@@ -19,60 +19,60 @@ int minimumSecureKeySize(string algo) {
1919 algo = "ECC" and result = 224
2020}
2121
22- predicate dsaRsaKeySizeArg ( FunctionObject obj , string algorithm , string arg ) {
23- exists ( ModuleObject mod | mod .attr ( _) = obj |
22+ predicate dsaRsaKeySizeArg ( FunctionValue func , string algorithm , string arg ) {
23+ exists ( ModuleValue mod | func = mod .attr ( _) |
2424 algorithm = "DSA" and
2525 (
26- mod . getName ( ) = "cryptography.hazmat.primitives.asymmetric.dsa" and arg = "key_size"
26+ mod = Module :: named ( "cryptography.hazmat.primitives.asymmetric.dsa" ) and arg = "key_size"
2727 or
28- mod . getName ( ) = "Crypto.PublicKey.DSA" and arg = "bits"
28+ mod = Module :: named ( "Crypto.PublicKey.DSA" ) and arg = "bits"
2929 or
30- mod . getName ( ) = "Cryptodome.PublicKey.DSA" and arg = "bits"
30+ mod = Module :: named ( "Cryptodome.PublicKey.DSA" ) and arg = "bits"
3131 )
3232 or
3333 algorithm = "RSA" and
3434 (
35- mod . getName ( ) = "cryptography.hazmat.primitives.asymmetric.rsa" and arg = "key_size"
35+ mod = Module :: named ( "cryptography.hazmat.primitives.asymmetric.rsa" ) and arg = "key_size"
3636 or
37- mod . getName ( ) = "Crypto.PublicKey.RSA" and arg = "bits"
37+ mod = Module :: named ( "Crypto.PublicKey.RSA" ) and arg = "bits"
3838 or
39- mod . getName ( ) = "Cryptodome.PublicKey.RSA" and arg = "bits"
39+ mod = Module :: named ( "Cryptodome.PublicKey.RSA" ) and arg = "bits"
4040 )
4141 )
4242}
4343
44- predicate ecKeySizeArg ( FunctionObject obj , string arg ) {
45- exists ( ModuleObject mod | mod .attr ( _) = obj |
46- mod . getName ( ) = "cryptography.hazmat.primitives.asymmetric.ec" and arg = "curve"
44+ predicate ecKeySizeArg ( FunctionValue func , string arg ) {
45+ exists ( ModuleValue mod | func = mod .attr ( _) |
46+ mod = Module :: named ( "cryptography.hazmat.primitives.asymmetric.ec" ) and arg = "curve"
4747 )
4848}
4949
50- int keySizeFromCurve ( ClassObject curveClass ) {
51- result = curveClass .declaredAttribute ( "key_size" ) .( NumericObject ) . intValue ( )
50+ int keySizeFromCurve ( ClassValue curveClass ) {
51+ result = curveClass .declaredAttribute ( "key_size" ) .( NumericValue ) . getIntValue ( )
5252}
5353
5454predicate algorithmAndKeysizeForCall (
5555 CallNode call , string algorithm , int keySize , ControlFlowNode keyOrigin
5656) {
57- exists ( FunctionObject func , string argname , ControlFlowNode arg |
57+ exists ( FunctionValue func , string argname , ControlFlowNode arg |
5858 arg = func .getNamedArgumentForCall ( call , argname )
5959 |
60- exists ( NumericObject key |
61- arg .refersTo ( key , keyOrigin ) and
60+ exists ( NumericValue key |
61+ arg .pointsTo ( key , keyOrigin ) and
6262 dsaRsaKeySizeArg ( func , algorithm , argname ) and
63- keySize = key .intValue ( )
63+ keySize = key .getIntValue ( )
6464 )
6565 or
66- exists ( ClassObject curve |
67- arg .refersTo ( _, curve , keyOrigin ) and
68- ecKeySizeArg ( func , argname ) and
66+ exists ( ClassValue curveClass |
6967 algorithm = "ECC" and
70- keySize = keySizeFromCurve ( curve )
68+ ecKeySizeArg ( func , argname ) and
69+ arg .pointsTo ( _, curveClass , keyOrigin ) and
70+ keySize = keySizeFromCurve ( curveClass )
7171 )
7272 )
7373}
7474
75- from CallNode call , ControlFlowNode origin , string algo , int keySize
75+ from CallNode call , string algo , int keySize , ControlFlowNode origin
7676where
7777 algorithmAndKeysizeForCall ( call , algo , keySize , origin ) and
7878 keySize < minimumSecureKeySize ( algo )
0 commit comments