hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Autoformat TimingAttackAgainstHeaderValue.ql

Browse Source
This commit is contained in:
Ahmed Farid
2022-08-17 12:54:34 +01:00
committed by GitHub
parent a7dcf96f55
commit cb5331bdd8
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeaderValue.ql
View File

@@ -24,12 +24,12 @@ class ClientSuppliedSecretConfig extends TaintTracking::Configuration {
override predicate isSource(DataFlow::Node source) { source instanceof ClientSuppliedsecret }
override predicate isSink(DataFlow::Node sink) {
override predicate isSink(DataFlow::Node sink) {
exists(Compare cmp, Expr left, Expr right, Cmpop cmpop |
cmpop.getSymbol() = ["==", "in", "is not", "!="] and
cmp.compares(left, cmpop, right) and
sink.asExpr() = [left, right]
)
)
}
}
@@ -37,3 +37,4 @@ from ClientSuppliedSecretConfig config, DataFlow::PathNode source, DataFlow::Pat
where config.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "Timing attack against $@ validation.", source.getNode(),
"client-supplied token"