Java: Query to detect weak encryption: insufficient key size#4926
Merged
aschackmull merged 7 commits intogithub:mainfrom Feb 3, 2021
Merged
Java: Query to detect weak encryption: insufficient key size#4926aschackmull merged 7 commits intogithub:mainfrom
aschackmull merged 7 commits intogithub:mainfrom
Conversation
smowton
reviewed
Jan 8, 2021
java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp
Outdated
Show resolved
Hide resolved
java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp
Outdated
Show resolved
Hide resolved
java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
Outdated
Show resolved
Hide resolved
java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
Outdated
Show resolved
Hide resolved
java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
Outdated
Show resolved
Hide resolved
java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
Outdated
Show resolved
Hide resolved
java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
Outdated
Show resolved
Hide resolved
java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
Outdated
Show resolved
Hide resolved
java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
Outdated
Show resolved
Hide resolved
smowton
reviewed
Jan 8, 2021
java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
Outdated
Show resolved
Hide resolved
smowton
reviewed
Jan 11, 2021
java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
Outdated
Show resolved
Hide resolved
java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
Outdated
Show resolved
Hide resolved
java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql
Outdated
Show resolved
Hide resolved
Contributor
|
OK sure that's enough factoring, running tests |
Contributor
|
Hey @luchua-bc,
|
Contributor
Author
|
@JarLob I've made requested changes. Please review. Thanks. |
smowton
reviewed
Jan 27, 2021
java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp
Outdated
Show resolved
Hide resolved
Contributor
|
Please rebase. Pinged a codeowner for final review. |
bddd738 to
ab7d257
Compare
Contributor
Author
|
Thanks @smowton. I've rebased this branch. |
aschackmull
requested changes
Feb 2, 2021
Contributor
aschackmull
left a comment
There was a problem hiding this comment.
Looks mostly good to me. Just a few comments.
java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.java
Outdated
Show resolved
Hide resolved
java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.java
Outdated
Show resolved
Hide resolved
java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.qhelp
Outdated
Show resolved
Hide resolved
Contributor
Author
|
Thanks @aschackmull for reviewing this PR. I've made requested text changes. |
aschackmull
approved these changes
Feb 3, 2021
Closed
1 task
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Strength of cryptographic algorithms depends on a sufficient key size to be robust against brute-force attacks. A theoretically sound encryption scheme with an insufficient key size can still be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.
This type of issues is categorized as CWE-326: Inadequate Encryption Strength.
This query finds uses of strong encryption algorithms (AES, DSA, RSA, and EC) with too small a key size.
Please consider to merge the PR. Thanks.