hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Move experimental InsecureRandomness to new dataflow API

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2023-08-25 17:23:51 +02:00
parent 3bf2705668
commit 53e57dad5c
2 changed files with 12 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql
View File

@@ -14,11 +14,12 @@
*/ */
import python import python
import experimental.semmle.python.security.InsecureRandomness::InsecureRandomness import experimental.semmle.python.security.InsecureRandomness
import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.DataFlow
import DataFlow::PathGraph
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink import InsecureRandomness::Flow::PathGraph
where cfg.hasFlowPath(source, sink)
from InsecureRandomness::Flow::PathNode source, InsecureRandomness::Flow::PathNode sink
where InsecureRandomness::Flow::flowPath(source, sink)
select sink.getNode(), source, sink, "Cryptographically insecure $@ in a security context.", select sink.getNode(), source, sink, "Cryptographically insecure $@ in a security context.",
source.getNode(), "random value" source.getNode(), "random value"

17
python/ql/src/experimental/semmle/python/security/InsecureRandomness.qll
View File

@@ -21,17 +21,14 @@ module InsecureRandomness {
* A taint-tracking configuration for reasoning about random values that are * A taint-tracking configuration for reasoning about random values that are
* not cryptographically secure. * not cryptographically secure.
*/ */
class Configuration extends TaintTracking::Configuration { private module Configuration implements DataFlow::ConfigSig {
Configuration() { this = "InsecureRandomness" } predicate isSource(DataFlow::Node source) { source instanceof Source }
override predicate isSource(DataFlow::Node source) { source instanceof Source } predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
deprecated override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
guard instanceof SanitizerGuard
}
} }
/** Global taint-tracking for detecting "random values that are not cryptographically secure" vulnerabilities. */
module Flow = TaintTracking::Global<Configuration>;
} }