hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Crypto: Updating weak hash tests

Browse Source
This commit is contained in:
REDMOND\brodes
2025-10-16 10:56:08 -04:00
parent 4860034d41
commit d2598d4f5d
2 changed files with 3 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java
View File

@@ -30,8 +30,9 @@ public class WeakHashing {
props2.load(new FileInputStream("unobserved-file.properties"));
// BAD: "hashalg1" is not visible in the file loaded for props2
MessageDigest bad6 = MessageDigest.getInstance(props2.getProperty("hashAlg1", "SHA-256")); // $Alert[java/quantum/weak-hash]
// BAD: "hashAlg2" is not visible in the file loaded for props2, should be an unknown
// FALSE NEGATIVE for unknown hash
MessageDigest bad6 = MessageDigest.getInstance(props2.getProperty("hashAlg2", "SHA-256")); // $Alert[java/quantum/unknown-hash]
// GOOD: Using a strong hashing algorithm
MessageDigest ok = MessageDigest.getInstance(props.getProperty("hashAlg2"));