hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 21:34:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
6455e1893d5257b3efd31a4eae8d6e3e5259a8e4
codeql/java/ql/test/query-tests/security/CWE-327/semmle/tests/WeakHashing.java
Ed Minnix 6455e1893d Add more test cases
2023-12-21 22:48:08 -05:00

29 lines
1.2 KiB
Java
Raw Blame History

package test.cwe327.semmle.tests;
import java.util.Properties;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class WeakHashing {
void hashing() throws NoSuchAlgorithmException, IOException {
java.util.Properties props = new java.util.Properties();
props.load(new FileInputStream("example.properties"));
// BAD: Using a weak hashing algorithm
MessageDigest bad = MessageDigest.getInstance(props.getProperty("hashAlg1"));
// BAD: Using a weak hashing algorithm even with a secure default
MessageDigest bad2 = MessageDigest.getInstance(props.getProperty("hashAlg1", "SHA-256"));
// GOOD: Using a strong hashing algorithm
MessageDigest ok = MessageDigest.getInstance(props.getProperty("hashAlg2"));
// OK: Using a strong hashing algorithm even with a weak default
MessageDigest ok2 = MessageDigest.getInstance(props.getProperty("hashAlg2", "MD5"));
// OK: Property does not exist and default is secure
MessageDigest ok3 = MessageDigest.getInstance(props.getProperty("hashAlg3", "SHA-256"));
}
}
Reference in New Issue View Git Blame Copy Permalink