Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit bd1f21f

Browse files
RasmusWLRasmusWL
committed
Python: Fix modernisation regression on py/weak-crypto-key
also fixes test code to use the right argument name
1 parent e5abfd0 commit bd1f21f

3 files changed

Lines changed: 16 additions & 9 deletions

File tree

python/ql/src/Security/CWE-326/WeakCrypto.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -63,11 +63,11 @@ predicate algorithmAndKeysizeForCall(
6363
keySize = key.getIntValue()
6464
)
6565
or
66-
exists(ClassValue curveClass |
66+
exists(Value curveClassInstance |
6767
algorithm = "ECC" and
6868
ecKeySizeArg(func, argname) and
69-
arg.pointsTo(_, curveClass, keyOrigin) and
70-
keySize = keySizeFromCurve(curveClass)
69+
arg.pointsTo(_, curveClassInstance, keyOrigin) and
70+
keySize = keySizeFromCurve(curveClassInstance.getClass())
7171
)
7272
)
7373
}

python/ql/test/query-tests/Security/CWE-326/WeakCrypto.expected

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,8 @@
11
| weak_crypto.py:67:1:67:30 | ControlFlowNode for dsa_gen_key() | Creation of an DSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:12:12:12:15 | ControlFlowNode for IntegerLiteral | 1024 |
2+
| weak_crypto.py:68:1:68:28 | ControlFlowNode for ec_gen_key() | Creation of an ECC key uses $@ bits, which is below 224 and considered breakable. | weak_crypto.py:21:11:21:33 | ControlFlowNode for FakeWeakEllipticCurve() | 160 |
23
| weak_crypto.py:69:1:69:37 | ControlFlowNode for rsa_gen_key() | Creation of an RSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:12:12:12:15 | ControlFlowNode for IntegerLiteral | 1024 |
3-
| weak_crypto.py:71:1:71:22 | ControlFlowNode for Attribute() | Creation of an DSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:12:12:12:15 | ControlFlowNode for IntegerLiteral | 1024 |
4-
| weak_crypto.py:72:1:72:22 | ControlFlowNode for Attribute() | Creation of an RSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:12:12:12:15 | ControlFlowNode for IntegerLiteral | 1024 |
4+
| weak_crypto.py:71:1:71:39 | ControlFlowNode for dsa_gen_key() | Creation of an DSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:12:12:12:15 | ControlFlowNode for IntegerLiteral | 1024 |
5+
| weak_crypto.py:72:1:72:34 | ControlFlowNode for ec_gen_key() | Creation of an ECC key uses $@ bits, which is below 224 and considered breakable. | weak_crypto.py:21:11:21:33 | ControlFlowNode for FakeWeakEllipticCurve() | 160 |
6+
| weak_crypto.py:73:1:73:46 | ControlFlowNode for rsa_gen_key() | Creation of an RSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:12:12:12:15 | ControlFlowNode for IntegerLiteral | 1024 |
7+
| weak_crypto.py:75:1:75:22 | ControlFlowNode for Attribute() | Creation of an DSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:12:12:12:15 | ControlFlowNode for IntegerLiteral | 1024 |
8+
| weak_crypto.py:76:1:76:22 | ControlFlowNode for Attribute() | Creation of an RSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:12:12:12:15 | ControlFlowNode for IntegerLiteral | 1024 |

python/ql/test/query-tests/Security/CWE-326/weak_crypto.py

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -34,9 +34,9 @@ class FakeWeakEllipticCurve:
3434
dsa_gen_key(key_size=RSA_OK, backend=default)
3535
dsa_gen_key(key_size=RSA_STRONG, backend=default)
3636
dsa_gen_key(key_size=BIG, backend=default)
37-
ec_gen_key(key_size=EC_OK, backend=default)
38-
ec_gen_key(key_size=EC_STRONG, backend=default)
39-
ec_gen_key(key_size=EC_BIG, backend=default)
37+
ec_gen_key(curve=EC_OK, backend=default)
38+
ec_gen_key(curve=EC_STRONG, backend=default)
39+
ec_gen_key(curve=EC_BIG, backend=default)
4040
rsa_gen_key(public_exponent=65537, key_size=RSA_OK, backend=default)
4141
rsa_gen_key(public_exponent=65537, key_size=RSA_STRONG, backend=default)
4242
rsa_gen_key(public_exponent=65537, key_size=BIG, backend=default)
@@ -68,6 +68,9 @@ class FakeWeakEllipticCurve:
6868
ec_gen_key(EC_WEAK, default)
6969
rsa_gen_key(65537, RSA_WEAK, default)
7070

71+
dsa_gen_key(key_size=RSA_WEAK, default)
72+
ec_gen_key(curve=EC_WEAK, default)
73+
rsa_gen_key(65537, key_size=RSA_WEAK, default)
74+
7175
DSA.generate(RSA_WEAK)
7276
RSA.generate(RSA_WEAK)
73-

0 commit comments

Comments
 (0)