Add test case

aibaars · aibaars · commit 7f84cf6d72e2 · 2024-11-22T19:02:11.000+01:00
diff --git a/java/ql/test/query-tests/security/CWE-327/semmle/tests/MaybeBrokenCryptoAlgorithm.expected b/java/ql/test/query-tests/security/CWE-327/semmle/tests/MaybeBrokenCryptoAlgorithm.expected
@@ -4,9 +4,11 @@ nodes
 | WeakHashing.java:15:55:15:83 | getProperty(...) | semmle.label | getProperty(...) |
 | WeakHashing.java:18:56:18:95 | getProperty(...) | semmle.label | getProperty(...) |
 | WeakHashing.java:21:56:21:91 | getProperty(...) | semmle.label | getProperty(...) |
+| WeakHashing.java:30:55:30:64 | "SHA3-512" | semmle.label | "SHA3-512" |
 subpaths
 #select
 | Test.java:34:21:34:53 | new SecretKeySpec(...) | Test.java:34:48:34:52 | "foo" | Test.java:34:48:34:52 | "foo" | Cryptographic algorithm $@ may not be secure, consider using a different algorithm. | Test.java:34:48:34:52 | "foo" | foo |
 | WeakHashing.java:15:29:15:84 | getInstance(...) | WeakHashing.java:15:55:15:83 | getProperty(...) | WeakHashing.java:15:55:15:83 | getProperty(...) | Cryptographic algorithm $@ may not be secure, consider using a different algorithm. | WeakHashing.java:15:55:15:83 | getProperty(...) | MD5 |
 | WeakHashing.java:18:30:18:96 | getInstance(...) | WeakHashing.java:18:56:18:95 | getProperty(...) | WeakHashing.java:18:56:18:95 | getProperty(...) | Cryptographic algorithm $@ may not be secure, consider using a different algorithm. | WeakHashing.java:18:56:18:95 | getProperty(...) | MD5 |
 | WeakHashing.java:21:30:21:92 | getInstance(...) | WeakHashing.java:21:56:21:91 | getProperty(...) | WeakHashing.java:21:56:21:91 | getProperty(...) | Cryptographic algorithm $@ may not be secure, consider using a different algorithm. | WeakHashing.java:21:56:21:91 | getProperty(...) | MD5 |
+| WeakHashing.java:30:29:30:65 | getInstance(...) | WeakHashing.java:30:55:30:64 | "SHA3-512" | WeakHashing.java:30:55:30:64 | "SHA3-512" | Cryptographic algorithm $@ may not be secure, consider using a different algorithm. | WeakHashing.java:30:55:30:64 | "SHA3-512" | SHA3-512 |
diff --git a/java/ql/test/query-tests/security/CWE-327/semmle/tests/WeakHashing.java b/java/ql/test/query-tests/security/CWE-327/semmle/tests/WeakHashing.java
@@ -25,5 +25,8 @@ void hashing() throws NoSuchAlgorithmException, IOException {
 
         // OK: Property does not exist and default is secure
         MessageDigest ok2 = MessageDigest.getInstance(props.getProperty("hashAlg3", "SHA-256"));
+
+        // GOOD: Using a strong hashing algorithm
+        MessageDigest ok3 = MessageDigest.getInstance("SHA3-512");
     }
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -25,5 +25,8 @@ void hashing() throws NoSuchAlgorithmException, IOException {`
`25`	`25`
`26`	`26`	`// OK: Property does not exist and default is secure`
`27`	`27`	`MessageDigest ok2 = MessageDigest.getInstance(props.getProperty("hashAlg3", "SHA-256"));`
	`28`	`+`
	`29`	`+ // GOOD: Using a strong hashing algorithm`
	`30`	`+ MessageDigest ok3 = MessageDigest.getInstance("SHA3-512");`
`28`	`31`	`}`
`29`		`-}`
	`32`	`+}`