use-of-weak-rsa-key-kotlin

ESS-ENN · ESS-ENN · commit a85cbfbf7c8f · 2024-09-10T18:49:34.000+05:30
diff --git a/rules/kotlin/security/use-of-weak-rsa-key-kotlin.yml b/rules/kotlin/security/use-of-weak-rsa-key-kotlin.yml
@@ -0,0 +1,18 @@
+id: use-of-weak-rsa-key-kotlin
+language: kotlin
+severity: warning
+message: >-
+  RSA keys should be at least 2048 bits based on NIST recommendation
+note: >-
+  [CWE-326]: Inadequate Encryption Strength
+  [OWASP A03:2017]: Sensitive Data Exposure
+  [OWASP A02:2021]: Cryptographic Failures
+  [REFERENCES]
+      - https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#algorithms
+rule:
+  pattern: |
+    $KEY.initialize($BITS)
+follows: KEY = $G.getInstance("RSA");
+constraints:
+  BITS:
+    regex: '^(-?(0|[1-9][0-9]?|[1-9][0-9]{2}|1[0-9]{3}|20[0-3][0-9]|204[0-7])(\.[0-9]+)?|0|-[1-9][0-9]*|-[1-9][0-9]{2,}|-1[0-9]{3}|-20[0-3][0-9]|-204[0-7])$'
diff --git a/tests/__snapshots__/use-of-weak-rsa-key-kotlin-snapshot.yml b/tests/__snapshots__/use-of-weak-rsa-key-kotlin-snapshot.yml
@@ -0,0 +1,10 @@
+id: use-of-weak-rsa-key-kotlin
+snapshots:
+  ? |
+    KeyPairGenerator.getInstance("RSA")
+    keyGen.initialize(-5.12);
+  : labels:
+    - source: keyGen.initialize(-5.12)
+      style: primary
+      start: 36
+      end: 60
diff --git a/tests/kotlin/use-of-weak-rsa-key-kotlin-test.yml b/tests/kotlin/use-of-weak-rsa-key-kotlin-test.yml
@@ -0,0 +1,9 @@
+id: use-of-weak-rsa-key-kotlin
+valid:
+  - |
+    KeyPairGenerator.getInstance("RSA")
+    keyGen.initialize(2048);
+invalid:
+  - |
+    KeyPairGenerator.getInstance("RSA")
+    keyGen.initialize(-5.12);
