hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update TimingAttack.qll

Browse Source
This commit is contained in:
Ahmed Farid
2023-02-16 14:01:29 +01:00
committed by GitHub
parent 005839b462
commit 4b3efa87dc
1 changed files with 28 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
python/ql/src/experimental/semmle/python/security/TimingAttack.qll
View File

@@ -292,6 +292,25 @@ class UserInputInComparisonConfig extends TaintTracking2::Configuration {
}
}
/**
* A configuration tracing flow from a client Secret obtained by an HTTP header to a len() function.
*/
private class ExcludeLenFunc extends TaintTracking2::Configuration {
ExcludeLenFunc() { this = "ExcludeLenFunc" }
override predicate isSource(DataFlow::Node source) { source instanceof ClientSuppliedSecret }
override predicate isSink(DataFlow::Node sink) {
exists(Call call |
call.getFunc().(Name).getId() = "len" and
sink.asExpr() = call.getArg(0)
)
}
}
/**
* Holds if there is a fast-fail check.
*/
private class CompareSink extends DataFlow::Node {
CompareSink() {
exists(Compare compare |
@@ -321,4 +340,13 @@ private class CompareSink extends DataFlow::Node {
)
)
}
/**
* Holds if there is a flow to len().
*/
predicate FlowToLen() {
exists(ExcludeLenFunc config, DataFlow2::PathNode source, DataFlow2::PathNode sink |
config.hasFlowPath(source, sink)
)
}
}