forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathBrokenCryptoAlgorithm.ql
More file actions
26 lines (24 loc) · 904 Bytes
/
BrokenCryptoAlgorithm.ql
File metadata and controls
26 lines (24 loc) · 904 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
/**
* @name Use of a broken or weak cryptographic algorithm
* @description Using broken or weak cryptographic algorithms can compromise security.
* @kind problem
* @problem.severity warning
* @security-severity 7.5
* @precision high
* @id rb/weak-cryptographic-algorithm
* @tags security
* external/cwe/cwe-327
*/
import codeql.ruby.AST
import codeql.ruby.Concepts
from Cryptography::CryptographicOperation operation, string msgPrefix
where
exists(Cryptography::CryptographicAlgorithm algorithm |
algorithm = operation.getAlgorithm() and
algorithm.isWeak() and
msgPrefix = "The cryptographic algorithm " + algorithm.getName() and
not algorithm instanceof Cryptography::HashingAlgorithm
)
or
operation.getBlockMode().isWeak() and msgPrefix = "The block mode " + operation.getBlockMode()
select operation, msgPrefix + " is broken or weak, and should not be used."