Python: Use consistent abbreviations in weak-crypto query message.

markshannon · markshannon · commit b3eaa46f140f · 2018-11-28T16:58:22.000Z
diff --git a/python/ql/src/Security/CWE-326/WeakCrypto.ql b/python/ql/src/Security/CWE-326/WeakCrypto.ql
@@ -16,7 +16,7 @@ int minimumSecureKeySize(string algo) {
     or
     algo = "RSA" and result = 2048
     or
-    algo = "elliptic curve" and result = 224
+    algo = "ECC" and result = 224
 }
 
 predicate dsaRsaKeySizeArg(FunctionObject obj, string algorithm, string arg) {
@@ -39,9 +39,6 @@ predicate dsaRsaKeySizeArg(FunctionObject obj, string algorithm, string arg) {
             or
             mod.getName() = "Cryptodome.PublicKey.RSA" and arg = "bits"
         )
-        or
-        algorithm = "elliptic curve" and
-        mod.getName() = "cryptography.hazmat.primitives.asymmetric.ec" and arg = "curve"
     )
 }
 
@@ -68,7 +65,7 @@ predicate algorithmAndKeysizeForCall(CallNode call, string algorithm, int keySiz
         exists(ClassObject curve |
             arg.refersTo(_, curve, keyOrigin) and
             ecKeySizeArg(func, argname) and
-            algorithm = "elliptic curve" and
+            algorithm = "ECC" and
             keySize = keySizeFromCurve(curve)
         )
     )
diff --git a/python/ql/test/query-tests/Security/CWE-326/WeakCrypto.expected b/python/ql/test/query-tests/Security/CWE-326/WeakCrypto.expected
@@ -1,5 +1,5 @@
 | weak_crypto.py:67:1:67:30 | ControlFlowNode for dsa_gen_key() | Creation of an DSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:12:12:12:15 | ControlFlowNode for IntegerLiteral | 1024 |
-| weak_crypto.py:68:1:68:28 | ControlFlowNode for ec_gen_key() | Creation of an elliptic curve key uses $@ bits, which is below 224 and considered breakable. | weak_crypto.py:21:11:21:33 | ControlFlowNode for FakeWeakEllipticCurve() | 160 |
+| weak_crypto.py:68:1:68:28 | ControlFlowNode for ec_gen_key() | Creation of an ECC key uses $@ bits, which is below 224 and considered breakable. | weak_crypto.py:21:11:21:33 | ControlFlowNode for FakeWeakEllipticCurve() | 160 |
 | weak_crypto.py:69:1:69:37 | ControlFlowNode for rsa_gen_key() | Creation of an RSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:12:12:12:15 | ControlFlowNode for IntegerLiteral | 1024 |
 | weak_crypto.py:71:1:71:22 | ControlFlowNode for Attribute() | Creation of an DSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:12:12:12:15 | ControlFlowNode for IntegerLiteral | 1024 |
 | weak_crypto.py:72:1:72:22 | ControlFlowNode for Attribute() | Creation of an RSA key uses $@ bits, which is below 2048 and considered breakable. | weak_crypto.py:12:12:12:15 | ControlFlowNode for IntegerLiteral | 1024 |

Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@ int minimumSecureKeySize(string algo) {`
`16`	`16`	`or`
`17`	`17`	`algo = "RSA" and result = 2048`
`18`	`18`	`or`
`19`		`- algo = "elliptic curve" and result = 224`
	`19`	`+ algo = "ECC" and result = 224`
`20`	`20`	`}`
`21`	`21`
`22`	`22`	`predicate dsaRsaKeySizeArg(FunctionObject obj, string algorithm, string arg) {`
`@@ -39,9 +39,6 @@ predicate dsaRsaKeySizeArg(FunctionObject obj, string algorithm, string arg) {`
`39`	`39`	`or`
`40`	`40`	`mod.getName() = "Cryptodome.PublicKey.RSA" and arg = "bits"`
`41`	`41`	`)`
`42`		`- or`
`43`		`- algorithm = "elliptic curve" and`
`44`		`- mod.getName() = "cryptography.hazmat.primitives.asymmetric.ec" and arg = "curve"`
`45`	`42`	`)`
`46`	`43`	`}`
`47`	`44`
`@@ -68,7 +65,7 @@ predicate algorithmAndKeysizeForCall(CallNode call, string algorithm, int keySiz`
`68`	`65`	`exists(ClassObject curve \|`
`69`	`66`	`arg.refersTo(_, curve, keyOrigin) and`
`70`	`67`	`ecKeySizeArg(func, argname) and`
`71`		`- algorithm = "elliptic curve" and`
	`68`	`+ algorithm = "ECC" and`
`72`	`69`	`keySize = keySizeFromCurve(curve)`
`73`	`70`	`)`
`74`	`71`	`)`