feat: update Weak PRNG query

GeekMasher · GeekMasher · commit 3efb82518b1e · 2023-10-03T12:41:49.000+01:00
diff --git a/python/lib/github/cryptography/WeakPRNG.qll b/python/lib/github/cryptography/WeakPRNG.qll
@@ -0,0 +1,40 @@
+private import semmle.python.ApiGraphs
+private import semmle.python.Concepts
+private import semmle.python.dataflow.new.DataFlow
+
+abstract class RandomNumberGeneratorSinks extends DataFlow::Node { }
+
+class OSRandom extends RandomNumberGeneratorSinks {
+  OSRandom() {
+    exists(DataFlow::Node call |
+      // https://docs.python.org/3/library/os.html#os.getrandom
+      call = API::moduleImport("os").getMember("getrandom").getACall() and
+      this = call
+    )
+  }
+}
+
+class PyRandom extends RandomNumberGeneratorSinks {
+  PyRandom() {
+    exists(DataFlow::Node call |
+      (
+        // https://docs.python.org/3/library/random.html#random.random
+        call = API::moduleImport("random").getMember("random").getACall()
+        or
+        // https://docs.python.org/3/library/random.html#random.randbytes
+        call = API::moduleImport("random").getMember("randbytes").getACall()
+      ) and
+      this = call
+    )
+  }
+}
+
+class PyUuid extends RandomNumberGeneratorSinks {
+    PyUuid() {
+        exists(DataFlow::Node call |
+            call = API::moduleImport("uuid").getMember("uuid1").getACall() or
+            call = API::moduleImport("uuid").getMember("uuid3").getACall() and
+            this = call
+        )
+    }
+}
diff --git a/python/src/security/CWE-338/WeakPRNG.ql b/python/src/security/CWE-338/WeakPRNG.ql
@@ -12,34 +12,7 @@
  */
 
 import python
-import semmle.python.ApiGraphs
-
-abstract class RandomNumberGeneratorSinks extends DataFlow::Node { }
-
-class OSRandom extends RandomNumberGeneratorSinks {
-  OSRandom() {
-    exists(DataFlow::Node call |
-      // https://docs.python.org/3/library/os.html#os.getrandom
-      call = API::moduleImport("os").getMember("getrandom").getACall() and
-      this = call
-    )
-  }
-}
-
-class PyRandom extends RandomNumberGeneratorSinks {
-  PyRandom() {
-    exists(DataFlow::Node call |
-      (
-        // https://docs.python.org/3/library/random.html#random.random
-        call = API::moduleImport("random").getMember("random").getACall()
-        or
-        // https://docs.python.org/3/library/random.html#random.randbytes
-        call = API::moduleImport("random").getMember("randbytes").getACall()
-      ) and
-      this = call
-    )
-  }
-}
+import github.crytography.WeakPRNG
 
 from RandomNumberGeneratorSinks rngs
 select rngs.asExpr(), "Using weak PRNG"
