hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Fix model of TLS and add reference

Browse Source
This commit is contained in:
Rasmus Lerchedahl Petersen
2021-03-26 17:51:18 +01:00
parent 470b4d8658
commit 44d62df3f7
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
python/ql/src/Security/CWE-327/TlsLibraryModel.qll
View File

@@ -71,11 +71,14 @@ abstract class UnspecificContextCreation extends ContextCreation, ProtocolUnrest
override DataFlow::CfgNode getContext() { result = this }
override ProtocolVersion getUnrestriction() {
// see https://www.openssl.org/docs/man1.1.0/man3/TLS_method.html
family = "TLS" and
result in ["TLSv1", "TLSv1_1", "TLSv1_2", "TLSv1_3"]
result in ["SSLv3", "TLSv1", "TLSv1_1", "TLSv1_2", "TLSv1_3"]
or
// This can negotiate a TLS 1.3 connection (!)
// see https://docs.python.org/3/library/ssl.html#ssl-contexts
// see
// - https://docs.python.org/3/library/ssl.html#ssl-contexts
// - https://www.openssl.org/docs/man1.0.2/man3/TLSv1_method.html
family = "SSLv23" and
result in ["SSLv2", "SSLv3", "TLSv1", "TLSv1_1", "TLSv1_2", "TLSv1_3"]
}