hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Crypto: Removing JCA model of random, need to reassess this as this impacts the insecure IV/Nonce query. Updated name of the Insecure nonce query to be InsecureIVorNonce

Browse Source
This commit is contained in:
REDMOND\brodes
2025-10-08 11:41:21 -04:00
parent 143be8cc35
commit bd34b6ce02
3 changed files with 19 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
java/ql/lib/experimental/quantum/JCA.qll
View File

@@ -1095,21 +1095,6 @@ module JCAModel {
}
}
/**
* An instance of `java.security.SecureRandom.nextBytes(byte[])` call.
* This is already generally modeled for Java in CodeQL, but
* we model it again as part of the crypto API model to have a cohesive model.
*/
class JavaSecuritySecureRandom extends Crypto::RandomNumberGenerationInstance instanceof Call {
JavaSecuritySecureRandom() {
this.getCallee().hasQualifiedName("java.security", "SecureRandom", "nextBytes")
}
override Crypto::DataFlowNode getOutputNode() { result.asExpr() = this.(Call).getArgument(0) }
override string getGeneratorName() { result = this.(Call).getCallee().getName() }
}
class KeyGeneratorGenerateCall extends Crypto::KeyGenerationOperationInstance instanceof MethodCall
{
Crypto::KeyArtifactType type;