Skip to content

Pull request for 10 rules ESS-ENN #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 37 commits into from
Sep 13, 2024
Merged

Pull request for 10 rules ESS-ENN #5

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
4208c3d
insecure-biometrics-swift
ESS-ENN Sep 5, 2024
2d4ea63
plaintext-http-link-html
ESS-ENN Sep 5, 2024
586888d
desede-is-deprecated-java
ESS-ENN Sep 5, 2024
9015c09
desede-is-deprecated-kotlin
ESS-ENN Sep 5, 2024
68be70d
sizeof-this-c
ESS-ENN Sep 5, 2024
3d453a8
cbc-padding-oracle-java
ESS-ENN Sep 5, 2024
e7b4680
no-null-cipher-java
ESS-ENN Sep 5, 2024
1ba2958
rsa-no-padding-java
ESS-ENN Sep 5, 2024
f182a4b
changed folder position of no-null-cipher-java
ESS-ENN Sep 5, 2024
ac0edaa
rsa-padding-set-scala
ESS-ENN Sep 5, 2024
650b88b
xmlinputfactory-dtd-enabled-scala
ESS-ENN Sep 5, 2024
b0c6e4e
Incorporated changes suggested by CodeRabbit Bot
ESS-ENN Sep 6, 2024
bd0bc1d
httponly-false-csharp
ESS-ENN Sep 6, 2024
5507b0a
reqwest-accept-invalid-rust
ESS-ENN Sep 6, 2024
456f431
libxml2-audit-parser-c
ESS-ENN Sep 6, 2024
30f9ae3
libxml2-audit-parser-cpp
ESS-ENN Sep 7, 2024
0970f4f
oracleconnectionstringbuilder-hardcoded-secret-csharp
ESS-ENN Sep 9, 2024
081bad0
ecb-cipher-java
ESS-ENN Sep 9, 2024
bec0b7e
Changed severity for 3 rules as suggested by Bot
ESS-ENN Sep 10, 2024
472fa36
use-of-weak-rsa-key-java
ESS-ENN Sep 10, 2024
5fea8a2
unencrypted-socket-java
ESS-ENN Sep 10, 2024
a85cbfb
use-of-weak-rsa-key-kotlin
ESS-ENN Sep 10, 2024
22b3dca
removing oracleconnectionstringbuilder-hardcoded-secret-csharp
ESS-ENN Sep 12, 2024
090e6af
use-of-md5-digest-utils-java
ESS-ENN Sep 12, 2024
fc5f3a1
weak-ssl-context-java
ESS-ENN Sep 12, 2024
bf350e6
use-of-rc4-java
ESS-ENN Sep 12, 2024
85c6f95
system-setproperty-hardcoded-secret-java
ESS-ENN Sep 12, 2024
07abf42
rsa-no-padding-kotlin
ESS-ENN Sep 12, 2024
126ec00
des-is-deprecated-java
ESS-ENN Sep 12, 2024
b62d49a
des-is-deprecated-kotlin
ESS-ENN Sep 12, 2024
ae12535
Made changes as per suggestions of coderabbit ai bot
ESS-ENN Sep 13, 2024
1326f4c
use-of-md5-java
ESS-ENN Sep 13, 2024
d26328d
use-of-sha1-java
ESS-ENN Sep 13, 2024
57c1edb
system-setproperty-hardcoded-secret-kotlin
ESS-ENN Sep 13, 2024
b679216
use-of-aes-ecb-java
ESS-ENN Sep 13, 2024
6ff4438
use-of-blowfish-java
ESS-ENN Sep 13, 2024
66dff6f
Update of use-of-md5-java
ESS-ENN Sep 13, 2024
File filter

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
use-of-weak-rsa-key-java
  • Loading branch information
@ESS-ENN
ESS-ENN committed Sep 10, 2024
commit 472fa36a7632c5aa69745baf3c244680170940ae
16 changes: 16 additions & 0 deletions rules/java/security/use-of-weak-rsa-key-java.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
id: use-of-weak-rsa-key-java
language: java
severity: warning
message: >-
RSA keys should be at least 2048 bits based on NIST recommendation.
note: >-
[CWE-326] Inadequate Encryption Strength.
[REFERENCES]
- https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#algorithms
rule:
pattern: |
$KEY.initialize($AST)
follows: KeyPairGenerator $KEY = $G.getInstance("RSA");
constraints:
AST:
regex: '^(-?(0|[1-9][0-9]?|[1-9][0-9]{2}|1[0-9]{3}|20[0-3][0-9]|204[0-7])(\.[0-9]+)?|0|-[1-9][0-9]*|-[1-9][0-9]{2,}|-1[0-9]{3}|-20[0-3][0-9]|-204[0-7])$'
34 changes: 34 additions & 0 deletions tests/__snapshots__/use-of-weak-rsa-key-java-snapshot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
id: use-of-weak-rsa-key-java
snapshots:
? |
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(-512);
: labels:
- source: keyGen.initialize(-512)
style: primary
start: 63
end: 86
? |
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(512);
: labels:
- source: keyGen.initialize(512)
style: primary
start: 63
end: 85
? |
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(512.0);
: labels:
- source: keyGen.initialize(512.0)
style: primary
start: 63
end: 87
? |
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(512.09);
: labels:
- source: keyGen.initialize(512.09)
style: primary
start: 63
end: 88
18 changes: 18 additions & 0 deletions tests/java/use-of-weak-rsa-key-java-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
id: use-of-weak-rsa-key-java
valid:
- |
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(2048);
invalid:
- |
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(512);
- |
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(-512);
- |
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(512.09);
- |
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(512.0);