hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Crypto: Fixed bug in WeakSymmetricCipher.qll, forgot to not only filter if !=AES but the algorithm must still be a SymmetriCipher algorithm.

Browse Source
This commit is contained in:
REDMOND\brodes
2025-10-24 08:16:22 -04:00
parent 8c277bd1d9
commit ed492c7d5a
3 changed files with 20 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.qll
View File

@@ -8,7 +8,8 @@ predicate isUnapprovedSymmetricCipher(Crypto::KeyOperationAlgorithmNode alg, str
exists(KeyOpAlg::AlgorithmType algType |
algType = alg.getAlgorithmType() and
msg = "Use of unapproved symmetric cipher algorithm or API: " + algType.toString() + "." and
algType != KeyOpAlg::TSymmetricCipher(KeyOpAlg::AES())
algType != KeyOpAlg::TSymmetricCipher(KeyOpAlg::AES()) and
algType instanceof KeyOpAlg::TSymmetricCipher
)
// NOTE: an org could decide to disallow very specific algorithms as well, shown below
// (