Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 9d6b96d

Browse files
RasmusWLRasmusWL
committed
Python: Move CleartextStorage to new dataflow API
1 parent 7009544 commit 9d6b96d

2 files changed

Lines changed: 18 additions & 4 deletions

File tree

python/ql/lib/semmle/python/security/dataflow/CleartextStorageQuery.qll

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,11 @@ private import semmle.python.dataflow.new.SensitiveDataSources
1616
import CleartextStorageCustomizations::CleartextStorage
1717

1818
/**
19+
* DEPRECATED: Use `CleartextStorageFlow` module instead.
20+
*
1921
* A taint-tracking configuration for detecting "Clear-text storage of sensitive information".
2022
*/
21-
class Configuration extends TaintTracking::Configuration {
23+
deprecated class Configuration extends TaintTracking::Configuration {
2224
Configuration() { this = "CleartextStorage" }
2325

2426
override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -31,3 +33,14 @@ class Configuration extends TaintTracking::Configuration {
3133
node instanceof Sanitizer
3234
}
3335
}
36+
37+
private module CleartextStorageConfig implements DataFlow::ConfigSig {
38+
predicate isSource(DataFlow::Node source) { source instanceof Source }
39+
40+
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
41+
42+
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
43+
}
44+
45+
/** Global taint-tracking for detecting "Clear-text storage of sensitive information" vulnerabilities. */
46+
module CleartextStorageFlow = TaintTracking::Global<CleartextStorageConfig>;

python/ql/src/Security/CWE-312/CleartextStorage.ql

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,12 +15,13 @@
1515

1616
import python
1717
private import semmle.python.dataflow.new.DataFlow
18-
import DataFlow::PathGraph
18+
import CleartextStorageFlow::PathGraph
1919
import semmle.python.security.dataflow.CleartextStorageQuery
2020

21-
from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink, string classification
21+
from
22+
CleartextStorageFlow::PathNode source, CleartextStorageFlow::PathNode sink, string classification
2223
where
23-
config.hasFlowPath(source, sink) and
24+
CleartextStorageFlow::flowPath(source, sink) and
2425
classification = source.getNode().(Source).getClassification()
2526
select sink.getNode(), source, sink, "This expression stores $@ as clear text.", source.getNode(),
2627
"sensitive data (" + classification + ")"

0 commit comments

Comments
 (0)