File tree Expand file tree Collapse file tree 1 file changed +3
-3
lines changed
python/ql/src/experimental/Security/CWE-287-ConstantSecretKey Expand file tree Collapse file tree 1 file changed +3
-3
lines changed Original file line number Diff line number Diff line change @@ -11,12 +11,12 @@ class WebAppConstantSecretKeySource extends DataFlow::Node {
1111 env = API:: moduleImport ( "environ" ) .getMember ( "Env" ) and
1212 // has default value
1313 exists ( API:: Node param | param = env .getKeywordParameter ( "SECRET_KEY" ) |
14- param .asSink ( ) .asExpr ( ) .getASubExpression * ( ) . isConstant ( )
14+ param .asSink ( ) .asExpr ( ) .getASubExpression * ( ) instanceof StrConst
1515 ) and
1616 this = env .getReturn ( ) .getReturn ( ) .asSource ( )
1717 )
1818 or
19- this .asExpr ( ) . isConstant ( )
19+ this .asExpr ( ) instanceof StrConst
2020 or
2121 exists ( API:: CallNode cn |
2222 cn =
@@ -25,7 +25,7 @@ class WebAppConstantSecretKeySource extends DataFlow::Node {
2525 API:: moduleImport ( "os" ) .getMember ( "environ" ) .getMember ( "get" ) .getACall ( )
2626 ] and
2727 cn .getNumArgument ( ) = 2 and
28- DataFlow:: localFlow ( any ( DataFlow:: Node n | n .asExpr ( ) . isConstant ( ) ) , cn .getArg ( 1 ) ) and
28+ DataFlow:: localFlow ( any ( DataFlow:: Node n | n .asExpr ( ) instanceof StrConst ) , cn .getArg ( 1 ) ) and
2929 this .asExpr ( ) = cn .asExpr ( )
3030 )
3131 ) and
You can’t perform that action at this time.
0 commit comments