mirror of
https://github.com/github/codeql.git
synced 2026-05-05 05:35:13 +02:00
QL code and tests for C#/C++/JavaScript.
This commit is contained in:
Pavel Avgustinov
19
javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql
Normal file
19
javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql
Normal file
@@ -0,0 +1,19 @@
|
||||
/**
|
||||
* @name Use of a broken or weak cryptographic algorithm
|
||||
* @description Using broken or weak cryptographic algorithms can compromise security.
|
||||
* @kind problem
|
||||
* @problem.severity warning
|
||||
* @precision high
|
||||
* @id js/weak-cryptographic-algorithm
|
||||
* @tags security
|
||||
* external/cwe/cwe-327
|
||||
*/
|
||||
import javascript
|
||||
import semmle.javascript.security.dataflow.RemoteFlowSources
|
||||
import semmle.javascript.security.dataflow.BrokenCryptoAlgorithm::BrokenCryptoAlgorithm
|
||||
import semmle.javascript.security.SensitiveActions
|
||||
|
||||
from Configuration brokenCrypto, Source source, DataFlow::Node sink
|
||||
where brokenCrypto.hasFlow(source, sink) and
|
||||
not source.asExpr() instanceof CleartextPasswordExpr // flagged by js/insufficient-password-hash
|
||||
select sink, "Sensitive data from $@ is used in a broken or weak cryptographic algorithm.", source , source.describe()
|
||||
Reference in New Issue
Block a user