JS: Add crypto test with AES-ECB

asgerf · asgerf · commit e907d685f4c7 · 2023-03-16T14:52:18.000+01:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-327/tst.js b/javascript/ql/test/query-tests/Security/CWE-327/tst.js
@@ -17,3 +17,6 @@ unknownCipher.update(secretText, 'utf8', 'hex'); // OK: unknown algorithm
 desCipher.write(o.trusted, 'utf8', 'hex'); // BAD
 
 desCipher.write(password, 'utf8', 'hex'); // OK (flagged by js/insufficient-password-hash)
+
+const aesEcbCipher = crypto.createCipher('aes-128-ecb', key);
+aesEcbCipher.update(secretText, 'utf8', 'hex'); // BAD
