hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Make py/weak-cryptographic-algorithm a path-problem

Browse Source 
and stop using deprecated hasFlow
This commit is contained in:
Rasmus Wriedt Larsen
2020-01-21 11:57:56 +01:00
parent c5091f1ce7
commit 12bb05522a
2 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
python/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql
View File

@@ -1,7 +1,7 @@
/**
* @name Use of a broken or weak cryptographic algorithm
* @description Using broken or weak cryptographic algorithms can compromise security.
* @kind problem
* @kind path-problem
* @problem.severity warning
* @precision high
* @id py/weak-cryptographic-algorithm
@@ -9,6 +9,7 @@
* external/cwe/cwe-327
*/
import python
import semmle.python.security.Paths
import semmle.python.security.SensitiveData
import semmle.python.security.Crypto
@@ -25,7 +26,6 @@ class BrokenCryptoConfiguration extends TaintTracking::Configuration {
}
from BrokenCryptoConfiguration config, SensitiveDataSource src, WeakCryptoSink sink
where config.hasFlow(src, sink)
select sink, "Sensitive data from $@ is used in a broken or weak cryptographic algorithm.", src , src.toString()
from BrokenCryptoConfiguration config, TaintedPathSource src, TaintedPathSink sink
where config.hasFlowPath(src, sink)
select sink.getSink(), src, sink, "$@ is used in a broken or weak cryptographic algorithm.", src.getSource(), "Sensitive data"