Merge pull request #7252 from museljh/feature/cwe-338

Python: CWE-338 insecureRandomness
2026-05-04 21:25:44 +02:00 · 2022-02-07 19:30:06 +01:00
parent 9217d0e1b9 1dd15fa235
commit eb109828c0
9 changed files with 212 additions and 0 deletions
--- a/python/ql/test/experimental/query-tests/Security/CWE-338/InsecureRandomness.expected
+++ b/python/ql/test/experimental/query-tests/Security/CWE-338/InsecureRandomness.expected
@@ -0,0 +1,6 @@
+edges
+nodes
+| InsecureRandomness.py:5:12:5:26 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+subpaths
+#select
+| InsecureRandomness.py:5:12:5:26 | ControlFlowNode for Attribute() | InsecureRandomness.py:5:12:5:26 | ControlFlowNode for Attribute() | InsecureRandomness.py:5:12:5:26 | ControlFlowNode for Attribute() | Cryptographically insecure $@ in a security context. | InsecureRandomness.py:5:12:5:26 | ControlFlowNode for Attribute() | random value |
--- a/python/ql/test/experimental/query-tests/Security/CWE-338/InsecureRandomness.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-338/InsecureRandomness.py
@@ -0,0 +1,5 @@
+import random
+
+def generatePassword():
+    # BAD: the random is not cryptographically secure
+    return random.random()
--- a/python/ql/test/experimental/query-tests/Security/CWE-338/InsecureRandomness.qlref
+++ b/python/ql/test/experimental/query-tests/Security/CWE-338/InsecureRandomness.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE-338/InsecureRandomness.ql
				`@@ -0,0 +1 @@`
				`experimental/Security/CWE-338/InsecureRandomness.ql`