Update PossibleTimingAttackAgainstHash.ql

2025-12-23 12:16:33 +01:00 · 2022-07-20 13:05:49 +01:00
parent ee743e61e9
commit 7d0d39e019
1 changed files with 1 additions and 17 deletions
--- a/python/ql/src/experimental/Security/CWE-208/PossibleTimingAttackAgainstHash.ql
+++ b/python/ql/src/experimental/Security/CWE-208/PossibleTimingAttackAgainstHash.ql
@@ -26,23 +26,7 @@ import DataFlow::PathGraph
 class PossibleTimingAttackAgainstHash extends TaintTracking::Configuration {
  PossibleTimingAttackAgainstHash() { this = "PossibleTimingAttackAgainstHash" }

-  override predicate isSource(DataFlow::Node source) {
-    source = API::moduleImport("hmac").getMember("digest").getACall() or
-    source =
-      API::moduleImport("hmac")
-          .getMember("new")
-          .getReturn()
-          .getMember(["digest", "hexdigest"])
-          .getACall() or
-    source =
-      API::moduleImport("hashlib")
-          .getMember([
-              "new", "sha1", "sha224", "sha256", "sha384", "sha512", "blake2b", "blake2s", "md5"
-            ])
-          .getReturn()
-          .getMember(["digest", "hexdigest"])
-          .getACall()
-  }
+  override predicate isSource(DataFlow::Node source) { source instanceof ProduceHashCall }

  override predicate isSink(DataFlow::Node sink) { sink instanceof CompareSink }
 }