Pass pyOpenSSL method as parameter instead of keyword argument.

2026-05-05 21:55:19 +02:00 · 2018-11-29 16:26:36 +01:00
parent d604f5c9c9
commit dfe3fc6d5c
3 changed files with 16 additions and 16 deletions
--- a/python/ql/test/query-tests/Security/CWE-327/InsecureProtocol.expected
+++ b/python/ql/test/query-tests/Security/CWE-327/InsecureProtocol.expected
@@ -4,8 +4,8 @@
 | InsecureProtocol.py:10:1:10:42 | ControlFlowNode for SSLContext() | Insecure SSL/TLS protocol version PROTOCOL_SSLv2 specified in call to ssl.SSLContext. |
 | InsecureProtocol.py:11:1:11:42 | ControlFlowNode for SSLContext() | Insecure SSL/TLS protocol version PROTOCOL_SSLv3 specified in call to ssl.SSLContext. |
 | InsecureProtocol.py:12:1:12:42 | ControlFlowNode for SSLContext() | Insecure SSL/TLS protocol version PROTOCOL_TLSv1 specified in call to ssl.SSLContext. |
-| InsecureProtocol.py:14:1:14:36 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version SSLv2_METHOD specified in call to pyOpenSSL.SSL.Context. |
-| InsecureProtocol.py:15:1:15:37 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version SSLv23_METHOD specified in call to pyOpenSSL.SSL.Context. |
-| InsecureProtocol.py:16:1:16:36 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version SSLv3_METHOD specified in call to pyOpenSSL.SSL.Context. |
-| InsecureProtocol.py:17:1:17:36 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version TLSv1_METHOD specified in call to pyOpenSSL.SSL.Context. |
-| InsecureProtocol.py:32:1:32:26 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version SSLv2_METHOD specified in call to pyOpenSSL.SSL.Context. |
+| InsecureProtocol.py:14:1:14:29 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version SSLv2_METHOD specified in call to pyOpenSSL.SSL.Context. |
+| InsecureProtocol.py:15:1:15:30 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version SSLv23_METHOD specified in call to pyOpenSSL.SSL.Context. |
+| InsecureProtocol.py:16:1:16:29 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version SSLv3_METHOD specified in call to pyOpenSSL.SSL.Context. |
+| InsecureProtocol.py:17:1:17:29 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version TLSv1_METHOD specified in call to pyOpenSSL.SSL.Context. |
+| InsecureProtocol.py:32:1:32:19 | ControlFlowNode for Attribute() | Insecure SSL/TLS protocol version SSLv2_METHOD specified in call to pyOpenSSL.SSL.Context. |
--- a/python/ql/test/query-tests/Security/CWE-327/InsecureProtocol.py
+++ b/python/ql/test/query-tests/Security/CWE-327/InsecureProtocol.py
@@ -11,31 +11,31 @@ SSLContext(ssl_version=ssl.PROTOCOL_SSLv2)
 SSLContext(ssl_version=ssl.PROTOCOL_SSLv3)
 SSLContext(ssl_version=ssl.PROTOCOL_TLSv1)

-SSL.Context(method=SSL.SSLv2_METHOD)
-SSL.Context(method=SSL.SSLv23_METHOD)
-SSL.Context(method=SSL.SSLv3_METHOD)
-SSL.Context(method=SSL.TLSv1_METHOD)
+SSL.Context(SSL.SSLv2_METHOD)
+SSL.Context(SSL.SSLv23_METHOD)
+SSL.Context(SSL.SSLv3_METHOD)
+SSL.Context(SSL.TLSv1_METHOD)

 # not relevant
 wrap_socket(ssl_version=ssl.PROTOCOL_SSLv3)
 wrap_socket(ssl_version=ssl.PROTOCOL_TLSv1)
 wrap_socket(ssl_version=ssl.PROTOCOL_SSLv2)

-Context(method=SSL.SSLv3_METHOD)
-Context(method=SSL.TLSv1_METHOD)
-Context(method=SSL.SSLv2_METHOD)
-Context(method=SSL.SSLv23_METHOD)
+Context(SSL.SSLv3_METHOD)
+Context(SSL.TLSv1_METHOD)
+Context(SSL.SSLv2_METHOD)
+Context(SSL.SSLv23_METHOD)

 # true positive using flow

 METHOD = SSL.SSLv2_METHOD
-SSL.Context(method=METHOD)
+SSL.Context(METHOD)

 # secure versions

 ssl.wrap_socket(ssl_version=ssl.PROTOCOL_TLSv1_1)
 SSLContext(ssl_version=ssl.PROTOCOL_TLSv1_1)
-SSL.Context(method=SSL.TLSv1_1_METHOD)
+SSL.Context(SSL.TLSv1_1_METHOD)

 # possibly insecure default
 ssl.wrap_socket()