Python: Move experimental TimingAttackAgainstHeaderValue to new dataflow API

RasmusWL · RasmusWL · commit 3bf2705668a5 · 2023-08-28T15:31:08.000+02:00
diff --git a/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeaderValue.ql b/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeaderValue.ql
@@ -15,20 +15,26 @@ import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import experimental.semmle.python.security.TimingAttack
-import DataFlow::PathGraph
 
 /**
  * A configuration tracing flow from  a client Secret obtained by an HTTP header to a unsafe Comparison.
  */
-class ClientSuppliedSecretConfig extends TaintTracking::Configuration {
-  ClientSuppliedSecretConfig() { this = "ClientSuppliedSecretConfig" }
+private module TimingAttackAgainstHeaderValueConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof ClientSuppliedSecret }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof ClientSuppliedSecret }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof CompareSink }
+  predicate isSink(DataFlow::Node sink) { sink instanceof CompareSink }
 }
 
-from ClientSuppliedSecretConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink) and not sink.getNode().(CompareSink).flowtolen()
+module TimingAttackAgainstHeaderValueFlow =
+  TaintTracking::Global<TimingAttackAgainstHeaderValueConfig>;
+
+import TimingAttackAgainstHeaderValueFlow::PathGraph
+
+from
+  TimingAttackAgainstHeaderValueFlow::PathNode source,
+  TimingAttackAgainstHeaderValueFlow::PathNode sink
+where
+  TimingAttackAgainstHeaderValueFlow::flowPath(source, sink) and
+  not sink.getNode().(CompareSink).flowtolen()
 select sink.getNode(), source, sink, "Timing attack against $@ validation.", source.getNode(),
   "client-supplied token"
