mirror of
https://github.com/github/codeql.git
synced 2026-01-03 01:30:19 +01:00
25 lines
646 B
Plaintext
25 lines
646 B
Plaintext
/**
|
|
* @name Weak encryption: inadequate RSA padding
|
|
* @description Finds uses of RSA encryption with inadequate padding.
|
|
* @kind problem
|
|
* @problem.severity warning
|
|
* @security-severity 7.5
|
|
* @precision high
|
|
* @id cs/inadequate-rsa-padding
|
|
* @tags security
|
|
* external/cwe/cwe-327
|
|
* external/cwe/cwe-780
|
|
*/
|
|
|
|
import csharp
|
|
|
|
from MethodCall mc, BoolLiteral b
|
|
where
|
|
mc.getTarget().hasName("Encrypt") and
|
|
mc.getTarget()
|
|
.getDeclaringType()
|
|
.hasFullyQualifiedName("System.Security.Cryptography", "RSACryptoServiceProvider") and
|
|
mc.getArgument(1) = b and
|
|
b.getValue() = "false"
|
|
select b, "Enable RSA padding."
|