forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathWeakSymmetricCiphers.ql
More file actions
30 lines (28 loc) · 1.07 KB
/
WeakSymmetricCiphers.ql
File metadata and controls
30 lines (28 loc) · 1.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
/**
* @name Weak symmetric ciphers
* @description Finds uses of cryptographic symmetric cipher algorithms that are unapproved or otherwise weak.
* @id java/quantum/weak-ciphers
* @kind problem
* @problem.severity error
* @precision high
* @tags external/cwe/cwe-327
* quantum
* experimental
*/
import java
import experimental.quantum.Language
import Crypto::KeyOpAlg as KeyOpAlg
from Crypto::KeyOperationAlgorithmNode alg, KeyOpAlg::AlgorithmType algType, string msg
where
algType = alg.getAlgorithmType() and
(
algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DES()) or
algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::TRIPLE_DES()) or
algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DOUBLE_DES()) or
algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC2()) or
algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC4()) or
algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::IDEA()) or
algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::BLOWFISH())
) and
msg = "Use of unapproved symmetric cipher algorithm or API: " + algType.toString() + "."
select alg, msg