CodeQL library for Java
Search

Module Encryption

Provides predicates and classes relating to encryption in Java.

Import path

import semmle.code.java.security.Encryption

Imports

java

Provides all default Java QL imports.

Predicates

algorithmBlacklist

DEPRECATED: Terminology has been updated. Use getAnInsecureAlgorithmName() instead.

algorithmBlacklistRegex

DEPRECATED: Terminology has been updated. Use getInsecureAlgorithmRegex() instead.

algorithmWhitelist

DEPRECATED: Terminology has been updated. Use getASecureAlgorithmName() instead.

algorithmWhitelistRegex

DEPRECATED: Terminology has been updated. Use getSecureAlgorithmRegex() instead.

getASecureAlgorithmName

Gets the name of an algorithm that is known to be secure.

getAnInsecureAlgorithmName

Gets the name of an algorithm that is known to be insecure.

getAnInsecureHashAlgorithmName

Gets the name of a hash algorithm that is insecure if it is being used for encryption.

getInsecureAlgorithmRegex

Gets the regular expression used for matching strings that look like they contain an algorithm that is known to be insecure.

getSecureAlgorithmRegex

Gets a regular expression for matching strings that look like they contain an algorithm that is known to be secure.

hashAlgorithmBlacklist

DEPRECATED: Terminology has been updated. Use getAnInsecureHashAlgorithmName() instead.

Classes

CreateSocket
CryptoAlgoSpec

Any use of a cryptographic element that specifies an encryption algorithm. For example, methods returning ciphers, decryption methods, constructors of cipher classes, etc.

GetSocketFactory
HostnameVerifier
HostnameVerifierVerify

The verify method of the class javax.net.ssl.HostnameVerifier.

HttpsURLConnection
JavaSecurityAlgoSpec
JavaSecurityKeyPairGenerator

A method call to the Java class java.security.KeyPairGenerator.

JavaSecurityMessageDigest
JavaSecuritySignature
JavaxCryptoAlgoSpec
JavaxCryptoCipher
JavaxCryptoKeyAgreement
JavaxCryptoKeyFactory
JavaxCryptoKeyGenerator
JavaxCryptoSecretKey
KeyGenerator

The Java class javax.crypto.KeyGenerator.

KeyPairGenerator

The Java class java.security.KeyPairGenerator.

SSLClass
SSLContext
SSLSession

The javax.net.ssl.SSLSession class.

SSLSocketFactory
SetConnectionFactoryMethod
SetDefaultHostnameVerifierMethod

The setDefaultHostnameVerifier method of the class javax.net.ssl.HttpsURLConnection.

SetHostnameVerifierMethod
TrustManagerCheckMethod
X509TrustManager