From 6c53c5561fffc428419ff2bceaa0a631d366e483 Mon Sep 17 00:00:00 2001
From: pepe <josef.krycha@gmail.com>
Date: Sun, 16 Jan 2022 23:57:54 +0100
Subject: [PATCH 1/2] Added detection of RSA encryption with short key

---
 ...sa-encryption-algorithm-with-short-key.yml | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 semgrep/java/java-use-of-rsa-encryption-algorithm-with-short-key.yml

diff --git a/semgrep/java/java-use-of-rsa-encryption-algorithm-with-short-key.yml b/semgrep/java/java-use-of-rsa-encryption-algorithm-with-short-key.yml
new file mode 100644
index 0000000..7ef4180
--- /dev/null
+++ b/semgrep/java/java-use-of-rsa-encryption-algorithm-with-short-key.yml
@@ -0,0 +1,22 @@
+- id: java-use-of-rsa-encryption-algorithm-with-short-key
+  message: |
+    It is not secure to use the RSA algorithm with a 1024-bit key. The minimal acceptable key length is 2048 bits.
+  languages: [ java ]
+  severity: ERROR
+  metadata:
+    vulnerability_category: weak_cryptography
+    violation_id: weak_encryption_algorithm
+    standards: [ Microsoft SDL ]
+    references:
+      - https://docs.microsoft.com/en-us/security/sdl/cryptographic-recommendations
+  patterns:
+    - pattern: |
+        $K = $C.getInstance("$RE");
+        ...
+        $K.initialize($BITS);
+    - metavariable-regex:
+        metavariable: $RE
+        regex: "(?i)^rsa$"
+    - metavariable-comparison:
+        comparison: $BITS < 2048
+        metavariable: $BITS
\ No newline at end of file

From 403d7f8a030eb694e47a8df7856e6f3ebba2db69 Mon Sep 17 00:00:00 2001
From: pepe <josef.krycha@gmail.com>
Date: Sun, 16 Jan 2022 23:58:50 +0100
Subject: [PATCH 2/2] Added detection of DES encryption

---
 .../java-use-of-des-encryption-algorithm.yml  | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 semgrep/java/java-use-of-des-encryption-algorithm.yml

diff --git a/semgrep/java/java-use-of-des-encryption-algorithm.yml b/semgrep/java/java-use-of-des-encryption-algorithm.yml
new file mode 100644
index 0000000..e6f1a21
--- /dev/null
+++ b/semgrep/java/java-use-of-des-encryption-algorithm.yml
@@ -0,0 +1,25 @@
+- id: java-use-of-des-encryption-algorithm
+  message: |
+    DES is a weak algorithm that has known attacks and can be broken. Consider using a secure algorithm such as AES.
+  languages: [ java ]
+  severity: ERROR
+  metadata:
+    vulnerability_category: weak_cryptography
+    violation_id: weak_encryption_algorithm
+    standards: [ Microsoft SDL ]
+    references:
+      - https://docs.microsoft.com/en-us/security/sdl/cryptographic-recommendations
+  patterns:
+    - pattern-either:
+        - patterns:
+            - pattern: |
+                $MD.getInstance("$RE", ...);
+            - metavariable-regex:
+                metavariable: $RE
+                regex: "(?i)^DES/.*$"
+        - patterns:
+            - pattern: |
+                $MD.getInstance("$RE", ...);
+            - metavariable-regex:
+                metavariable: $RE
+                regex: "(?i)^des$"
\ No newline at end of file