Update TimingAttackAgainstSensitiveInfo.ql

2025-12-21 03:06:31 +01:00 · 2022-07-26 23:53:18 +01:00
parent f35985097d
commit 0083a7fa6d
1 changed files with 1 additions and 1 deletions
--- a/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo.ql
+++ b/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo.ql
@@ -28,7 +28,7 @@ class ClientSuppliedSecretConfig extends TaintTracking::Configuration {
 }

 from ClientSuppliedSecretConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
+where 
  config.hasFlowPath(source, sink) and
  (
    source.getNode().(SecretSource).includesUserInput() or