Skip to content

Crypto: Add reuse nonce test for Java #20258

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 6, 2025
Merged

Crypto: Add reuse nonce test for Java #20258

merged 4 commits into from
Oct 6, 2025

Conversation

bdrodes
Copy link
Contributor

@bdrodes bdrodes commented Aug 20, 2025

Add a reuse nonce test for existing nonce reuse experimental query.

@bdrodes bdrodes requested a review from a team as a code owner August 20, 2025 17:24
@Copilot Copilot AI review requested due to automatic review settings August 20, 2025 17:24
@github-actions github-actions bot added the Java label Aug 20, 2025
Copilot
Copilot AI reviewed Aug 20, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds a test case for the experimental nonce reuse detection query in Java. The test validates the query's ability to identify cryptographic nonce reuse vulnerabilities.

  • Adds comprehensive test scenarios demonstrating both vulnerable and secure nonce usage patterns
  • Creates test infrastructure with query reference and expected results
  • Covers multiple nonce reuse patterns including cross-function reuse and same-function reuse

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File Description
Test.java Test file with various nonce usage scenarios including vulnerable reuse patterns and secure implementations
NonceReuse.qlref Query reference file pointing to the experimental nonce reuse detection query
NonceReuse.expected Expected test results defining the nonce reuse violations the query should detect

You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.

github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 20, 2025
View reviewed changes
java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.qlref
@@ -0,0 +1 @@
experimental/quantum/Analysis/ReusedNonce.ql No newline at end of file

Check warning

Code scanning / CodeQL

Query test without inline test expectations Warning test

Query test does not use inline test expectations.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have no idea what this means.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The advantage of inline expectations is that the results stay synchronized with the comments. In short, use

query: experimental/quantum/Analysis/ReusedNonce.ql
postprocess:
- utils/test/InlineExpectationsTestQuery.ql

in the qlref, and add $ Alert to all the comments that start with // BAD:.

@nicolaswill nicolaswill requested review from nicolaswill and removed request for a team October 6, 2025 13:12
@nicolaswill nicolaswill changed the title Add reuse nonce test for java Crypto: Add reuse nonce test for Java Oct 6, 2025
@nicolaswill
Copy link
Contributor

Since this is blocking further work, I have auto-formatted Test.java and will merge it in without inline test expectations. We should go through all of our cryptography test-cases, auto-format them, and add inline test expectations.

@nicolaswill nicolaswill merged commit 9e278b9 into github:main Oct 6, 2025
11 checks passed
@nicolaswill nicolaswill deleted the java_nonce_reuse_tests branch October 6, 2025 18:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@d10c d10c d10c left review comments

Copilot code review Copilot Copilot left review comments

@nicolaswill nicolaswill nicolaswill approved these changes

Assignees

No one assigned

Labels

Java

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bdrodes @nicolaswill @d10c