hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Crypto: InsecureIVorNonceSource now ignored null to avoid being too noisy.

Browse Source
This commit is contained in:
REDMOND\brodes
2025-10-10 14:51:16 -04:00
parent ffd191d0e1
commit d68f3cff8b
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/experimental/quantum/Examples/InsecureIVorNonceSource.ql
View File

@@ -18,6 +18,10 @@ import experimental.quantum.Language
from Crypto::NonceArtifactNode nonce, Crypto::NodeBase src, Crypto::NodeBase op, string msg
where
nonce.getSourceNode() = src and
// NOTE: null nonces should be handled seaparately, often used for default values prior to initialization
// failure to initialize should, in practice, lead to a NullPointerException, which is a separate concern
// however there may be APIs where NULL uses a default nonce or action.
not src.asElement() instanceof NullLiteral and
(
// Case 1: Any constant nonce/iv is bad, regardless of how it is used
src.asElement() instanceof Crypto::GenericConstantSourceInstance and