coderabbitai
diff --git a/‎rules/java/security/use-of-weak-rsa-key-go.yml
Lines changed: 0 additions & 37 deletions b/‎rules/java/security/use-of-weak-rsa-key-go.yml
Lines changed: 0 additions & 37 deletions
diff --git a/‎rules/java/security/use-of-weak-rsa-key-java.yml
Lines changed: 46 additions & 0 deletions b/‎rules/java/security/use-of-weak-rsa-key-java.yml
Lines changed: 46 additions & 0 deletions
diff --git a/‎tests/__snapshots__/use-of-weak-rsa-key-go-snapshot.yml
Lines changed: 0 additions & 78 deletions b/‎tests/__snapshots__/use-of-weak-rsa-key-go-snapshot.yml
Lines changed: 0 additions & 78 deletions
diff --git a/‎tests/__snapshots__/use-of-weak-rsa-key-java-snapshot.yml
Lines changed: 98 additions & 0 deletions b/‎tests/__snapshots__/use-of-weak-rsa-key-java-snapshot.yml
Lines changed: 98 additions & 0 deletions
diff --git a/‎tests/java/use-of-weak-rsa-key-go-test.yml
Lines changed: 0 additions & 13 deletions b/‎tests/java/use-of-weak-rsa-key-go-test.yml
Lines changed: 0 additions & 13 deletions
diff --git a/‎tests/java/use-of-weak-rsa-key-java-test.yml
Lines changed: 15 additions & 0 deletions b/‎tests/java/use-of-weak-rsa-key-java-test.yml
Lines changed: 15 additions & 0 deletions
@@ -0,0 +1,46 @@
+id: use-of-weak-rsa-key-java
+language: java
+severity: warning
+message: >-
+  RSA keys should be at least 2048 bits based on NIST recommendation.
+note: >-
+  [CWE-326] Inadequate Encryption Strength.
+  [REFERENCES]
+      - https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#algorithms
+utils:
+  WeakRSA:
+    kind: expression_statement
+    all:
+      - has:
+          stopBy: neighbor                                                                          
+          kind: method_invocation
+          all:
+            - has:
+                stopBy: neighbor
+                kind: identifier
+            - has:
+                stopBy: neighbor
+                kind: identifier
+                regex: '^initialize$'
+            - has:
+                stopBy: neighbor
+                kind: argument_list
+                has:
+                  stopBy: neighbor
+                  any:
+                    - kind: decimal_integer_literal
+                      pattern: $AST
+                    - kind: decimal_floating_point_literal
+                      pattern: $AST
+                    - kind: unary_expression
+                      pattern: $AST
+      - follows:
+          stopBy: neighbor
+          pattern: KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA")
+
+rule:
+  kind: expression_statement
+  matches: WeakRSA
+constraints: 
+      AST:
+        regex: '^(-?(0|[1-9][0-9]?|[1-9][0-9]{2}|1[0-9]{3}|20[0-3][0-9]|204[0-7])(\.[0-9]+)?|0|-[1-9][0-9]*|-[1-9][0-9]{2,}|-1[0-9]{3}|-20[0-3][0-9]|-204[0-7])$'
@@ -0,0 +1,98 @@
+id: use-of-weak-rsa-key-java
+snapshots:
+  ? |
+    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+    keyGen.initialize(-512);
+  : labels:
+    - source: keyGen.initialize(-512);
+      style: primary
+      start: 63
+      end: 87
+    - source: keyGen
+      style: secondary
+      start: 63
+      end: 69
+    - source: initialize
+      style: secondary
+      start: 70
+      end: 80
+    - source: '-512'
+      style: secondary
+      start: 81
+      end: 85
+    - source: (-512)
+      style: secondary
+      start: 80
+      end: 86
+    - source: keyGen.initialize(-512)
+      style: secondary
+      start: 63
+      end: 86
+    - source: KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+      style: secondary
+      start: 0
+      end: 62
+  ? |
+    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+    keyGen.initialize(51.2);
+  : labels:
+    - source: keyGen.initialize(51.2);
+      style: primary
+      start: 63
+      end: 87
+    - source: keyGen
+      style: secondary
+      start: 63
+      end: 69
+    - source: initialize
+      style: secondary
+      start: 70
+      end: 80
+    - source: '51.2'
+      style: secondary
+      start: 81
+      end: 85
+    - source: (51.2)
+      style: secondary
+      start: 80
+      end: 86
+    - source: keyGen.initialize(51.2)
+      style: secondary
+      start: 63
+      end: 86
+    - source: KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+      style: secondary
+      start: 0
+      end: 62
+  ? |
+    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+    keyGen.initialize(512);
+  : labels:
+    - source: keyGen.initialize(512);
+      style: primary
+      start: 63
+      end: 86
+    - source: keyGen
+      style: secondary
+      start: 63
+      end: 69
+    - source: initialize
+      style: secondary
+      start: 70
+      end: 80
+    - source: '512'
+      style: secondary
+      start: 81
+      end: 84
+    - source: (512)
+      style: secondary
+      start: 80
+      end: 85
+    - source: keyGen.initialize(512)
+      style: secondary
+      start: 63
+      end: 85
+    - source: KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+      style: secondary
+      start: 0
+      end: 62
@@ -0,0 +1,15 @@
+id: use-of-weak-rsa-key-java
+valid:
+  - |
+    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+    keyGen.initialize(2048);
+invalid:
+  - |
+    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+    keyGen.initialize(512);
+  - |
+    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+    keyGen.initialize(-512);
+  - |
+    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+    keyGen.initialize(51.2);