update tests for non-path version

2026-04-30 11:15:13 +02:00 · 2022-10-10 10:13:28 -04:00
parent b0af9f936c
commit f5a2fef7a3
2 changed files with 21 additions and 7 deletions
--- a/java/ql/lib/semmle/code/java/security/InsufficientKeySizeQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/InsufficientKeySizeQuery.qll
@@ -60,7 +60,7 @@ class AsymmetricKeyTrackingConfiguration extends TaintTracking2::Configuration {
 //   msg = "Key size should be at least 2048 bits for " + "___" + " encryption."
 // }
 /**
- * Asymmetric (RSA, DSA, DH) key length data flow tracking configuration.
+ * Asymmetric (EC) key length data flow tracking configuration.
 */
 class AsymmetricECCKeyTrackingConfiguration extends TaintTracking2::Configuration {
  AsymmetricECCKeyTrackingConfiguration() { this = "AsymmetricECCKeyTrackingConfiguration" }
--- a/java/ql/test/query-tests/security/CWE-326/InsufficientKeySizeTest.ql
+++ b/java/ql/test/query-tests/security/CWE-326/InsufficientKeySizeTest.ql
@@ -7,15 +7,29 @@ class InsufficientKeySizeTest extends InlineExpectationsTest {

  override string getARelevantTag() { result = "hasInsufficientKeySize" }

+  // * Path-problem
+  // override predicate hasActualResult(Location location, string element, string tag, string value) {
+  //   tag = "hasInsufficientKeySize" and
+  //   exists(DataFlow::PathNode source, DataFlow::PathNode sink |
+  //     exists(AsymmetricKeyTrackingConfiguration config1 | config1.hasFlowPath(source, sink)) or
+  //     exists(AsymmetricECCKeyTrackingConfiguration config2 | config2.hasFlowPath(source, sink)) or
+  //     exists(SymmetricKeyTrackingConfiguration config2 | config2.hasFlowPath(source, sink))
+  //   |
+  //     sink.getNode().getLocation() = location and
+  //     element = sink.getNode().toString() and
+  //     value = ""
+  //   )
+  // }
+  // * Not path-problem
  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "hasInsufficientKeySize" and
-    exists(DataFlow::PathNode source, DataFlow::PathNode sink |
-      exists(AsymmetricKeyTrackingConfiguration config1 | config1.hasFlowPath(source, sink)) or
-      exists(AsymmetricECCKeyTrackingConfiguration config2 | config2.hasFlowPath(source, sink)) or
-      exists(SymmetricKeyTrackingConfiguration config2 | config2.hasFlowPath(source, sink))
+    exists(DataFlow::Node source, DataFlow::Node sink |
+      exists(AsymmetricKeyTrackingConfiguration config1 | config1.hasFlow(source, sink)) or
+      exists(AsymmetricECCKeyTrackingConfiguration config2 | config2.hasFlow(source, sink)) or
+      exists(SymmetricKeyTrackingConfiguration config3 | config3.hasFlow(source, sink))
    |
-      sink.getNode().getLocation() = location and
-      element = sink.getNode().toString() and
+      sink.getLocation() = location and
+      element = sink.toString() and
      value = ""
    )
  }