hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update TimingAttack.qll

Browse Source
This commit is contained in:
Ahmed Farid
2022-07-26 16:35:26 +01:00
committed by GitHub
parent bfb8395dce
commit 735fee53a4
1 changed files with 10 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
python/ql/src/experimental/Security/CWE-208/TimingAttack.qll
View File

@@ -3,6 +3,7 @@ private import semmle.python.dataflow.new.TaintTracking
private import semmle.python.dataflow.new.TaintTracking2 private import semmle.python.dataflow.new.TaintTracking2
private import semmle.python.dataflow.new.TaintTracking3 private import semmle.python.dataflow.new.TaintTracking3
private import semmle.python.dataflow.new.DataFlow private import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.DataFlow2
private import semmle.python.ApiGraphs private import semmle.python.ApiGraphs
private import semmle.python.dataflow.new.RemoteFlowSources private import semmle.python.dataflow.new.RemoteFlowSources
@@ -48,10 +49,10 @@ private predicate existsFailFastCheck(Expr firstInput, Expr secondInput) {
} }
/** A sink that compares input using fail fast check. */ /** A sink that compares input using fail fast check. */
class NonConstantTimeComparisonOfHashSink extends DataFlow::Node { class NonConstantTimeComparisonSink extends DataFlow::Node {
Expr anotherParameter; Expr anotherParameter;
NonConstantTimeComparisonOfHashSink() { NonConstantTimeComparisonSink() {
existsFailFastCheck(this.asExpr(), anotherParameter) and existsFailFastCheck(this.asExpr(), anotherParameter) and
not anotherParameter.isConstant() not anotherParameter.isConstant()
} }
@@ -64,19 +65,16 @@ class NonConstantTimeComparisonOfHashSink extends DataFlow::Node {
} }
} }
/** A sink that compares input using fail fast check. */ /** A data flow source of the secret obtained. */
class NonConstantTimeComparisonOfSecretSink extends DataFlow::Node { class SecretSource extends DataFlow::Node {
Expr anotherParameter; CredentialExpr secret;
NonConstantTimeComparisonOfSecretSink() { SecretSource() { secret = this.asExpr() }
existsFailFastCheck(this.asExpr(), anotherParameter) and
not anotherParameter.isConstant()
}
/** Holds if remote user input was used in the comparison. */ /** Holds if the source of secret was remote user input. */
predicate includesUserInput() { predicate includesUserInput() {
exists(UserInputSecretConfig config | exists(UserInputSecretConfig config |
config.hasFlowTo(DataFlow2::exprNode(anotherParameter)) config.hasFlowTo(DataFlow2::exprNode(secret))
) )
} }
} }
@@ -188,7 +186,7 @@ class UserInputSecretConfig extends TaintTracking2::Configuration {
/** /**
* A config that tracks data flow from remote user input to Equality test * A config that tracks data flow from remote user input to Equality test
*/ */
class UserInputInComparisonConfig extends TaintTracking3::Configuration { class UserInputInComparisonConfig extends TaintTracking2::Configuration {
UserInputInComparisonConfig() { this = "UserInputInComparisonConfig" } UserInputInComparisonConfig() { this = "UserInputInComparisonConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }