codeql/csharp/ql/test/query-tests/Security Features/CWE-327/InsufficientKeySize/InsufficientKeySize.cs at 5d73566859111d74982012db923fc3e94f4dadf1 · github/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
using System;
using System.Security.Cryptography;

public class InsufficientKeySize
{

    public void CryptoMethod()
    {
        // BAD: Key size is less than 128
        new RC2CryptoServiceProvider().EffectiveKeySize = 64;
        // GOOD: Key size defaults to 128
        new RC2CryptoServiceProvider();
        // GOOD: Key size is greater than 128
        new RC2CryptoServiceProvider().EffectiveKeySize = 256;

        // BAD: Key size is less than 2048.
        DSACryptoServiceProvider dsaBad = new DSACryptoServiceProvider(512);
        // GOOD: Key size defaults to 2048.
        DSACryptoServiceProvider dsaGood1 = new DSACryptoServiceProvider();
        // GOOD: Key size is greater than 2048.
        DSACryptoServiceProvider dsaGood2 = new DSACryptoServiceProvider(2048);

        // BAD: Key size is less than 2048.
        RSACryptoServiceProvider rsaBad = new RSACryptoServiceProvider(512);
        // GOOD: Key size defaults to 2048.
        RSACryptoServiceProvider rsaGood1 = new RSACryptoServiceProvider();
        // GOOD: Key size is greater than 2048.
        RSACryptoServiceProvider rsaGood2 = new RSACryptoServiceProvider(2048);
    }
}

// semmle-extractor-options: /r:System.Security.Cryptography.Csp.dll