mirror of
https://github.com/github/codeql.git
synced 2026-02-24 10:53:49 +01:00
38 lines
1.3 KiB
Plaintext
38 lines
1.3 KiB
Plaintext
/** Provides to taint-tracking configuration to reason about the use of broken or risky cryptographic algorithms. */
|
|
|
|
import java
|
|
private import semmle.code.java.security.Encryption
|
|
private import semmle.code.java.dataflow.TaintTracking
|
|
private import semmle.code.java.security.Sanitizers
|
|
|
|
private class ShortStringLiteral extends StringLiteral {
|
|
ShortStringLiteral() { this.getValue().length() < 100 }
|
|
}
|
|
|
|
/**
|
|
* A string literal that may refer to a broken or risky cryptographic algorithm.
|
|
*/
|
|
class BrokenAlgoLiteral extends ShortStringLiteral {
|
|
BrokenAlgoLiteral() {
|
|
this.getValue().regexpMatch(getInsecureAlgorithmRegex()) and
|
|
// Exclude German and French sentences.
|
|
not this.getValue().regexpMatch(".*\\p{IsLowercase} des \\p{IsLetter}.*")
|
|
}
|
|
}
|
|
|
|
/**
|
|
* A taint-tracking configuration to reason about the use of broken or risky cryptographic algorithms.
|
|
*/
|
|
module InsecureCryptoConfig implements DataFlow::ConfigSig {
|
|
predicate isSource(DataFlow::Node n) { n.asExpr() instanceof BrokenAlgoLiteral }
|
|
|
|
predicate isSink(DataFlow::Node n) { exists(CryptoAlgoSpec c | n.asExpr() = c.getAlgoSpec()) }
|
|
|
|
predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer }
|
|
}
|
|
|
|
/**
|
|
* Taint-tracking flow for use of broken or risky cryptographic algorithms.
|
|
*/
|
|
module InsecureCryptoFlow = TaintTracking::Global<InsecureCryptoConfig>;
|