hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10314 from RasmusWL/revert-alert-msgs-change

Browse Source
This commit is contained in:
Taus
2022-09-08 13:00:47 +02:00
committed by GitHub
parent df90b99b67 5f6e3dcc2e
commit 8b8e74cc9a
7 changed files with 37 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/src/Security/CWE-312/CleartextLogging.ql
View File

@@ -22,5 +22,5 @@ from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink, s
where
config.hasFlowPath(source, sink) and
classification = source.getNode().(Source).getClassification()
select sink.getNode(), source, sink, "This log entry depends on $@.", source.getNode(),
"sensitive data (" + classification + ")"
select sink.getNode(), source, sink, "$@ is logged here.", source.getNode(),
"Sensitive data (" + classification + ")"

4
python/ql/src/Security/CWE-312/CleartextStorage.ql
View File

@@ -22,5 +22,5 @@ from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink, s
where
config.hasFlowPath(source, sink) and
classification = source.getNode().(Source).getClassification()
select sink.getNode(), source, sink, "This data storage depends on $@.", source.getNode(),
"sensitive data (" + classification + ")"
select sink.getNode(), source, sink, "$@ is stored here.", source.getNode(),
"Sensitive data (" + classification + ")"

8
python/ql/src/Security/CWE-327/WeakSensitiveDataHashing.ql
View File

@@ -36,14 +36,14 @@ where
source.getNode().(ComputationallyExpensiveHashFunction::Source).getClassification() and
(
sink.getNode().(ComputationallyExpensiveHashFunction::Sink).isComputationallyExpensive() and
ending = ""
ending = "."
or
not sink.getNode().(ComputationallyExpensiveHashFunction::Sink).isComputationallyExpensive() and
ending =
" The algorithm is insufficient for " + classification +
" for " + classification +
" hashing, since it is not a computationally expensive hash function."
)
)
select sink.getNode(), source, sink,
"Insecure hashing algorithm (" + algorithmName + ") depends on $@." + ending, source.getNode(),
"sensitive data (" + classification + ")"
"$@ is used in a hashing algorithm (" + algorithmName + ") that is insecure" + ending,
source.getNode(), "Sensitive data (" + classification + ")"