Skip to content

Commit ded3088

Browse files
RasmusWLRasmusWL
committed
Python/JS: Recognize SHA-3 hash functions
Official names are SHA3-224, SHA3-256, SHA3-384, SHA3-512 as per https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
1 parent 8debae1 commit ded3088

File tree

4 files changed

+30
-2
lines changed

4 files changed

+30
-2
lines changed

javascript/ql/lib/semmle/javascript/security/CryptoAlgorithms.qll

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,11 @@ private module AlgorithmNames {
2828
name = "SHA256" or
2929
name = "SHA384" or
3030
name = "SHA512" or
31-
name = "SHA3"
31+
name = "SHA3" or
32+
name = "SHA3224" or
33+
name = "SHA3256" or
34+
name = "SHA3384" or
35+
name = "SHA3512"
3236
}
3337

3438
predicate isWeakHashingAlgorithm(string name) {

python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,11 @@ private module AlgorithmNames {
2828
name = "SHA256" or
2929
name = "SHA384" or
3030
name = "SHA512" or
31-
name = "SHA3"
31+
name = "SHA3" or
32+
name = "SHA3224" or
33+
name = "SHA3256" or
34+
name = "SHA3384" or
35+
name = "SHA3512"
3236
}
3337

3438
predicate isWeakHashingAlgorithm(string name) {

python/ql/test/library-tests/frameworks/crypto/test_sha3.py

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
from Crypto.Hash import SHA3_224
2+
3+
hasher = SHA3_224.new(b"secret message") # $ CryptographicOperation CryptographicOperationInput=b"secret message" CryptographicOperationAlgorithm=SHA3224
4+
print(hasher.hexdigest())
5+
6+
7+
hasher = SHA3_224.new() # $ CryptographicOperation CryptographicOperationAlgorithm=SHA3224
8+
hasher.update(b"secret") # $ CryptographicOperation CryptographicOperationInput=b"secret" CryptographicOperationAlgorithm=SHA3224
9+
hasher.update(b" message") # $ CryptographicOperation CryptographicOperationInput=b" message" CryptographicOperationAlgorithm=SHA3224
10+
print(hasher.hexdigest())

python/ql/test/library-tests/frameworks/cryptodome/test_sha3.py

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
from Cryptodome.Hash import SHA3_224
2+
3+
hasher = SHA3_224.new(b"secret message") # $ CryptographicOperation CryptographicOperationInput=b"secret message" CryptographicOperationAlgorithm=SHA3224
4+
print(hasher.hexdigest())
5+
6+
7+
hasher = SHA3_224.new() # $ CryptographicOperation CryptographicOperationAlgorithm=SHA3224
8+
hasher.update(b"secret") # $ CryptographicOperation CryptographicOperationInput=b"secret" CryptographicOperationAlgorithm=SHA3224
9+
hasher.update(b" message") # $ CryptographicOperation CryptographicOperationInput=b" message" CryptographicOperationAlgorithm=SHA3224
10+
print(hasher.hexdigest())

0 commit comments

Comments
 (0)