hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update TimingAttack.qll

Browse Source
This commit is contained in:
Ahmed Farid
2023-02-16 01:10:36 +01:00
committed by GitHub
parent 64bb022adf
commit 016136a2e3
1 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
python/ql/src/experimental/semmle/python/security/TimingAttack.qll
View File

@@ -289,3 +289,34 @@ class UserInputInComparisonConfig extends TaintTracking2::Configuration {
)
}
}
private class CompareSink extends DataFlow::Node {
CompareSink() {
exists(Compare compare |
(
compare.getOp(0) instanceof Eq or
compare.getOp(0) instanceof NotEq or
compare.getOp(0) instanceof In
) and
(
compare.getLeft() = this.asExpr() and
not compare.getComparator(0).(StrConst).getText() = "bearer"
or
compare.getComparator(0) = this.asExpr() and
not compare.getLeft().(StrConst).getText() = "bearer"
)
) or
exists(Compare compare |
(
compare.getOp(0) instanceof IsNot
) and
(
compare.getLeft() = this.asExpr() and
not compare.getComparator(0) instanceof None
or
compare.getComparator(0) = this.asExpr() and
not compare.getLeft() instanceof None
)
)
}
}