change PasswordFnSink to RandomFnSink

liangjinhuang · liangjinhuang · commit 77b5f422bafe · 2021-12-11T12:31:20.000+08:00
diff --git a/python/ql/lib/semmle/python/security/dataflow/InsecureRandomnessCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/InsecureRandomnessCustomizations.qll
@@ -55,14 +55,14 @@ module InsecureRandomness {
   }
   
   /**
-   * A use in a function that heuristically deals with passwords.
+   * A use in a function that heuristically deals with unsafe random numbers or random strings.
    */
-  class PasswordFnSink extends Sink {
-    PasswordFnSink() {
-      exists(DataFlowCallable passwordFn |
-        passwordFn.getName().regexpMatch("(?i).*(gen(erate)?|salt|make|mk)Password.*")
+  class RandomFnSink extends Sink {
+    RandomFnSink() {
+      exists(DataFlowCallable randomFn |
+        randomFn.getName().regexpMatch("(?i).*(gen(erate)?|salt|make|mk).*")
       |
-        this.getEnclosingCallable() = passwordFn
+        this.getEnclosingCallable() = randomFn
       )
     }
   }

Original file line number	Diff line number	Diff line change
`@@ -55,14 +55,14 @@ module InsecureRandomness {`
`55`	`55`	`}`
`56`	`56`
`57`	`57`	`/**`
`58`		`- * A use in a function that heuristically deals with passwords.`
	`58`	`+ * A use in a function that heuristically deals with unsafe random numbers or random strings.`
`59`	`59`	`*/`
`60`		`- class PasswordFnSink extends Sink {`
`61`		`- PasswordFnSink() {`
`62`		`- exists(DataFlowCallable passwordFn \|`
`63`		`- passwordFn.getName().regexpMatch("(?i).(gen(erate)?\|salt\|make\|mk)Password.")`
	`60`	`+ class RandomFnSink extends Sink {`
	`61`	`+ RandomFnSink() {`
	`62`	`+ exists(DataFlowCallable randomFn \|`
	`63`	`+ randomFn.getName().regexpMatch("(?i).(gen(erate)?\|salt\|make\|mk).")`
`64`	`64`	`\|`
`65`		`- this.getEnclosingCallable() = passwordFn`
	`65`	`+ this.getEnclosingCallable() = randomFn`
`66`	`66`	`)`
`67`	`67`	`}`
`68`	`68`	`}`