From 64bb022adfd0a58c683b440c2c017469f43fa8d4 Mon Sep 17 00:00:00 2001
From: Ahmed Farid <farid532009@gmail.com>
Date: Wed, 7 Sep 2022 11:12:53 +0100
Subject: [PATCH] Add `www-authenticate` to sensitiveheaders()

---
 .../src/experimental/semmle/python/security/TimingAttack.qll   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/python/ql/src/experimental/semmle/python/security/TimingAttack.qll b/python/ql/src/experimental/semmle/python/security/TimingAttack.qll
index 8507b9ebfb3..ee6be383415 100644
--- a/python/ql/src/experimental/semmle/python/security/TimingAttack.qll
+++ b/python/ql/src/experimental/semmle/python/security/TimingAttack.qll
@@ -257,7 +257,8 @@ private string sensitiveheaders() {
   result =
     [
       "x-auth-token", "x-csrf-token", "http_x_csrf_token", "x-csrf-param", "x-csrf-header",
-      "http_x_csrf_token", "x-api-key", "authorization", "proxy-authorization", "x-gitlab-token"
+      "http_x_csrf_token", "x-api-key", "authorization", "proxy-authorization", "x-gitlab-token",
+      "www-authenticate"
     ]
 }