-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathHardcodedEncryptionKey.ql
More file actions
37 lines (32 loc) · 1.03 KB
/
HardcodedEncryptionKey.ql
File metadata and controls
37 lines (32 loc) · 1.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
/**
* @name Do not use hard-coded encryption keys.
* @description The .Key property or rgbKey parameter of a SymmetricAlgorithm should never be a hardcoded value.
* @kind problem
* @id cs/hardcoded-key
* @problem.severity error
* @precision high
* @tags security
*/
import csharp
import semmle.code.csharp.security.cryptography.EncryptionKeyDataFlow::EncryptionKeyDataFlow
/**
* The creation of a literal byte array.
*/
class ByteArrayLiteralSource extends KeySource {
ByteArrayLiteralSource() {
this.asExpr() = any(ArrayCreation ac |
ac.getArrayType().getElementType() instanceof ByteType and
ac.hasInitializer())
}
}
/**
* Any string literal as a source
*/
class StringLiteralSource extends KeySource {
StringLiteralSource() {
this.asExpr() instanceof StringLiteral
}
}
from SymmetricKeyTaintTrackingConfiguration keyFlow, KeySource src, SymmetricEncryptionKeySink sink
where keyFlow.hasFlow(src, sink)
select sink, "Hard-coded symmetric $@ is used in symmetric algorithm in " + sink.getDescription(), src, "key"