hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

handle FN case with simple VarAccess; add draft of dataflow config to handle complex VarAccess

Browse Source
This commit is contained in:
Jami Cogswell
2022-10-04 20:46:55 -04:00
parent 7de9c05c9d
commit d3b1a04c13
3 changed files with 104 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
View File

@@ -2,7 +2,7 @@
* @name Insufficient key size used with a cryptographic algorithm
* @description Using cryptographic algorithms with too small of a key size can
* allow an attacker to compromise security.
* @kind problem
* @kind path-problem
* @problem.severity error
* @precision high
* @id java/insufficient-key-size
@@ -13,6 +13,9 @@
import java
import semmle.code.java.security.InsufficientKeySizeQuery
from Expr e, string msg
where hasInsufficientKeySize(e, msg)
select e, msg
// from Expr e, string msg
// where hasInsufficientKeySize(e, msg)
// select e, msg
from AsymmetricKeyTrackingConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
where cfg.hasFlowPath(source, sink)
select sink, source, sink, "The size of this RSA key should be at least 2048 bits."