Add more source of crypto call

ahmed-farid-dev · web-flow · commit 0fd684cde83f · 2022-08-31T17:13:43.000+01:00
diff --git a/python/ql/src/experimental/semmle/python/security/TimingAttack.qll b/python/ql/src/experimental/semmle/python/security/TimingAttack.qll
@@ -122,6 +122,13 @@ private class ProduceCiphertextCall extends ProduceCryptoCall {
           .getMember(["DES", "DES3", "ARC2", "ARC4", "Blowfish", "PKCS1_v1_5"])
           .getMember(["ARC4Cipher", "new", "PKCS115_Cipher"])
           .getMember("encrypt")
+          .getACall() or
+    this =
+      cryptographylib()
+          .getMember("ciphers")
+          .getMember("Cipher")
+          .getReturn()
+          .getMember("finalize")
           .getACall()
   }
 
