From 6f8ec118df4cd8ff2946ab72d51203dc55439f55 Mon Sep 17 00:00:00 2001 From: amammad Date: Mon, 24 Jul 2023 17:13:27 +1000 Subject: [PATCH] fix qlhelp and qldoc bugs --- .../WebAppConstantSecretKey.qhelp | 10 +++++++++- .../WebAppConstantSecretKeyDjango.qll | 2 +- .../WebAppConstantSecretKeyFlask.qll | 6 +++--- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKey.qhelp b/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKey.qhelp index 0f4b3b65515..b0719b34be4 100644 --- a/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKey.qhelp +++ b/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKey.qhelp @@ -15,14 +15,22 @@

+

Safe Django SECRET_KEY

- +

Unsafe Django SECRET_KEY Example:

+ +

Safe Flask SECRET_KEY Example:

+

Unsafe Flask SECRET_KEY Example:

+

config1.py

+

config2.py

+

config3.py

+

__init__.py

 diff --git a/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKeyDjango.qll b/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKeyDjango.qll index c1a79410765..46d66e14b0b 100644 --- a/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKeyDjango.qll +++ b/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKeyDjango.qll @@ -14,7 +14,7 @@ module DjangoConstantSecretKeyConfig { predicate isSource(DataFlow::Node source) { source instanceof WebAppConstantSecretKeySource } /** - * A sink like following SECRET_KEY Assignments + * Holds if There is a sink like following SECRET_KEY Assignments * ```python *from django.conf import settings *settings.configure( diff --git a/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKeyFlask.qll b/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKeyFlask.qll index 1446ae6c87d..63f2565ba47 100644 --- a/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKeyFlask.qll +++ b/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/WebAppConstantSecretKeyFlask.qll @@ -36,7 +36,7 @@ module FlaskConstantSecretKeyConfig { * app.config.update(SECRET_KEY="CHANGEME3") * app.config.from_mapping(SECRET_KEY="CHANGEME4") * ``` - * other Sinks are SECRET_KEY Constants Variables that are defined in seperate files or a class in those files like: + * other Sinks are SECRET_KEY Constants Variables that are defined in separate files or a class in those files like: * ```python * app.config.from_pyfile("config.py") * app.config.from_object('config.Config') @@ -84,7 +84,7 @@ module FlaskConstantSecretKeyConfig { } /** - * Assignments like `SECRET_KEY = ConstantValue` + * An Assignments like `SECRET_KEY = ConstantValue` * and `SECRET_KEY` file must be the Location that is specified in argument of `from_object` or `from_pyfile` methods */ class SecretKeyAssignStmt extends AssignStmt { @@ -119,7 +119,7 @@ module FlaskConstantSecretKeyConfig { } /** - * A helper predicate that specify where the Flask `SECRET_KEY` variable location is defined. + * Holds if there is a helper predicate that specify where the Flask `SECRET_KEY` variable location is defined. * In Flask we have config files that specify the location of `SECRET_KEY` variable initialization * and the name of these files are determined by * `app.config.from_pyfile("configFileName.py")`