-
Notifications
You must be signed in to change notification settings - Fork 18
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
114 additions
and
0 deletions.
There are no files selected for viewing
16 changes: 16 additions & 0 deletions
16
src/test/java/de/fraunhofer/aisec/codyze/crymlin/IssueTest.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
package de.fraunhofer.aisec.codyze.crymlin | ||
|
||
import java.lang.Exception | ||
import kotlin.Throws | ||
import org.junit.jupiter.api.Test | ||
|
||
class IssueTest : AbstractMarkTest() { | ||
|
||
@Test | ||
@Throws(Exception::class) | ||
fun issue219() { | ||
val findings = performTest("issues/219/Main.java", "issues/219/") | ||
|
||
expected(findings, "line 6: Rule JCAProvider_PBEParameterSpec_2 violated") | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
import java.security.SecureRandom; | ||
|
||
public class Main { | ||
|
||
public void test() { | ||
SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG"); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
package java.jca | ||
|
||
entity PBEParameterSpec { | ||
|
||
var salt; | ||
var iterationCount; | ||
var paramSpec; | ||
|
||
op instantiate { | ||
javax.crypto.spec.PBEParameterSpec( | ||
salt : byte[], | ||
iterationCount : int | ||
); | ||
javax.crypto.spec.PBEParameterSpec( | ||
salt : byte[], | ||
iterationCount : int, | ||
paramSpec : java.security.AlgorithmParameter | ||
); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
package java.jca | ||
|
||
entity SecureRandom { | ||
|
||
var algorithm; | ||
var provider; | ||
var params; | ||
var seed; | ||
var numBytes; | ||
var randomBytes; | ||
|
||
op instantiate { | ||
java.security.SecureRandom.getInstance(algorithm : java.lang.String); | ||
java.security.SecureRandom.getInstance( | ||
algorithm : java.lang.String, | ||
provider : java.lang.String | java.security.Provider | ||
); | ||
java.security.SecureRandom.getInstance( | ||
algorithm : java.lang.String, | ||
params : java.security.SecureRandomParameters | ||
); | ||
java.security.SecureRandom.getInstance( | ||
algorithm : java.lang.String, | ||
params : java.security.SecureRandomParameters, | ||
provider : java.lang.String | java.security.Provider | ||
); | ||
java.security.SecureRandom.getInstanceStrong(); | ||
|
||
// forbidden calls because they don't respect BC as provider | ||
forbidden java.security.SecureRandom(); | ||
forbidden java.security.SecureRandom( | ||
seed : byte[] | ||
); | ||
} | ||
|
||
op seed { | ||
java.security.SecureRandom.setSeed(seed : byte[] | long); | ||
} | ||
|
||
op reseed { | ||
java.security.SecureRandom.reseed(); | ||
java.security.SecureRandom.reseed(params : java.security.SecureRandomParameters); | ||
} | ||
|
||
op generateSeed { | ||
seed = java.security.SecureRandom.generateSeed(numBytes : int); | ||
} | ||
|
||
op generate { | ||
java.security.SecureRandom.next(numBytes : int); | ||
java.security.SecureRandom.nextBytes(randomBytes : bytes[]); | ||
java.security.SecureRandom.nextBytes( | ||
randomBytes : bytes[], | ||
params : java.security.SecureRandomParameters | ||
); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
package issue_219 | ||
|
||
rule JCAProvider_PBEParameterSpec_2{ | ||
using | ||
PBEParameterSpec as pbeps, | ||
SecureRandom as sr | ||
ensure | ||
_is(pbeps.salt, sr) | ||
onfail | ||
NotRandomizedSaltPBEParameterSpec | ||
} |