hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

condense code

Browse Source
This commit is contained in:
Jami Cogswell
2022-10-12 22:18:07 -04:00
parent bcb506b637
commit e0f0d554cb
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
java/ql/lib/semmle/code/java/security/InsufficientKeySize.qll
View File

@@ -96,20 +96,22 @@ private predicate hasKeySizeInInitMethod(DataFlow::Node node, string typeFlag) {
jcaSpec instanceof JavaSecurityKeyPairGenerator and typeFlag.matches("asymmetric%")
) and
(
jcaSpec.getAlgoSpec().(StringLiteral).getValue().toUpperCase() = "AES" and
typeFlag = "symmetric"
getAlgoName(jcaSpec) = "AES" and typeFlag = "symmetric"
or
jcaSpec.getAlgoSpec().(StringLiteral).getValue().toUpperCase().matches(["RSA", "DSA", "DH"]) and
typeFlag = "asymmetric-non-ec"
getAlgoName(jcaSpec).matches(["RSA", "DSA", "DH"]) and typeFlag = "asymmetric-non-ec"
or
jcaSpec.getAlgoSpec().(StringLiteral).getValue().toUpperCase().matches("EC%") and
typeFlag = "asymmetric-ec"
getAlgoName(jcaSpec).matches("EC%") and typeFlag = "asymmetric-ec"
) and
DataFlow::localExprFlow(jcaSpec, ma.getQualifier()) and
node.asExpr() = ma.getArgument(0)
)
}
// TODO: this predicate is just a poc for more code condensing; redo this
private string getAlgoName(JavaxCryptoAlgoSpec jca) {
result = jca.getAlgoSpec().(StringLiteral).getValue().toUpperCase()
}
// TODO: rethink the predicate name; also think about whether this could/should be a class instead; or a predicate within the sink class so can do sink.predicate()...
// TODO: can prbly re-work way using the typeFlag to be better and less repetitive
private predicate hasKeySizeInSpec(DataFlow::Node node, string typeFlag) {