hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix spelling and remove dead code

Browse Source
This commit is contained in:
Chris Smowton
2023-05-11 22:12:17 +01:00
committed by GitHub
parent ae6fda03b7
commit a10b11e09e
1 changed files with 6 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
go/ql/src/experimental/CWE-203/Timing.ql
View File

@@ -1,6 +1,6 @@
/** /**
* @name Timing attacks due to comparision of sensitive secrets * @name Timing attacks due to comparison of sensitive secrets
* @description using a non-constant time comparision method to comapre secrets can lead to authoriztion vulnerabilities * @description using a non-constant time comparison method to comapre secrets can lead to authoriztion vulnerabilities
* @kind path-problem * @kind path-problem
* @problem.severity warning * @problem.severity warning
* @id go/timing-attack * @id go/timing-attack
@@ -19,27 +19,17 @@ private predicate isBadResult(DataFlow::Node e) {
) )
} }
/**
* A data flow source for timing attack vulnerabilities.
*/
abstract class Source extends DataFlow::Node { }
/** /**
* A data flow sink for timing attack vulnerabilities. * A data flow sink for timing attack vulnerabilities.
*/ */
abstract class Sink extends DataFlow::Node { } abstract class Sink extends DataFlow::Node { }
/** /** A taint-tracking sink which models comparisons of sensitive variables. */
* A sanitizer for timing attack vulnerabilities.
*/
abstract class Sanitizer extends DataFlow::Node { }
/** A taint-tracking sink which models comparisions of sensitive variables. */
private class SensitiveCompareSink extends Sink { private class SensitiveCompareSink extends Sink {
ComparisonExpr c; ComparisonExpr c;
SensitiveCompareSink() { SensitiveCompareSink() {
// We select a comparision where a secret or password is tested. // We select a comparison where a secret or password is tested.
exists(SensitiveVariableAccess op1, Expr op2 | exists(SensitiveVariableAccess op1, Expr op2 |
op1.getClassification() = [SensitiveExpr::secret(), SensitiveExpr::password()] and op1.getClassification() = [SensitiveExpr::secret(), SensitiveExpr::password()] and
// exclude grant to avoid FP from OAuth // exclude grant to avoid FP from OAuth
@@ -48,10 +38,10 @@ private class SensitiveCompareSink extends Sink {
op2 = c.getAnOperand() and op2 = c.getAnOperand() and
not op1 = op2 and not op1 = op2 and
not ( not (
// Comparisions with `nil` should be excluded. // Comparisons with `nil` should be excluded.
op2 = Builtin::nil().getAReference() op2 = Builtin::nil().getAReference()
or or
// Comparisions with empty string should also be excluded. // Comparisons with empty string should also be excluded.
op2.getStringValue().length() = 0 op2.getStringValue().length() = 0
) )
| |