate dsaRsaKeySizeArg(FunctionObject obj, string algorithm, string arg) {
or
mod.getName() = "Cryptodome.PublicKey.RSA" and arg = "bits"
)
or
algorithm = "elliptic curve" and
mod.getName() = "cryptography.hazmat.primitives.asymmetric.ec" and arg = "curve"
)
}
@@ -68,7 +65,7 @@ predicate algorithmAndKeysizeForCall(CallNode call, string algorithm, int keySiz
exists(ClassObject curve |
arg.refersTo(_, curve, keyOrigin) and
ecKeySizeArg(func, argname) and
algorithm = "elliptic curve" and
algorithm = "ECC" and
keySize = keySizeFromCurve(curve)
)
)