hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 04:43:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Give reason why crypto algorithm is insecure

Browse Source
This commit is contained in:
Owen Mansel-Chan
2024-11-29 11:18:36 +00:00
parent bcb7901758
commit e6409e159f
8 changed files with 63 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
View File

@@ -18,10 +18,11 @@ import InsecureCryptoFlow::PathGraph
from
InsecureCryptoFlow::PathNode source, InsecureCryptoFlow::PathNode sink, CryptoAlgoSpec spec,
BrokenAlgoLiteral algo
BrokenAlgoLiteral algo, string reason
where
sink.getNode().asExpr() = spec.getAlgoSpec() and
source.getNode().asExpr() = algo and
reason = getInsecureAlgorithmReason(algo.getValue()) and
InsecureCryptoFlow::flowPath(source, sink)
select spec, source, sink, "Cryptographic algorithm $@ is weak and should not be used.", algo,
select spec, source, sink, "Cryptographic algorithm $@ is insecure. " + reason, algo,
algo.getValue()