Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit de9469b

Browse files
committed
Python: complete ssl.create_default_context
1 parent ee03837 commit de9469b

1 file changed

Lines changed: 11 additions & 0 deletions

File tree

  • python/ql/src/Security/CWE-327

python/ql/src/Security/CWE-327/Ssl.qll

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -132,6 +132,15 @@ class UnspecificSSLContextCreation extends SSLContextCreation, UnspecificContext
132132
}
133133
}
134134

135+
class UnspecificSSLDefaultContextCreation extends SSLDefaultContextCreation, ProtocolUnrestriction {
136+
override DataFlow::CfgNode getContext() { result = this }
137+
138+
// see https://docs.python.org/3/library/ssl.html#ssl.create_default_context
139+
override ProtocolVersion getUnrestriction() {
140+
result in ["TLSv1", "TLSv1_1", "TLSv1_2", "TLSv1_3"]
141+
}
142+
}
143+
135144
class Ssl extends TlsLibrary {
136145
Ssl() { this = "ssl" }
137146

@@ -167,5 +176,7 @@ class Ssl extends TlsLibrary {
167176
result instanceof ContextSetVersion
168177
or
169178
result instanceof UnspecificSSLContextCreation
179+
or
180+
result instanceof UnspecificSSLDefaultContextCreation
170181
}
171182
}

0 commit comments

Comments
 (0)