Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit cef6b95

Browse files
smiddy007smiddy007
committed
Fixed Conflicts due to recent changes to file
1 parent ad527b8 commit cef6b95

2 files changed

Lines changed: 11 additions & 9 deletions

File tree

javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44

55
import javascript
66
import semmle.javascript.Concepts::Cryptography
7+
private import semmle.javascript.security.internal.CryptoAlgorithmNames
78

89
/**
910
* A key used in a cryptographic algorithm.
@@ -353,7 +354,7 @@ private module CryptoJS {
353354
input = result.getParameter(0)
354355
}
355356

356-
private DataFlow::CallNode getUpdatedApplication (DataFlow::Node input, InstantiatedAlgorithm instantiation) {
357+
private API::CallNode getUpdatedApplication (API::Node input, InstantiatedAlgorithm instantiation) {
357358
/*
358359
* ```
359360
* var CryptoJS = require("crypto-js");
@@ -375,12 +376,13 @@ private module CryptoJS {
375376
*/
376377

377378
result = instantiation.getAMemberCall("update") and
378-
input = result.getArgument(0)
379+
input = result.getParameter(0)
379380
}
380381

381382
private class Apply extends CryptographicOperation::Range instanceof API::CallNode {
382383
API::Node input;
383384
CryptographicAlgorithm algorithm; // non-functional
385+
InstantiatedAlgorithm instantiation;
384386

385387
Apply() {
386388
this = getEncryptionApplication(input, algorithm) or

javascript/ql/src/Security/CWE-916/examples/InsufficientPasswordHash_CryptoJS.js

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
1-
const crypto = require('crypto-js')
2-
function hashPassword(email, password) {
3-
var algo = crypto.algo.SHA512.create()
4-
algo.update(password, 'utf-8') // BAD
5-
algo.update(email.toLowerCase(), 'utf-8')
6-
var hash = algo.finalize()
7-
return hash.toString(crypto.enc.Base64)
1+
const crypto = require('crypto-js')
2+
function hashPassword(email, password) {
3+
var algo = crypto.algo.SHA512.create()
4+
algo.update(password, 'utf-8') // BAD
5+
algo.update(email.toLowerCase(), 'utf-8')
6+
var hash = algo.finalize()
7+
return hash.toString(crypto.enc.Base64)
88
}

0 commit comments

Comments
 (0)