hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.23.7
codeql/javascript/ql/test/query-tests/Security/CWE-327/tst.js
Asger F 64d39da5f8 JS: Accept Sources/Sink tags
2025-02-28 13:29:30 +01:00

23 lines
940 B
JavaScript
Raw Permalink Blame History

const crypto = require('crypto');
var secretText = trusted; // $ Source[js/weak-cryptographic-algorithm] - sensitive according to SensitiveActions.qll
const desCipher = crypto.createCipher('des', key);
const aesCipher = crypto.createCipher('aes-128', key);
const unknownCipher = crypto.createCipher('unknown', key);
desCipher.write(publicInfo, 'utf8', 'hex'); // OK - not secret information
desCipher.write(secretText, 'utf8', 'hex'); // $ Alert[js/weak-cryptographic-algorithm]
aesCipher.update(secretText, 'utf8', 'hex');
unknownCipher.update(secretText, 'utf8', 'hex'); // OK - unknown algorithm
desCipher.write(o.trusted, 'utf8', 'hex'); // $ Alert[js/weak-cryptographic-algorithm]
desCipher.write(password, 'utf8', 'hex'); // OK - flagged by js/insufficient-password-hash
const aesEcbCipher = crypto.createCipher('aes-128-ecb', key);
aesEcbCipher.update(secretText, 'utf8', 'hex'); // $ Alert[js/weak-cryptographic-algorithm]
Reference in New Issue View Git Blame Copy Permalink