hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
codeql/python/ql/test/query-tests/Security/CWE-327-WeakSensitiveDataHashing
History
Rasmus Wriedt Larsen 5f6e3dcc2e Python: Revert changes to sensitive data query alert messages 
This partly reverts the changes from https://github.com/github/codeql/pull/10252

Although consistency is nice, the new messages didn't sound as natural.

New alert message would read

> Insecure hashing algorithm (md5) depends on sensitive data (password). (...)

I'm not sure what it means that a hashing algorithm depends on data. So
for me, the original text below is much easier to understand.

> Sensitive data (password) is used in a hashing algorithm (md5) that is insecure (...)

Same goes for the other sensitive data queries.
2022-09-06 12:01:24 +02:00
..
README.md
Python: Add py/weak-sensitive-data-hashing query
2021-04-22 15:23:41 +02:00
test_cryptodome.py
Python: Add py/weak-sensitive-data-hashing query
2021-04-22 15:23:41 +02:00
test_cryptography.py
Python: Add py/weak-sensitive-data-hashing query
2021-04-22 15:23:41 +02:00
WeakSensitiveDataHashing.expected
Python: Revert changes to sensitive data query alert messages
2022-09-06 12:01:24 +02:00
WeakSensitiveDataHashing.qlref
Python: Add py/weak-sensitive-data-hashing query
2021-04-22 15:23:41 +02:00

README.md

Note that the tests in this directory are very shallow, and simply show that the query is able to produce alerts.

More in-depth tests can be found for the individual frameworks that we have modeled Cryptography::CryptographicOperation for.