hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update TimingAttackAgainstHeader.ql

Browse Source
This commit is contained in:
Ahmed Farid
2022-02-21 13:05:48 +01:00
committed by Chris Smowton
parent 19d0e1f4a7
commit fa8af6bf70
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.ql
View File

@@ -34,7 +34,7 @@ class ClientSuppliedIpTokenCheck extends DataFlow::Node {
ma.getMethod().hasName("getHeader") and
ma.getArgument(0).(CompileTimeConstantExpr).getStringValue().toLowerCase() in [
"x-auth-token", "x-csrf-token", "http_x_csrf_token", "x-csrf-param", "x-csrf-header",
"http_x_csrf_token"
"http_x_csrf_token", "x-api-key"
] and
ma = this.asExpr()
)