Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ab6a7bb

Browse files
ahmed-farid-devsmowton
ahmed-farid-dev
authored and
smowton
committed
Update TimingAttackAgainstHeader.ql
1 parent 49feeb1 commit ab6a7bb

1 file changed

Lines changed: 14 additions & 0 deletions

File tree

java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.ql

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,17 @@
1+
/**
2+
* @name Timing attack against headers value
3+
* @description A constant-time algorithm should be used for checking the value of headers.
4+
* In other words, the comparison time should not depend on the content of the input
5+
* Otherwise, an attacker may be able to implement a timing attacks that may reveal the value of sensitive headers
6+
* @kind path-problem
7+
* @problem.severity error
8+
* @precision high
9+
* @id java/timing-attack-against-headers-value
10+
* @tags security
11+
* external/cwe/cwe-208
12+
*/
13+
14+
115
import java
216
import semmle.code.java.dataflow.FlowSources
317
import semmle.code.java.dataflow.TaintTracking

0 commit comments

Comments
 (0)