diff --git a/lib/brakeman/checks/check_weak_rsa_key.rb b/lib/brakeman/checks/check_weak_rsa_key.rb index 134d516959..ef54e562df 100644 --- a/lib/brakeman/checks/check_weak_rsa_key.rb +++ b/lib/brakeman/checks/check_weak_rsa_key.rb @@ -43,8 +43,8 @@ def check_key_size result end end - PKCS1_PADDING = s(:const, :PKCS1_PADDING).freeze - NO_PADDING = s(:const, :NO_PADDING).freeze + PKCS1_PADDING = s(:colon2, s(:colon2, s(:colon2, s(:const, :OpenSSL), :PKey), :RSA), :PKCS1_PADDING).freeze + NO_PADDING = s(:colon2, s(:colon2, s(:colon2, s(:const, :OpenSSL), :PKey), :RSA), :NO_PADDING).freeze def check_padding result return unless original? result diff --git a/test/apps/rails7/lib/some_lib.rb b/test/apps/rails7/lib/some_lib.rb index 5b4846a58b..b9c98d7e75 100644 --- a/test/apps/rails7/lib/some_lib.rb +++ b/test/apps/rails7/lib/some_lib.rb @@ -7,9 +7,9 @@ def some_rsa_encrypting def some_more_rsa_padding_modes public_key = OpenSSL::PKey::RSA.new("grab the public 4096 bit key") - public_key.public_decrypt(data, PKCS1_PADDING) - public_key.private_encrypt(data, NO_PADDING) - public_key.private_encrypt(data, SSLV23_PADDING) + public_key.public_decrypt(data, OpenSSL::PKey::RSA::PKCS1_PADDING) + public_key.private_encrypt(data, OpenSSL::PKey::RSA::NO_PADDING) + public_key.private_encrypt(data, OpenSSL::PKey::RSA::SSLV23_PADDING) end def small_rsa_keys diff --git a/test/tests/rails7.rb b/test/tests/rails7.rb index b9af72f255..9d6dc7b4a0 100644 --- a/test/tests/rails7.rb +++ b/test/tests/rails7.rb @@ -132,28 +132,28 @@ def test_weak_cryptography_5 assert_warning check_name: "WeakRSAKey", type: :warning, warning_code: 126, - fingerprint: "aa734fa685d04ea9e8519785123aa8a5342342b86aa77a363bcd2754b951433b", + fingerprint: "c8a3c3c409f64eae926ce9b60d85d243f86bc8448d1ba7b5880f192eb54089d7", warning_type: "Weak Cryptography", line: 10, - message: /^Use\ of\ padding\ mode\ PKCS1\ \(defa/, + message: /^Use\ of\ padding\ mode\ PKCS1\ \(default\ if\ no/, confidence: 0, relative_path: "lib/some_lib.rb", - code: s(:call, s(:call, s(:colon2, s(:colon2, s(:const, :OpenSSL), :PKey), :RSA), :new, s(:str, "grab the public 4096 bit key")), :public_decrypt, s(:call, nil, :data), s(:const, :PKCS1_PADDING)), - user_input: s(:const, :PKCS1_PADDING) + code: s(:call, s(:call, s(:colon2, s(:colon2, s(:const, :OpenSSL), :PKey), :RSA), :new, s(:str, "grab the public 4096 bit key")), :public_decrypt, s(:call, nil, :data), s(:colon2, s(:colon2, s(:colon2, s(:const, :OpenSSL), :PKey), :RSA), :PKCS1_PADDING)), + user_input: s(:colon2, s(:colon2, s(:colon2, s(:const, :OpenSSL), :PKey), :RSA), :PKCS1_PADDING) end - def test_weak_cryptography_6 + def test_weak_cryptography_6 assert_warning check_name: "WeakRSAKey", type: :warning, warning_code: 127, - fingerprint: "7a65fbcb29780f39bc03dfe6db0ed9959710180e705393e915bbee915c240751", + fingerprint: "47462db72333e2287d0b3670295f875700e85f516b4276ec5acf2f99f3809b04", warning_type: "Weak Cryptography", line: 11, message: /^No\ padding\ mode\ used\ for\ RSA\ key\.\ A\ safe/, confidence: 0, relative_path: "lib/some_lib.rb", - code: s(:call, s(:call, s(:colon2, s(:colon2, s(:const, :OpenSSL), :PKey), :RSA), :new, s(:str, "grab the public 4096 bit key")), :private_encrypt, s(:call, nil, :data), s(:const, :NO_PADDING)), - user_input: s(:const, :NO_PADDING) + code: s(:call, s(:call, s(:colon2, s(:colon2, s(:const, :OpenSSL), :PKey), :RSA), :new, s(:str, "grab the public 4096 bit key")), :private_encrypt, s(:call, nil, :data), s(:colon2, s(:colon2, s(:colon2, s(:const, :OpenSSL), :PKey), :RSA), :NO_PADDING)), + user_input: s(:colon2, s(:colon2, s(:colon2, s(:const, :OpenSSL), :PKey), :RSA), :NO_PADDING) end def test_cross_site_scripting_CVE_2022_32209_allowed_tags_initializer