Skip to content

Commit b6820c3

Browse files
author
Sakshis
committed
use-of-weak-rsa-key-go
1 parent 9d4c5fa commit b6820c3

File tree

3 files changed

+128
-0
lines changed

3 files changed

+128
-0
lines changed

rules/java/security/use-of-weak-rsa-key-go.yml

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
id: use-of-weak-rsa-key-go
2+
language: go
3+
severity: warning
4+
message: >-
5+
RSA keys should be at least 2048 bits.
6+
note: >-
7+
[CWE-326] Inadequate Encryption Strength.
8+
[REFERENCES]
9+
- https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#algorithms
10+
utils:
11+
statement_match_pattern_one:
12+
kind: expression_list
13+
all:
14+
- has:
15+
stopBy: end
16+
kind: selector_expression
17+
pattern: $JWT
18+
- has:
19+
stopBy: end
20+
kind: argument_list
21+
- has:
22+
stopBy: end
23+
any:
24+
- kind: float_literal
25+
pattern: $BITS
26+
- kind: int_literal
27+
pattern: $BITS
28+
rule:
29+
kind: expression_list
30+
any:
31+
- matches: statement_match_pattern_one
32+
constraints:
33+
JWT:
34+
regex: (rsa.GenerateMultiPrimeKey|rsa.GenerateKey)
35+
36+
BITS:
37+
regex: ^(-?(0|[1-9][0-9]{0,2}|1[0-9]{3}|20[0-3][0-9]|204[0-7])(\.[0-9]+)?|0|-[1-9][0-9]*|-[1-9][0-9]{2,}|-1[0-9]{3}|-20[0-3][0-9]|-204[0-7])$

tests/__snapshots__/use-of-weak-rsa-key-go-snapshot.yml

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,78 @@
1+
id: use-of-weak-rsa-key-go
2+
snapshots:
3+
? |
4+
pvk, err := rsa.GenerateKey(rand.Reader, -1929)
5+
: labels:
6+
- source: rsa.GenerateKey(rand.Reader, -1929)
7+
style: primary
8+
start: 12
9+
end: 47
10+
- source: rsa.GenerateKey
11+
style: secondary
12+
start: 12
13+
end: 27
14+
- source: (rand.Reader, -1929)
15+
style: secondary
16+
start: 27
17+
end: 47
18+
- source: '1929'
19+
style: secondary
20+
start: 42
21+
end: 46
22+
? |
23+
pvk, err := rsa.GenerateKey(rand.Reader, 102.5)
24+
: labels:
25+
- source: rsa.GenerateKey(rand.Reader, 102.5)
26+
style: primary
27+
start: 12
28+
end: 47
29+
- source: rsa.GenerateKey
30+
style: secondary
31+
start: 12
32+
end: 27
33+
- source: (rand.Reader, 102.5)
34+
style: secondary
35+
start: 27
36+
end: 47
37+
- source: '102.5'
38+
style: secondary
39+
start: 41
40+
end: 46
41+
? |
42+
pvk, err := rsa.GenerateKey(rand.Reader, 1025)
43+
: labels:
44+
- source: rsa.GenerateKey(rand.Reader, 1025)
45+
style: primary
46+
start: 12
47+
end: 46
48+
- source: rsa.GenerateKey
49+
style: secondary
50+
start: 12
51+
end: 27
52+
- source: (rand.Reader, 1025)
53+
style: secondary
54+
start: 27
55+
end: 46
56+
- source: '1025'
57+
style: secondary
58+
start: 41
59+
end: 45
60+
? |
61+
pvk, err := rsa.GenerateKey(rand.Reader, 192)
62+
: labels:
63+
- source: rsa.GenerateKey(rand.Reader, 192)
64+
style: primary
65+
start: 12
66+
end: 45
67+
- source: rsa.GenerateKey
68+
style: secondary
69+
start: 12
70+
end: 27
71+
- source: (rand.Reader, 192)
72+
style: secondary
73+
start: 27
74+
end: 45
75+
- source: '192'
76+
style: secondary
77+
start: 41
78+
end: 44

tests/java/use-of-weak-rsa-key-go-test.yml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
id: use-of-weak-rsa-key-go
2+
valid:
3+
- |
4+
rsa.GenerateKey(rand.Reader, 2048)
5+
invalid:
6+
- |
7+
pvk, err := rsa.GenerateKey(rand.Reader, 1025)
8+
- |
9+
pvk, err := rsa.GenerateKey(rand.Reader, -1929)
10+
- |
11+
pvk, err := rsa.GenerateKey(rand.Reader, 102.5)
12+
- |
13+
pvk, err := rsa.GenerateKey(rand.Reader, 192)

0 commit comments

Comments
 (0)