hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 01:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
a9449cc99183003883f6ec6375974d4382aecbff
codeql/java/ql/test/query-tests/security/CWE-327/semmle/tests/Test.java

87 lines
2.6 KiB
Java
Raw Blame History

// Semmle test case for CWE-327: Use of a Broken or Risky Cryptographic Algorithm
// http://cwe.mitre.org/data/definitions/327.html
package test.cwe327.semmle.tests;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.security.*;
class Test {
public void test() {
try {
String input = "ABCDEFG123456";
KeyGenerator keyGenerator;
SecretKeySpec secretKeySpec;
Cipher cipher;
{
// BAD: DES is a weak algorithm
keyGenerator = KeyGenerator.getInstance("DES");
}
// GOOD: RSA is a strong algorithm
// NB: in general the algorithms used in the various stages must be
// the same, but for testing purposes we will vary them
keyGenerator = KeyGenerator.getInstance("RSA");
/* Perform initialization of KeyGenerator */
keyGenerator.init(112);
SecretKey secretKey = keyGenerator.generateKey();
byte[] byteKey = secretKey.getEncoded();
{
// BAD: foo is an unknown algorithm that may not be secure
secretKeySpec = new SecretKeySpec(byteKey, "foo");
}
// GOOD: GCM is a strong algorithm
secretKeySpec = new SecretKeySpec(byteKey, "GCM");
{
// BAD: RC2 is a weak algorithm
cipher = Cipher.getInstance("RC2");
}
// GOOD: ECIES is a strong algorithm
cipher = Cipher.getInstance("ECIES");
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);
byte[] encrypted = cipher.doFinal(input.getBytes("UTF-8"));
KeyPairGenerator keyPairGenerator;
// GOOD: EC is a secure algorithm for key pair generation
keyPairGenerator = KeyPairGenerator.getInstance("EC");
// GOOD: ECDSA is a secure algorithm for digital signatures
Signature ecdsaSig = Signature.getInstance("ECDSA");
// GOOD: ECDH is a secure algorithm for key agreement
KeyAgreement ecdhKa = KeyAgreement.getInstance("ECDH");
// GOOD: EdDSA is a secure algorithm (Edwards-curve Digital Signature Algorithm)
keyPairGenerator = KeyPairGenerator.getInstance("EdDSA");
// GOOD: Ed25519 is a secure algorithm
keyPairGenerator = KeyPairGenerator.getInstance("Ed25519");
// GOOD: Ed448 is a secure algorithm
keyPairGenerator = KeyPairGenerator.getInstance("Ed448");
// GOOD: XDH is a secure algorithm for key agreement
keyPairGenerator = KeyPairGenerator.getInstance("XDH");
// GOOD: X25519 is a secure algorithm for key agreement
keyPairGenerator = KeyPairGenerator.getInstance("X25519");
// GOOD: X448 is a secure algorithm for key agreement
keyPairGenerator = KeyPairGenerator.getInstance("X448");
// GOOD: SHA256withECDSA is a secure signature algorithm
Signature sha256Ecdsa = Signature.getInstance("SHA256withECDSA");
} catch (Exception e) {
// fail
}
}
}
Reference in New Issue View Git Blame Copy Permalink