hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 12:53:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Exclude broken algorithms from the list of secure algorithms

Browse Source
This commit is contained in:
luchua-bc
2020-12-17 00:41:23 +00:00
parent 6b77922a25
commit bed8a68d28
4 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/semmle/code/java/security/Encryption.qll
View File

@@ -99,7 +99,7 @@ string getAnInsecureAlgorithmName() {
result = "RC5" or
result = "ARCFOUR" or // a variant of RC4
result = "ECB" or // encryption mode ECB like AES/ECB/NoPadding is vulnerable to replay and other attacks
result = "AES/CBC/PKCS5Padding" // CBC mode of operation with PKCS#5 (or PKCS#7) padding is vulnerable to padding oracle attacks
result = "AES/CBC/PKCS[5|7]Padding" // CBC mode of operation with PKCS#5 (or PKCS#7) padding is vulnerable to padding oracle attacks
}
/**
@@ -141,7 +141,7 @@ string getASecureAlgorithmName() {
result = "SHA512" or
result = "CCM" or
result = "GCM" or
result = "AES" or
result = "AES([^a-zA-Z](?!ECB|CBC/PKCS[5|7]Padding)).*" or
result = "Blowfish" or
result = "ECIES"
}