-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathtst.js
More file actions
22 lines (13 loc) · 940 Bytes
/
tst.js
File metadata and controls
22 lines (13 loc) · 940 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
const crypto = require('crypto');
var secretText = trusted; // $ Source[js/weak-cryptographic-algorithm] - sensitive according to SensitiveActions.qll
const desCipher = crypto.createCipher('des', key);
const aesCipher = crypto.createCipher('aes-128', key);
const unknownCipher = crypto.createCipher('unknown', key);
desCipher.write(publicInfo, 'utf8', 'hex'); // OK - not secret information
desCipher.write(secretText, 'utf8', 'hex'); // $ Alert[js/weak-cryptographic-algorithm]
aesCipher.update(secretText, 'utf8', 'hex');
unknownCipher.update(secretText, 'utf8', 'hex'); // OK - unknown algorithm
desCipher.write(o.trusted, 'utf8', 'hex'); // $ Alert[js/weak-cryptographic-algorithm]
desCipher.write(password, 'utf8', 'hex'); // OK - flagged by js/insufficient-password-hash
const aesEcbCipher = crypto.createCipher('aes-128-ecb', key);
aesEcbCipher.update(secretText, 'utf8', 'hex'); // $ Alert[js/weak-cryptographic-algorithm]