hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Highlight shortcomings of hashlib.new modeling

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2021-11-04 15:28:42 +01:00
parent 58f6058a63
commit 9e91f3a341
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
python/ql/test/library-tests/frameworks/stdlib/test_md5.py
View File

@@ -27,3 +27,12 @@ hasher = hashlib.new('md5')
hasher.update(b"secret") # $ CryptographicOperation CryptographicOperationInput=b"secret" CryptographicOperationAlgorithm=MD5
hasher.update(b" message") # $ CryptographicOperation CryptographicOperationInput=b" message" CryptographicOperationAlgorithm=MD5
print(hasher.hexdigest())
def foo(arg):
hasher = hashlib.new(arg)
hasher.update(b"secret") # $ MISSING: CryptographicOperation CryptographicOperationInput=b"secret" CryptographicOperationAlgorithm=MD5
hasher.update(b" message") # $ MISSING: CryptographicOperation CryptographicOperationInput=b" message" CryptographicOperationAlgorithm=MD5
print(hasher.hexdigest())
foo("md5")