Skip to content

Commit a779547

Browse files
committed
Python: Move experimental PossibleTimingAttackAgainstHash to new dataflow API
1 parent 8abd343 commit a779547

File tree

1 file changed

+9
-8
lines changed

1 file changed

+9
-8
lines changed

python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -17,21 +17,22 @@ import python
1717
import semmle.python.dataflow.new.DataFlow
1818
import semmle.python.dataflow.new.TaintTracking
1919
import experimental.semmle.python.security.TimingAttack
20-
import DataFlow::PathGraph
2120

2221
/**
2322
* A configuration that tracks data flow from cryptographic operations
2423
* to equality test
2524
*/
26-
class PossibleTimingAttackAgainstHash extends TaintTracking::Configuration {
27-
PossibleTimingAttackAgainstHash() { this = "PossibleTimingAttackAgainstHash" }
25+
private module PossibleTimingAttackAgainstHash implements DataFlow::ConfigSig {
26+
predicate isSource(DataFlow::Node source) { source instanceof ProduceCryptoCall }
2827

29-
override predicate isSource(DataFlow::Node source) { source instanceof ProduceCryptoCall }
30-
31-
override predicate isSink(DataFlow::Node sink) { sink instanceof NonConstantTimeComparisonSink }
28+
predicate isSink(DataFlow::Node sink) { sink instanceof NonConstantTimeComparisonSink }
3229
}
3330

34-
from PossibleTimingAttackAgainstHash config, DataFlow::PathNode source, DataFlow::PathNode sink
35-
where config.hasFlowPath(source, sink)
31+
module PossibleTimingAttackAgainstHashFlow = TaintTracking::Global<PossibleTimingAttackAgainstHash>;
32+
33+
import PossibleTimingAttackAgainstHashFlow::PathGraph
34+
35+
from PossibleTimingAttackAgainstHashFlow::PathNode source, PossibleTimingAttackAgainstHashFlow::PathNode sink
36+
where PossibleTimingAttackAgainstHashFlow::flowPath(source, sink)
3637
select sink.getNode(), source, sink, "Possible Timing attack against $@ validation.",
3738
source.getNode().(ProduceCryptoCall).getResultType(), "message"

0 commit comments

Comments
 (0)