Skip to content

Commit 31e7129

Browse files
d10cd10c
committed
Ruby: WeakSensitiveDataHashing
1 parent 0d29d9b commit 31e7129

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

ruby/ql/lib/codeql/ruby/security/WeakSensitiveDataHashingQuery.qll

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,8 @@ module NormalHashFunction {
2828
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
2929

3030
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
31+
32+
predicate observeDiffInformedIncrementalMode() { any() }
3133
}
3234

3335
/** Global taint-tracking for detecting "use of a broken or weak cryptographic hashing algorithm on sensitive data" vulnerabilities. */
@@ -54,6 +56,8 @@ module ComputationallyExpensiveHashFunction {
5456
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
5557

5658
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
59+
60+
predicate observeDiffInformedIncrementalMode() { any() }
5761
}
5862

5963
/** Global taint-tracking for detecting "use of a broken or weak cryptographic hashing algorithm on passwords" vulnerabilities. */

0 commit comments

Comments
 (0)