Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 8ffd252

Browse files
Jami CogswellJami Cogswell
Jami Cogswell
authored and
Jami Cogswell
committed
add draft code to find algo type to replace tainttracking configs
1 parent d3b1a04 commit 8ffd252

4 files changed

Lines changed: 26 additions & 2 deletions

File tree

java/ql/lib/semmle/code/java/security/Encryption.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -252,6 +252,7 @@ string getASecureAlgorithmName() {
252252
"Blowfish", "ECIES" // ! Blowfish not actually secure based on https://rules.sonarsource.com/java/type/Vulnerability/RSPEC-4426 ??
253253
// ! hmm, other sources imply that it is secure...
254254
// ! also no DH here, etc.?
255+
// ! also is ECB matched with AES?
255256
]
256257
}
257258

java/ql/lib/semmle/code/java/security/InsufficientKeySizeQuery.qll

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -155,6 +155,26 @@ private predicate hasShortAESKey(MethodAccess ma, string msg) {
155155
bindingset[type]
156156
private predicate hasShortAsymmetricKeyPair(MethodAccess ma, string msg, string type) {
157157
ma.getMethod() instanceof KeyPairGeneratorInitMethod and
158+
ma.getQualifier() instanceof JavaSecurityKeyPairGenerator and
159+
ma.getQualifier().getBasicBlock() instanceof JavaSecurityKeyPairGenerator and
160+
//ma.getQualifier().getBasicBlock().getNode(2) instanceof JavaSecurityKeyPairGenerator and
161+
// ma.getQualifier()
162+
// .getBasicBlock()
163+
// .getANode()
164+
// .(JavaSecurityKeyPairGenerator)
165+
// .getAlgoSpec()
166+
// .(StringLiteral)
167+
// .getValue()
168+
// .toUpperCase() = type and
169+
//ma.getQualifier().getBasicBlock().getAPredecessor() instanceof JavaSecurityKeyPairGenerator and
170+
ma.getQualifier()
171+
.getBasicBlock()
172+
.getAPredecessor()
173+
.(JavaSecurityKeyPairGenerator)
174+
.getAlgoSpec()
175+
.(StringLiteral)
176+
.getValue()
177+
.toUpperCase() = type and
158178
// flow needed to correctly determine algorithm type and
159179
// not match to ANY asymmetric algorithm
160180
exists(

java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
* allow an attacker to compromise security.
55
* @kind path-problem
66
* @problem.severity error
7+
* @security-severity 7.5
78
* @precision high
89
* @id java/insufficient-key-size
910
* @tags security
@@ -12,10 +13,12 @@
1213

1314
import java
1415
import semmle.code.java.security.InsufficientKeySizeQuery
16+
import DataFlow::PathGraph
1517

1618
// from Expr e, string msg
1719
// where hasInsufficientKeySize(e, msg)
1820
// select e, msg
1921
from AsymmetricKeyTrackingConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
2022
where cfg.hasFlowPath(source, sink)
21-
select sink, source, sink, "The size of this RSA key should be at least 2048 bits."
23+
select sink.getNode(), source, sink, "The $@ of an asymmetric key should be at least 2048 bits.",
24+
sink.getNode(), "size"

java/ql/test/query-tests/security/CWE-326/InsufficientKeySizeTest.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ public void cryptoMethod() throws java.security.NoSuchAlgorithmException, java.s
106106
test(keysize);
107107
}
108108

109-
public void test(int keySize) throws java.security.NoSuchAlgorithmException, java.security.InvalidAlgorithmParameterException {
109+
public static void test(int keySize) throws java.security.NoSuchAlgorithmException, java.security.InvalidAlgorithmParameterException {
110110
KeyPairGenerator keyPairGen19 = KeyPairGenerator.getInstance("RSA");
111111
// BAD: Key size is less than 128
112112
keyPairGen19.initialize(keySize); // $ hasInsufficientKeySize

0 commit comments

Comments
 (0)