Skip to content

Commit

Permalink
Ruby: use in SensitiveDataHashing
Browse files Browse the repository at this point in the history
  • Loading branch information
@asgerf
asgerf committed Dec 16, 2024
1 parent c417dc4 commit 646395b
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 7 deletions.
4 changes: 1 addition & 3 deletions ruby/ql/lib/codeql/ruby/security/WeakSensitiveDataHashingQuery.qll
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,9 +68,7 @@ module ComputationallyExpensiveHashFunction {
* `computationallyExpensiveHashFunctionFlowPath`.
*/
module WeakSensitiveDataHashingFlow =
DataFlow::MergePathGraph<NormalHashFunction::Flow::PathNode,
ComputationallyExpensiveHashFunction::Flow::PathNode, NormalHashFunction::Flow::PathGraph,
ComputationallyExpensiveHashFunction::Flow::PathGraph>;
DataFlow::MergeFlows<NormalHashFunction::Flow, ComputationallyExpensiveHashFunction::Flow>;

/** Holds if data can flow from `source` to `sink` with `NormalHashFunction::Flow`. */
predicate normalHashFunctionFlowPath(
Expand Down
6 changes: 2 additions & 4 deletions ruby/ql/src/queries/security/cwe-327/WeakSensitiveDataHashing.ql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,9 @@

import ruby
import codeql.ruby.security.WeakSensitiveDataHashingQuery
import WeakSensitiveDataHashingFlow::PathGraph
import WeakSensitiveDataHashingFlow

from
WeakSensitiveDataHashingFlow::PathNode source, WeakSensitiveDataHashingFlow::PathNode sink,
string ending, string algorithmName, string classification
from PathNode source, PathNode sink, string ending, string algorithmName, string classification
where
normalHashFunctionFlowPath(source, sink) and
algorithmName = sink.getNode().(NormalHashFunction::Sink).getAlgorithmName() and
Expand Down

0 comments on commit 646395b

Please sign in to comment.