CodeQL library for C/C++
codeql/cpp-all 8.0.0 (changelog, source)
Index
Search

Module Encryption

Provides predicates relating to encryption in C and C++.

Import path

import semmle.code.cpp.security.Encryption

Imports

cpp

Provides classes and predicates for working with C/C++ code.

Predicates

getASecureAlgorithmName

Gets the name of an algorithm that is known to be secure.

getAnInsecureAlgorithmName

Gets the name of an algorithm that is known to be insecure.

getAnInsecureHashAlgorithmName

Gets the name of a hash algorithm that is insecure if it is being used for encryption (but it is hard to know when that is happening).

getInsecureAlgorithmRegex

Gets the regular expression used for matching strings that look like they contain an algorithm that is known to be insecure.

getSecureAlgorithmRegex

Gets a regular expression for matching strings that look like they contain an algorithm that is known to be secure.

isEncryptionAdditionalEvidence

Holds if there is additional evidence that name looks like it might be related to operations with an encryption algorithm, besides the name of a specific algorithm. This can be used in conjunction with isInsecureEncryption to produce a stronger heuristic.

isInsecureEncryption

Holds if name looks like it might be related to operations with an insecure encryption algorithm.