hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Autoformat

Browse Source
This commit is contained in:
Ahmed Farid
2022-09-03 12:10:55 +01:00
committed by GitHub
parent 0fd684cde8
commit a50c226ca9
1 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
python/ql/src/experimental/semmle/python/security/TimingAttack.qll
View File

@@ -185,8 +185,8 @@ private string suspicious() {
result =
[
"%password%", "%passwd%", "%pwd%", "%refresh%token%", "%secret%token", "%secret%key",
"%passcode%", "%passphrase%", "%token%", "%secret%", "%credential%", "%userpass%",
"%digest%", "%signature%", "%mac%"
"%passcode%", "%passphrase%", "%token%", "%secret%", "%credential%", "%userpass%", "%digest%",
"%signature%", "%mac%"
]
}
@@ -208,7 +208,8 @@ abstract class ClientSuppliedSecret extends API::CallNode { }
private class FlaskClientSuppliedSecret extends ClientSuppliedSecret {
FlaskClientSuppliedSecret() {
this = Flask::request().getMember("headers").getMember(["get", "get_all", "getlist"]).getACall() and
this.getParameter(0, ["key", "name"]).asSink().asExpr().(StrConst).getText().toLowerCase() = sensitiveheaders()
this.getParameter(0, ["key", "name"]).asSink().asExpr().(StrConst).getText().toLowerCase() =
sensitiveheaders()
}
}
@@ -219,7 +220,8 @@ private class DjangoClientSuppliedSecret extends ClientSuppliedSecret {
.getMember(["headers", "META"])
.getMember("get")
.getACall() and
this.getParameter(0, "key").asSink().asExpr().(StrConst).getText().toLowerCase() = sensitiveheaders()
this.getParameter(0, "key").asSink().asExpr().(StrConst).getText().toLowerCase() =
sensitiveheaders()
}
}
@@ -231,7 +233,8 @@ API::Node requesthandler() {
private class TornadoClientSuppliedSecret extends ClientSuppliedSecret {
TornadoClientSuppliedSecret() {
this = requesthandler().getMember(["headers", "META"]).getMember("get").getACall() and
this.getParameter(0, "key").asSink().asExpr().(StrConst).getText().toLowerCase() = sensitiveheaders()
this.getParameter(0, "key").asSink().asExpr().(StrConst).getText().toLowerCase() =
sensitiveheaders()
}
}
@@ -244,7 +247,8 @@ private class WerkzeugClientSuppliedSecret extends ClientSuppliedSecret {
WerkzeugClientSuppliedSecret() {
this =
headers().getMember(["headers", "META"]).getMember(["get", "get_all", "getlist"]).getACall() and
this.getParameter(0, ["key", "name"]).asSink().asExpr().(StrConst).getText().toLowerCase() = sensitiveheaders()
this.getParameter(0, ["key", "name"]).asSink().asExpr().(StrConst).getText().toLowerCase() =
sensitiveheaders()
}
}