ruby.lang.security.insufficient-rsa-key-size.insufficient-rsa-key-size
semgrep
Author
unknown
Download Count*
License
The RSA key size $SIZE is insufficent by NIST standards. It is recommended to use a key length of 2048 or higher.
Run Locally
Run in CI
Defintion
rules:
- id: insufficient-rsa-key-size
message: The RSA key size $SIZE is insufficent by NIST standards. It is
recommended to use a key length of 2048 or higher.
languages:
- ruby
severity: WARNING
metadata:
technology:
- ruby
category: security
references:
- https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf
cwe:
- "CWE-326: Inadequate Encryption Strength"
owasp:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
subcategory:
- vuln
likelihood: HIGH
impact: MEDIUM
confidence: HIGH
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Cryptographic Issues
patterns:
- pattern-either:
- pattern: OpenSSL::PKey::RSA.generate($SIZE,...)
- pattern: OpenSSL::PKey::RSA.new($SIZE, ...)
- patterns:
- pattern-either:
- patterns:
- pattern-inside: |
$ASSIGN = $SIZE
...
- pattern-either:
- pattern: OpenSSL::PKey::RSA.new($ASSIGN, ...)
- pattern: OpenSSL::PKey::RSA.generate($ASSIGN, ...)
- patterns:
- pattern-inside: |
def $METHOD1(...)
...
$ASSIGN = $SIZE
...
end
...
- pattern-either:
- pattern: OpenSSL::PKey::RSA.new($ASSIGN, ...)
- pattern: OpenSSL::PKey::RSA.generate($ASSIGN, ...)
- metavariable-comparison:
metavariable: $SIZE
comparison: $SIZE < 2048
Examples
insufficient-rsa-key-size.rb
class Test
$key = 512
$pass1 = 2048
def initialize(key = nil, iv = nil)
@key2 = 512
@pass2 = 2048
# ruleid: insufficient-rsa-key-size
OpenSSL::PKey::RSA.new(@key2)
# ruleid: insufficient-rsa-key-size
OpenSSL::PKey::RSA.new 512
bad
bad1
ok
end
def bad
# ruleid: insufficient-rsa-key-size
key = OpenSSL::PKey::RSA.new($key)
end
def bad1
# ruleid: insufficient-rsa-key-size
key = OpenSSL::PKey::RSA.new(@key2)
end
def ok
# ok: insufficient-rsa-key-size
key = OpenSSL::PKey::RSA.new($pass1)
# ok: insufficient-rsa-key-size
key = OpenSSL::PKey::RSA.new(@pass2)
# ok: insufficient-rsa-key-size
key = OpenSSL::PKey::RSA.new(2048)
end
end
Short Link: https://sg.run/O4Re