hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

New queries to detect unsafe client side encryption in Azure Storage

Browse Source
This commit is contained in:
Raul Garcia
2022-07-01 17:08:35 -07:00
parent e98bdbf73f
commit e43e5810cf
9 changed files with 380 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.py Normal file
View File

@@ -0,0 +1,7 @@
blob_client = blob_service_client.get_blob_client(container=container_name, blob=blob_name)
blob_client.require_encryption = True
blob_client.key_encryption_key = kek
# GOOD: Must use `encryption_version` set to `2.0`
blob_client.encryption_version = '2.0' # Use Version 2.0!
with open(decryptedcontentfile.txt, rb) as stream:
blob_client.upload_blob(stream, overwrite=OVERWRITE_EXISTING)