hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-17 07:23:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update and rename TimingAttack.qhelp to TimingAttackAgainstSensitiveInfo.qhelp

Browse Source
This commit is contained in:
Ahmed Farid
2022-08-04 12:16:06 +01:00
committed by GitHub
parent 10df8e6c02
commit c13477c14f
1 changed files with 3 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
python/ql/src/experimental/Security/CWE-208/TimingAttack.qhelp → python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo.qhelp
View File

@@ -29,12 +29,12 @@ and does not depend on the contents of the arrays.
<p>
The following example uses <code>==</code> which is a fail fast check for validating a secret.
</p>
<sample src="UnsafeComparison.py" />
<sample src="UnsafeComparisonOfSensitiveInfo.py" />
<p>
The next example use a safe constant-time algorithm for validating a secret:
</p>
<sample src="SafeComparison.py" />
<sample src="SafeComparisonOfSensitiveInfo.py" />
</example>
<references>
@@ -46,11 +46,7 @@ and does not depend on the contents of the arrays.
<li>
<a href="https://docs.python.org/3/library/hmac.html#hmac.compare_digest">hmac.compare_digest() method</a>
</li>
<li>
HMAC:
<a href="https://datatracker.ietf.org/doc/html/rfc2104.html">RFC 2104</a>
</li>
</references>
</qhelp>