Update TimingAttackAgainstHeaderValue.ql

2025-12-24 04:36:35 +01:00 · 2023-02-16 14:14:43 +01:00
parent f57861b6a3
commit a421e3a3a3
1 changed files with 1 additions and 1 deletions
--- a/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeaderValue.ql
+++ b/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeaderValue.ql
@@ -28,6 +28,6 @@ class ClientSuppliedSecretConfig extends TaintTracking::Configuration {
 }

 from ClientSuppliedSecretConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink) and not sink.getNode().(CompareSink).FlowToLen()
+where config.hasFlowPath(source, sink) and not sink.getNode().(CompareSink).flowtolen()
 select sink.getNode(), source, sink, "Timing attack against $@ validation.", source.getNode(),
  "client-supplied token"