Update TimingAttackAgainstHeaderValue.ql

ahmed-farid-dev · web-flow · commit f70f5c793526 · 2023-02-16T14:03:26.000+01:00
diff --git a/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeaderValue.ql b/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeaderValue.ql
@@ -28,6 +28,6 @@ class ClientSuppliedSecretConfig extends TaintTracking::Configuration {
 }
 
 from ClientSuppliedSecretConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
+where config.hasFlowPath(source, sink) and not sink.getNode().(CompareSink).FlowToLen()
 select sink.getNode(), source, sink, "Timing attack against $@ validation.", source.getNode(),
   "client-supplied token"

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,6 @@ class ClientSuppliedSecretConfig extends TaintTracking::Configuration {`
`28`	`28`	`}`
`29`	`29`
`30`	`30`	`from ClientSuppliedSecretConfig config, DataFlow::PathNode source, DataFlow::PathNode sink`
`31`		`-where config.hasFlowPath(source, sink)`
	`31`	`+where config.hasFlowPath(source, sink) and not sink.getNode().(CompareSink).FlowToLen()`
`32`	`32`	`select sink.getNode(), source, sink, "Timing attack against $@ validation.", source.getNode(),`
`33`	`33`	`"client-supplied token"`