FilesExpand file tree

 main

/

WeakCryptoKey.ql

Copy path

BlameMore file actions

BlameMore file actions

Latest commit

 

History

History

History

25 lines (23 loc) · 870 Bytes

 main

/

WeakCryptoKey.ql

Top

File metadata and controls

• Code
• Blame

25 lines (23 loc) · 870 Bytes

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

/**

* @name Use of weak cryptographic key

* @description Use of a cryptographic key that is too small may allow the encryption to be broken.

* @kind problem

* @problem.severity error

* @security-severity 7.5

* @precision high

* @id py/weak-crypto-key

* @tags security

* external/cwe/cwe-326

*/

import python

import semmle.python.Concepts

import semmle.python.dataflow.new.DataFlow

import semmle.python.filters.Tests

from Cryptography::PublicKey::KeyGeneration keyGen, int keySize, DataFlow::Node origin

where

keySize = keyGen.getKeySizeWithOrigin(origin) and

keySize < keyGen.minimumSecureKeySize() and

not origin.getScope().getScope*() instanceof TestScope

select keyGen,

"Creation of an " + keyGen.getName() + " key uses $@ bits, which is below " +

keyGen.minimumSecureKeySize() + " and considered breakable.", origin, keySize.toString()