From 98538d237e27b3b0eca8de81c369acf60525ade6 Mon Sep 17 00:00:00 2001 From: Rasmus Wriedt Larsen Date: Mon, 28 Aug 2023 11:56:41 +0200 Subject: [PATCH] Python: Autoformat --- .../Security/CWE-176/UnicodeBypassValidationQuery.qll | 3 +-- .../PossibleTimingAttackAgainstHash.ql | 4 +++- .../PossibleTimingAttackAgainstSensitiveInfo.ql | 6 ++++-- .../src/experimental/Security/CWE-338/InsecureRandomness.ql | 1 - .../Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql | 4 ++-- .../ql/src/experimental/Security/CWE-614/CookieInjection.ql | 4 +--- .../experimental/semmle/python/security/TimingAttack.qll | 2 +- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll index 169c71a0c09..a5d9d53b084 100644 --- a/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll +++ b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll @@ -36,8 +36,7 @@ private module UnicodeBypassValidationConfig implements DataFlow::StateConfigSig } predicate isAdditionalFlowStep( - DataFlow::Node nodeFrom, FlowState stateFrom, DataFlow::Node nodeTo, - FlowState stateTo + DataFlow::Node nodeFrom, FlowState stateFrom, DataFlow::Node nodeTo, FlowState stateTo ) { ( exists(Escaping escaping | nodeFrom = escaping.getAnInput() and nodeTo = escaping.getOutput()) diff --git a/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql b/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql index 7a6a3f946bc..c28b51f02d7 100644 --- a/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql +++ b/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql @@ -32,7 +32,9 @@ module PossibleTimingAttackAgainstHashFlow = TaintTracking::Global; + TaintTracking::Global; import PossibleTimingAttackAgainstSensitiveInfoFlow::PathGraph -from PossibleTimingAttackAgainstSensitiveInfoFlow::PathNode source, PossibleTimingAttackAgainstSensitiveInfoFlow::PathNode sink +from + PossibleTimingAttackAgainstSensitiveInfoFlow::PathNode source, + PossibleTimingAttackAgainstSensitiveInfoFlow::PathNode sink where PossibleTimingAttackAgainstSensitiveInfoFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Timing attack against $@ validation.", source.getNode(), "client-supplied token" diff --git a/python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql b/python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql index 3e48068f015..1991300726b 100644 --- a/python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql +++ b/python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql @@ -16,7 +16,6 @@ import python import experimental.semmle.python.security.InsecureRandomness import semmle.python.dataflow.new.DataFlow - import InsecureRandomness::Flow::PathGraph from InsecureRandomness::Flow::PathNode source, InsecureRandomness::Flow::PathNode sink diff --git a/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql b/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql index b1d598f4749..51d6c9b6652 100644 --- a/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql +++ b/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql @@ -47,9 +47,9 @@ private module ClientSuppliedIpUsedInSecurityCheckConfig implements DataFlow::Co } } - /** Global taint-tracking for detecting "client ip used in security check" vulnerabilities. */ -module ClientSuppliedIpUsedInSecurityCheckFlow = TaintTracking::Global; +module ClientSuppliedIpUsedInSecurityCheckFlow = + TaintTracking::Global; from ClientSuppliedIpUsedInSecurityCheckFlow::PathNode source, diff --git a/python/ql/src/experimental/Security/CWE-614/CookieInjection.ql b/python/ql/src/experimental/Security/CWE-614/CookieInjection.ql index 60e0fc4a0e4..4193e37dee2 100644 --- a/python/ql/src/experimental/Security/CWE-614/CookieInjection.ql +++ b/python/ql/src/experimental/Security/CWE-614/CookieInjection.ql @@ -17,9 +17,7 @@ import experimental.semmle.python.CookieHeader import experimental.semmle.python.security.injection.CookieInjection import CookieInjectionFlow::PathGraph -from - CookieInjectionFlow::PathNode source, CookieInjectionFlow::PathNode sink, - string insecure +from CookieInjectionFlow::PathNode source, CookieInjectionFlow::PathNode sink, string insecure where CookieInjectionFlow::flowPath(source, sink) and if exists(sink.getNode().(CookieSink)) diff --git a/python/ql/src/experimental/semmle/python/security/TimingAttack.qll b/python/ql/src/experimental/semmle/python/security/TimingAttack.qll index 37d3a35158d..23bd4dc268d 100644 --- a/python/ql/src/experimental/semmle/python/security/TimingAttack.qll +++ b/python/ql/src/experimental/semmle/python/security/TimingAttack.qll @@ -263,7 +263,7 @@ private string sensitiveheaders() { /** * A config that tracks data flow from remote user input to Variable that hold sensitive info */ -module UserInputSecretConfig implements DataFlow::ConfigSig { +module UserInputSecretConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof CredentialExpr }