Java: Update uses.

geoffw0 · geoffw0 · commit f8425b8a5867 · 2020-06-30T13:02:48.000+01:00
diff --git a/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql b/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
@@ -21,7 +21,7 @@ private class ShortStringLiteral extends StringLiteral {
 
 class BrokenAlgoLiteral extends ShortStringLiteral {
   BrokenAlgoLiteral() {
-    getValue().regexpMatch(algorithmBlacklistRegex()) and
+    getValue().regexpMatch(getInsecureAlgorithmRegex()) and
     // Exclude German and French sentences.
     not getValue().regexpMatch(".*\\p{IsLowercase} des \\p{IsLetter}.*")
   }
diff --git a/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql b/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
@@ -25,9 +25,9 @@ class InsecureAlgoLiteral extends ShortStringLiteral {
     // Algorithm identifiers should be at least two characters.
     getValue().length() > 1 and
     exists(string s | s = getLiteral() |
-      not s.regexpMatch(algorithmWhitelistRegex()) and
+      not s.regexpMatch(getSecureAlgorithmRegex()) and
       // Exclude results covered by another query.
-      not s.regexpMatch(algorithmBlacklistRegex())
+      not s.regexpMatch(getInsecureAlgorithmRegex())
     )
   }
 }
diff --git a/java/ql/src/semmle/code/java/security/Encryption.qll b/java/ql/src/semmle/code/java/security/Encryption.qll
@@ -112,7 +112,7 @@ string getAnInsecureHashAlgorithmName() {
 private string rankedAlgorithmBlacklist(int i) {
   // In this case we know these are being used for encryption, so we want to match
   // weak hash algorithms too.
-  result = rank[i](string s | s = algorithmBlacklist() or s = hashAlgorithmBlacklist())
+  result = rank[i](string s | s = getAnInsecureAlgorithmName() or s = getAnInsecureHashAlgorithmName())
 }
 
 private string algorithmBlacklistString(int i) {
@@ -144,7 +144,7 @@ string getASecureAlgorithmName() {
   result = "ECIES"
 }
 
-private string rankedAlgorithmWhitelist(int i) { result = rank[i](algorithmWhitelist()) }
+private string rankedAlgorithmWhitelist(int i) { result = rank[i](getASecureAlgorithmName()) }
 
 private string algorithmWhitelistString(int i) {
   i = 1 and result = rankedAlgorithmWhitelist(i)
diff --git a/java/ql/test/library-tests/Encryption/blacklist.ql b/java/ql/test/library-tests/Encryption/blacklist.ql
@@ -2,5 +2,5 @@ import default
 import semmle.code.java.security.Encryption
 
 from StringLiteral s
-where s.getLiteral().regexpMatch(algorithmBlacklistRegex())
+where s.getLiteral().regexpMatch(getInsecureAlgorithmRegex())
 select s
diff --git a/java/ql/test/library-tests/Encryption/whitelist.ql b/java/ql/test/library-tests/Encryption/whitelist.ql
@@ -2,5 +2,5 @@ import default
 import semmle.code.java.security.Encryption
 
 from StringLiteral s
-where s.getLiteral().regexpMatch(algorithmWhitelistRegex())
+where s.getLiteral().regexpMatch(getSecureAlgorithmRegex())
 select s

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ private class ShortStringLiteral extends StringLiteral {`
`21`	`21`
`22`	`22`	`class BrokenAlgoLiteral extends ShortStringLiteral {`
`23`	`23`	`BrokenAlgoLiteral() {`
`24`		`- getValue().regexpMatch(algorithmBlacklistRegex()) and`
	`24`	`+ getValue().regexpMatch(getInsecureAlgorithmRegex()) and`
`25`	`25`	`// Exclude German and French sentences.`
`26`	`26`	`not getValue().regexpMatch(".\\p{IsLowercase} des \\p{IsLetter}.")`
`27`	`27`	`}`
Original file line number	Diff line number	Diff line change
`@@ -25,9 +25,9 @@ class InsecureAlgoLiteral extends ShortStringLiteral {`
`25`	`25`	`// Algorithm identifiers should be at least two characters.`
`26`	`26`	`getValue().length() > 1 and`
`27`	`27`	`exists(string s \| s = getLiteral() \|`
`28`		`- not s.regexpMatch(algorithmWhitelistRegex()) and`
	`28`	`+ not s.regexpMatch(getSecureAlgorithmRegex()) and`
`29`	`29`	`// Exclude results covered by another query.`
`30`		`- not s.regexpMatch(algorithmBlacklistRegex())`
	`30`	`+ not s.regexpMatch(getInsecureAlgorithmRegex())`
`31`	`31`	`)`
`32`	`32`	`}`
`33`	`33`	`}`
Original file line number	Diff line number	Diff line change
`@@ -112,7 +112,7 @@ string getAnInsecureHashAlgorithmName() {`
`112`	`112`	`private string rankedAlgorithmBlacklist(int i) {`
`113`	`113`	`// In this case we know these are being used for encryption, so we want to match`
`114`	`114`	`// weak hash algorithms too.`
`115`		`- result = rank[i](string s \| s = algorithmBlacklist() or s = hashAlgorithmBlacklist())`
	`115`	`+ result = rank[i](string s \| s = getAnInsecureAlgorithmName() or s = getAnInsecureHashAlgorithmName())`
`116`	`116`	`}`
`117`	`117`
`118`	`118`	`private string algorithmBlacklistString(int i) {`
`@@ -144,7 +144,7 @@ string getASecureAlgorithmName() {`
`144`	`144`	`result = "ECIES"`
`145`	`145`	`}`
`146`	`146`
`147`		`-private string rankedAlgorithmWhitelist(int i) { result = rank[i](algorithmWhitelist()) }`
	`147`	`+private string rankedAlgorithmWhitelist(int i) { result = rank[i](getASecureAlgorithmName()) }`
`148`	`148`
`149`	`149`	`private string algorithmWhitelistString(int i) {`
`150`	`150`	`i = 1 and result = rankedAlgorithmWhitelist(i)`