Update python/ql/src/Security/CWE-327/InsecureDefaultProtocol.ql

yoff · RasmusWL · web-flow · commit 7f7320ae4c36 · 2021-02-26T10:56:48.000+01:00
Co-authored-by: Rasmus Wriedt Larsen &lt;rasmuswriedtlarsen@gmail.com&gt;
diff --git a/python/ql/src/Security/CWE-327/InsecureDefaultProtocol.ql b/python/ql/src/Security/CWE-327/InsecureDefaultProtocol.ql
@@ -23,7 +23,7 @@ CallNode unsafe_call(string method_name) {
   not exists(result.getArg(0)) and
   method_name = "ssl.SSLContext" and
   // in version 3.4, flags were introduced to modify cotexts created with default values
-  (major_version() < 3 or minor_version() < 4)
+  (major_version() = 2 or major_version() = 3 and minor_version() < 4)
 }
 
 from CallNode call, string method_name

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ CallNode unsafe_call(string method_name) {`
`23`	`23`	`not exists(result.getArg(0)) and`
`24`	`24`	`method_name = "ssl.SSLContext" and`
`25`	`25`	`// in version 3.4, flags were introduced to modify cotexts created with default values`
`26`		`- (major_version() < 3 or minor_version() < 4)`
	`26`	`+ (major_version() = 2 or major_version() = 3 and minor_version() < 4)`
`27`	`27`	`}`
`28`	`28`
`29`	`29`	`from CallNode call, string method_name`