Skip to content

Commit daff777

Browse files
Update TimingAttack.qll
1 parent a42cb20 commit daff777

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

python/ql/src/experimental/semmle/python/security/TimingAttack.qll

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -186,7 +186,7 @@ abstract class ClientSuppliedSecret extends API::CallNode { }
186186
private class FlaskClientSuppliedSecret extends ClientSuppliedSecret {
187187
FlaskClientSuppliedSecret() {
188188
this = Flask::request().getMember("headers").getMember(["get", "get_all", "getlist"]).getACall() and
189-
this.getParameter(0, "key").asSink().asExpr().(StrConst).getText().toLowerCase() = sensitiveheaders()
189+
this.getParameter(0, ["key", "name"]).asSink().asExpr().(StrConst).getText().toLowerCase() = sensitiveheaders()
190190
}
191191
}
192192

@@ -222,7 +222,7 @@ private class WerkzeugClientSuppliedSecret extends ClientSuppliedSecret {
222222
WerkzeugClientSuppliedSecret() {
223223
this =
224224
headers().getMember(["headers", "META"]).getMember(["get", "get_all", "getlist"]).getACall() and
225-
this.getParameter(0, "key").asSink().asExpr().(StrConst).getText().toLowerCase() = sensitiveheaders()
225+
this.getParameter(0, ["key", "name"]).asSink().asExpr().(StrConst).getText().toLowerCase() = sensitiveheaders()
226226
}
227227
}
228228

0 commit comments

Comments
 (0)