hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Minor formatting fixes

Browse Source
This commit is contained in:
Daniel Santos
2022-10-24 09:38:17 -05:00
parent 066ffb7520
commit a2ad924376
4 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.qhelp
View File

@@ -34,7 +34,7 @@ Version four is the only UUID version expected to be randomly generated.
<references>
<li>UUID <a href="https://datatracker.ietf.org/doc/html/rfc4122">RFC</a>.</li>
<li>Daniel Thatcher <i>In GUID We Trust<i> <a href="https://www.intruder.io/research/in-guid-we-trust">article</a>.</li>
<li>Daniel Thatcher <i>In GUID We Trust</i> <a href="https://www.intruder.io/research/in-guid-we-trust">article</a>.</li>
<li>UUID exploitation <a href="https://github.com/intruder-io/guidtool">tool</a>.</li>
</references>
</qhelp>

6
javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql
View File

@@ -43,14 +43,14 @@ class TokenAssignmentValueSink extends DataFlow::Node {
}
}
class TokenBuiltFromUUIDConfig extends TaintTracking::Configuration {
TokenBuiltFromUUIDConfig() { this = "TokenBuiltFromUUIDConfig" }
class TokenBuiltFromUuidConfig extends TaintTracking::Configuration {
TokenBuiltFromUuidConfig() { this = "TokenBuiltFromUuidConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof PredictableResultSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof TokenAssignmentValueSink }
}
from DataFlow::PathNode source, DataFlow::PathNode sink, TokenBuiltFromUUIDConfig config
from DataFlow::PathNode source, DataFlow::PathNode sink, TokenBuiltFromUuidConfig config
where config.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "Token built from $@.", source.getNode(), "predictable value"