Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space CSHARP and version Publish

...

Dont print
Code Block
languageql
titleQuery: WeakEncryption.ql
collapsetrue
/**
 * @name Weak encryption
 * @description Finds uses of encryption algorithms that are weak and obsolete
 * @kind problem
 * @problem.severity warning
 * @precision high
 * @id cs/weak-encryption
 * @tags security
 *       external/cwe/cwe-327
 */

import csharp

predicate incorrectUseOfDES(ObjectCreation e, string msg) {
  e.getType().(Class).hasQualifiedName("System.Security.Cryptography", "DESCryptoServiceProvider") and
  msg =
    "DES encryption uses keys of 56 bits only. Switch to AesCryptoServiceProvider or RijndaelManaged instead."
}

predicate incorrectUseOfTripleDES(ObjectCreation e, string msg) {
  e
      .getType()
      .(Class)
      .hasQualifiedName("System.Security.Cryptography", "TripleDESCryptoServiceProvider") and
  msg =
    "TripleDES encryption provides at most 112 bits of security. Switch to AesCryptoServiceProvider or RijndaelManaged instead."
}

from Expr e, string msg
where
  incorrectUseOfDES(e, msg) or
  incorrectUseOfTripleDES(e, msg)
select e, msg

...

Htmlcomment
hiddentrue
hashconfluence_uploader_hash:7f49122ea2571874cd6c23767cbf7bbb87551dbc1ce91ff21678d5e146648b1fde050f15d403ffab