hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Crypto: Updating weak hash tests

Browse Source
This commit is contained in:
REDMOND\brodes
2025-10-16 10:56:08 -04:00
parent 4860034d41
commit d2598d4f5d
2 changed files with 3 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHash.expected
View File

@@ -1,9 +1,4 @@
#select
| WeakHashing.java:15:55:15:83 | HashAlgorithm | Use of unapproved hash algorithm or API: MD5. |
| WeakHashing.java:18:56:18:95 | HashAlgorithm | Use of unapproved hash algorithm or API: MD5. |
| WeakHashing.java:21:86:21:90 | HashAlgorithm | Use of unapproved hash algorithm or API: MD5. |
| WeakHashing.java:24:56:24:62 | HashAlgorithm | Use of unapproved hash algorithm or API: SHA1. |
| WeakHashing.java:34:56:34:96 | HashAlgorithm | Use of unapproved hash algorithm or API: MD5. |
testFailures
| WeakHashing.java:27:125:27:133 | // $Alert | Missing result: Alert |
| WeakHashing.java:40:111:40:119 | // $Alert | Missing result: Alert |

5
java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java
View File

@@ -30,8 +30,9 @@ public class WeakHashing {
props2.load(new FileInputStream("unobserved-file.properties"));
// BAD: "hashalg1" is not visible in the file loaded for props2
MessageDigest bad6 = MessageDigest.getInstance(props2.getProperty("hashAlg1", "SHA-256")); // $Alert[java/quantum/weak-hash]
// BAD: "hashAlg2" is not visible in the file loaded for props2, should be an unknown
// FALSE NEGATIVE for unknown hash
MessageDigest bad6 = MessageDigest.getInstance(props2.getProperty("hashAlg2", "SHA-256")); // $Alert[java/quantum/unknown-hash]
// GOOD: Using a strong hashing algorithm
MessageDigest ok = MessageDigest.getInstance(props.getProperty("hashAlg2"));