diff --git a/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql b/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql index c28b51f02d7..82ba11c1d4b 100644 --- a/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql +++ b/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql @@ -22,13 +22,14 @@ import experimental.semmle.python.security.TimingAttack * A configuration that tracks data flow from cryptographic operations * to equality test */ -private module PossibleTimingAttackAgainstHash implements DataFlow::ConfigSig { +private module PossibleTimingAttackAgainstHashConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof ProduceCryptoCall } predicate isSink(DataFlow::Node sink) { sink instanceof NonConstantTimeComparisonSink } } -module PossibleTimingAttackAgainstHashFlow = TaintTracking::Global; +module PossibleTimingAttackAgainstHashFlow = + TaintTracking::Global; import PossibleTimingAttackAgainstHashFlow::PathGraph diff --git a/python/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql b/python/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql index e4310a68e8f..b91f2dd6237 100644 --- a/python/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql +++ b/python/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql @@ -39,7 +39,7 @@ class TokenAssignmentValueSink extends DataFlow::Node { } } -private module TokenBuiltFromUUIDConfig implements DataFlow::ConfigSig { +private module TokenBuiltFromUuidConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof PredictableResultSource } predicate isSink(DataFlow::Node sink) { sink instanceof TokenAssignmentValueSink } @@ -54,10 +54,10 @@ private module TokenBuiltFromUUIDConfig implements DataFlow::ConfigSig { } /** Global taint-tracking for detecting "TokenBuiltFromUUID" vulnerabilities. */ -module TokenBuiltFromUUIDFlow = TaintTracking::Global; +module TokenBuiltFromUuidFlow = TaintTracking::Global; -import TokenBuiltFromUUIDFlow::PathGraph +import TokenBuiltFromUuidFlow::PathGraph -from TokenBuiltFromUUIDFlow::PathNode source, TokenBuiltFromUUIDFlow::PathNode sink -where TokenBuiltFromUUIDFlow::flowPath(source, sink) +from TokenBuiltFromUuidFlow::PathNode source, TokenBuiltFromUuidFlow::PathNode sink +where TokenBuiltFromUuidFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Token built from $@.", source.getNode(), "predictable value" diff --git a/python/ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql b/python/ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql index e870a92e9ab..284f20b2c39 100644 --- a/python/ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql +++ b/python/ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql @@ -12,9 +12,9 @@ // determine precision above import python -import LDAPInsecureAuthFlow::PathGraph import experimental.semmle.python.security.LDAPInsecureAuth +import LdapInsecureAuthFlow::PathGraph -from LDAPInsecureAuthFlow::PathNode source, LDAPInsecureAuthFlow::PathNode sink -where LDAPInsecureAuthFlow::flowPath(source, sink) +from LdapInsecureAuthFlow::PathNode source, LdapInsecureAuthFlow::PathNode sink +where LdapInsecureAuthFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This LDAP host is authenticated insecurely." diff --git a/python/ql/src/experimental/semmle/python/security/InsecureRandomness.qll b/python/ql/src/experimental/semmle/python/security/InsecureRandomness.qll index c71b461d20a..5a32a887bd5 100644 --- a/python/ql/src/experimental/semmle/python/security/InsecureRandomness.qll +++ b/python/ql/src/experimental/semmle/python/security/InsecureRandomness.qll @@ -21,7 +21,7 @@ module InsecureRandomness { * A taint-tracking configuration for reasoning about random values that are * not cryptographically secure. */ - private module Configuration implements DataFlow::ConfigSig { + private module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof Source } predicate isSink(DataFlow::Node sink) { sink instanceof Sink } @@ -30,5 +30,5 @@ module InsecureRandomness { } /** Global taint-tracking for detecting "random values that are not cryptographically secure" vulnerabilities. */ - module Flow = TaintTracking::Global; + module Flow = TaintTracking::Global; } diff --git a/python/ql/src/experimental/semmle/python/security/LDAPInsecureAuth.qll b/python/ql/src/experimental/semmle/python/security/LDAPInsecureAuth.qll index 133bb1810cc..e8249dcdff7 100644 --- a/python/ql/src/experimental/semmle/python/security/LDAPInsecureAuth.qll +++ b/python/ql/src/experimental/semmle/python/security/LDAPInsecureAuth.qll @@ -88,7 +88,7 @@ class LdapStringVar extends BinaryExpr { /** * A taint-tracking configuration for detecting LDAP insecure authentications. */ -private module LDAPInsecureAuthConfig implements DataFlow::ConfigSig { +private module LdapInsecureAuthConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource or source.asExpr() instanceof LdapFullHost or @@ -104,4 +104,4 @@ private module LDAPInsecureAuthConfig implements DataFlow::ConfigSig { } /** Global taint-tracking for detecting "LDAP insecure authentications" vulnerabilities. */ -module LDAPInsecureAuthFlow = TaintTracking::Global; +module LdapInsecureAuthFlow = TaintTracking::Global;