hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Fix naming style guide violations

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2023-08-28 12:01:49 +02:00
parent efec4e7ebf
commit 996364d6ee
5 changed files with 15 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql
View File

@@ -22,13 +22,14 @@ import experimental.semmle.python.security.TimingAttack
* A configuration that tracks data flow from cryptographic operations * A configuration that tracks data flow from cryptographic operations
* to equality test * to equality test
*/ */
private module PossibleTimingAttackAgainstHash implements DataFlow::ConfigSig { private module PossibleTimingAttackAgainstHashConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof ProduceCryptoCall } predicate isSource(DataFlow::Node source) { source instanceof ProduceCryptoCall }
predicate isSink(DataFlow::Node sink) { sink instanceof NonConstantTimeComparisonSink } predicate isSink(DataFlow::Node sink) { sink instanceof NonConstantTimeComparisonSink }
} }
module PossibleTimingAttackAgainstHashFlow = TaintTracking::Global<PossibleTimingAttackAgainstHash>; module PossibleTimingAttackAgainstHashFlow =
TaintTracking::Global<PossibleTimingAttackAgainstHashConfig>;
import PossibleTimingAttackAgainstHashFlow::PathGraph import PossibleTimingAttackAgainstHashFlow::PathGraph

10
python/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql
View File

@@ -39,7 +39,7 @@ class TokenAssignmentValueSink extends DataFlow::Node {
} }
} }
private module TokenBuiltFromUUIDConfig implements DataFlow::ConfigSig { private module TokenBuiltFromUuidConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof PredictableResultSource } predicate isSource(DataFlow::Node source) { source instanceof PredictableResultSource }
predicate isSink(DataFlow::Node sink) { sink instanceof TokenAssignmentValueSink } predicate isSink(DataFlow::Node sink) { sink instanceof TokenAssignmentValueSink }
@@ -54,10 +54,10 @@ private module TokenBuiltFromUUIDConfig implements DataFlow::ConfigSig {
} }
/** Global taint-tracking for detecting "TokenBuiltFromUUID" vulnerabilities. */ /** Global taint-tracking for detecting "TokenBuiltFromUUID" vulnerabilities. */
module TokenBuiltFromUUIDFlow = TaintTracking::Global<TokenBuiltFromUUIDConfig>; module TokenBuiltFromUuidFlow = TaintTracking::Global<TokenBuiltFromUuidConfig>;
import TokenBuiltFromUUIDFlow::PathGraph import TokenBuiltFromUuidFlow::PathGraph
from TokenBuiltFromUUIDFlow::PathNode source, TokenBuiltFromUUIDFlow::PathNode sink from TokenBuiltFromUuidFlow::PathNode source, TokenBuiltFromUuidFlow::PathNode sink
where TokenBuiltFromUUIDFlow::flowPath(source, sink) where TokenBuiltFromUuidFlow::flowPath(source, sink)
select sink.getNode(), source, sink, "Token built from $@.", source.getNode(), "predictable value" select sink.getNode(), source, sink, "Token built from $@.", source.getNode(), "predictable value"

6
python/ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql
View File

@@ -12,9 +12,9 @@
// determine precision above // determine precision above
import python import python
import LDAPInsecureAuthFlow::PathGraph
import experimental.semmle.python.security.LDAPInsecureAuth import experimental.semmle.python.security.LDAPInsecureAuth
import LdapInsecureAuthFlow::PathGraph
from LDAPInsecureAuthFlow::PathNode source, LDAPInsecureAuthFlow::PathNode sink from LdapInsecureAuthFlow::PathNode source, LdapInsecureAuthFlow::PathNode sink
where LDAPInsecureAuthFlow::flowPath(source, sink) where LdapInsecureAuthFlow::flowPath(source, sink)
select sink.getNode(), source, sink, "This LDAP host is authenticated insecurely." select sink.getNode(), source, sink, "This LDAP host is authenticated insecurely."

4
python/ql/src/experimental/semmle/python/security/InsecureRandomness.qll
View File

@@ -21,7 +21,7 @@ module InsecureRandomness {
* A taint-tracking configuration for reasoning about random values that are * A taint-tracking configuration for reasoning about random values that are
* not cryptographically secure. * not cryptographically secure.
*/ */
private module Configuration implements DataFlow::ConfigSig { private module Config implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof Source } predicate isSource(DataFlow::Node source) { source instanceof Source }
predicate isSink(DataFlow::Node sink) { sink instanceof Sink } predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
@@ -30,5 +30,5 @@ module InsecureRandomness {
} }
/** Global taint-tracking for detecting "random values that are not cryptographically secure" vulnerabilities. */ /** Global taint-tracking for detecting "random values that are not cryptographically secure" vulnerabilities. */
module Flow = TaintTracking::Global<Configuration>; module Flow = TaintTracking::Global<Config>;
} }

4
python/ql/src/experimental/semmle/python/security/LDAPInsecureAuth.qll
View File

@@ -88,7 +88,7 @@ class LdapStringVar extends BinaryExpr {
/** /**
* A taint-tracking configuration for detecting LDAP insecure authentications. * A taint-tracking configuration for detecting LDAP insecure authentications.
*/ */
private module LDAPInsecureAuthConfig implements DataFlow::ConfigSig { private module LdapInsecureAuthConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { predicate isSource(DataFlow::Node source) {
source instanceof RemoteFlowSource or source instanceof RemoteFlowSource or
source.asExpr() instanceof LdapFullHost or source.asExpr() instanceof LdapFullHost or
@@ -104,4 +104,4 @@ private module LDAPInsecureAuthConfig implements DataFlow::ConfigSig {
} }
/** Global taint-tracking for detecting "LDAP insecure authentications" vulnerabilities. */ /** Global taint-tracking for detecting "LDAP insecure authentications" vulnerabilities. */
module LDAPInsecureAuthFlow = TaintTracking::Global<LDAPInsecureAuthConfig>; module LdapInsecureAuthFlow = TaintTracking::Global<LdapInsecureAuthConfig>;