hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix spelling and remove dead code

Browse Source
This commit is contained in:
Chris Smowton
2023-05-11 22:12:17 +01:00
committed by GitHub
parent ae6fda03b7
commit a10b11e09e
1 changed files with 6 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
go/ql/src/experimental/CWE-203/Timing.ql
View File

@@ -1,6 +1,6 @@
/**
* @name Timing attacks due to comparision of sensitive secrets
* @description using a non-constant time comparision method to comapre secrets can lead to authoriztion vulnerabilities
* @name Timing attacks due to comparison of sensitive secrets
* @description using a non-constant time comparison method to comapre secrets can lead to authoriztion vulnerabilities
* @kind path-problem
* @problem.severity warning
* @id go/timing-attack
@@ -19,27 +19,17 @@ private predicate isBadResult(DataFlow::Node e) {
)
}
/**
* A data flow source for timing attack vulnerabilities.
*/
abstract class Source extends DataFlow::Node { }
/**
* A data flow sink for timing attack vulnerabilities.
*/
abstract class Sink extends DataFlow::Node { }
/**
* A sanitizer for timing attack vulnerabilities.
*/
abstract class Sanitizer extends DataFlow::Node { }
/** A taint-tracking sink which models comparisions of sensitive variables. */
/** A taint-tracking sink which models comparisons of sensitive variables. */
private class SensitiveCompareSink extends Sink {
ComparisonExpr c;
SensitiveCompareSink() {
// We select a comparision where a secret or password is tested.
// We select a comparison where a secret or password is tested.
exists(SensitiveVariableAccess op1, Expr op2 |
op1.getClassification() = [SensitiveExpr::secret(), SensitiveExpr::password()] and
// exclude grant to avoid FP from OAuth
@@ -48,10 +38,10 @@ private class SensitiveCompareSink extends Sink {
op2 = c.getAnOperand() and
not op1 = op2 and
not (
// Comparisions with `nil` should be excluded.
// Comparisons with `nil` should be excluded.
op2 = Builtin::nil().getAReference()
or
// Comparisions with empty string should also be excluded.
// Comparisons with empty string should also be excluded.
op2.getStringValue().length() = 0
)
|