Crypto: Add reuse nonce test for Java#20258
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR adds a test case for the experimental nonce reuse detection query in Java. The test validates the query's ability to identify cryptographic nonce reuse vulnerabilities.
- Adds comprehensive test scenarios demonstrating both vulnerable and secure nonce usage patterns
- Creates test infrastructure with query reference and expected results
- Covers multiple nonce reuse patterns including cross-function reuse and same-function reuse
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| Test.java | Test file with various nonce usage scenarios including vulnerable reuse patterns and secure implementations |
| NonceReuse.qlref | Query reference file pointing to the experimental nonce reuse detection query |
| NonceReuse.expected | Expected test results defining the nonce reuse violations the query should detect |
You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -0,0 +1 @@ | |||
| experimental/quantum/Analysis/ReusedNonce.ql No newline at end of file | |||
Check warning
Code scanning / CodeQL
Query test without inline test expectations Warning test
There was a problem hiding this comment.
I have no idea what this means.
There was a problem hiding this comment.
The advantage of inline expectations is that the results stay synchronized with the comments. In short, use
query: experimental/quantum/Analysis/ReusedNonce.ql
postprocess:
- utils/test/InlineExpectationsTestQuery.qlin the qlref, and add $ Alert to all the comments that start with // BAD:.
nicolaswill
changed the title
|
Since this is blocking further work, I have auto-formatted |
Add a reuse nonce test for existing nonce reuse experimental query.