hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use CryptoAlgoSpec rather than hadcoding Cipher.getInstance

Browse Source
This commit is contained in:
Joe Farebrother
2022-08-05 17:53:55 +01:00
parent 08b77493d2
commit c77b17574a
3 changed files with 12 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
View File

@@ -11,8 +11,9 @@
*/
import java
import semmle.code.java.security.Encryption
import semmle.code.java.security.RsaWithoutOaepQuery
from MethodAccess ma
where rsaWithoutOaepCall(ma)
select ma, "This instance of RSA does not use OAEP padding."
from CryptoAlgoSpec c
where rsaWithoutOaepCall(c)
select c, "This instance of RSA does not use OAEP padding."