Qt-Security-QSslConfigurationSetCiphers¶

Check QSslConfiguration::setCiphers

Required inputs: IR

The QSslConfiguration::setCiphers(const QString&) and QSslConfiguration::setCiphers(const QList&) methods of the Qt framework allow to set the cipher suites used for SSL/TLS connections. This rule flags all calls to these methods that use weak or insecure cipher suites. Using weak or insecure cipher suites may allow an attacker to intercept and manipulate the traffic.

Possible Messages

Key	Text	Severity	Disabled
forbiddden_call	Suspicious call to QSslConfiguration::setCiphers found.	None	False
insecure_cipher	Insecure cipher suite used in call to QSslConfiguration::setCiphers.	None	False
weak_cipher	Weak cipher suite used in call to QSslConfiguration::setCiphers.	None	False

Options¶

This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity
The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions

allow_insecure¶

allow_insecure : bool = False

If set to true, insecure ciphers will not be reported.

allow_weak¶

allow_weak : bool = False

If set to true, weak ciphers will not be reported.

allowed_ciphers¶

allowed_ciphers : set[str] = set()

A set of allowed ciphers. If this set is not empty, all ciphers not in this set will be reported as insecure or weak.

disallowed_ciphers¶

disallowed_ciphers : set[str] = set()

A set of disallowed ciphers. If this set is not empty, all ciphers in this set will be reported as insecure.

report_all¶

report_all : bool = False

If set to true, all calls to the setCiphers() methods will be reported, even if they do not use weak or insecure ciphers. This flag overrides all other flags.

Axivion Suite 7.12.0

Navigation