Skip to content

Commit 5b08048

Browse files
bananabrbananabr
committed
TokenBuiltFromUuid formatting
1 parent b8d60ed commit 5b08048

File tree

2 files changed

+4
-7
lines changed

2 files changed

+4
-7
lines changed

javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,8 +30,8 @@ class TokenAssignmentValueSink extends DataFlow::Node {
3030
TokenAssignmentValueSink() {
3131
exists(string name | name.toLowerCase().matches(["%token", "%code"]) |
3232
exists(PropWrite pw | this = pw.getRhs() | pw.getPropertyName().toLowerCase() = name)
33-
or
34-
exists(AssignExpr ae | this = ae.getRhs().flow() |
33+
or
34+
exists(AssignExpr ae | this = ae.getRhs().flow() |
3535
ae.getLhs().(VariableAccess).getVariable().getName().toLowerCase() = name
3636
)
3737
)

python/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -20,10 +20,7 @@ import DataFlow::PathGraph
2020
class PredictableResultSource extends DataFlow::Node {
2121
PredictableResultSource() {
2222
exists(API::Node uuidCallRet |
23-
uuidCallRet =
24-
API::moduleImport("uuid")
25-
.getMember(["uuid1", "uuid3", "uuid5"])
26-
.getReturn()
23+
uuidCallRet = API::moduleImport("uuid").getMember(["uuid1", "uuid3", "uuid5"]).getReturn()
2724
|
2825
this = uuidCallRet.asSource()
2926
or
@@ -36,7 +33,7 @@ class TokenAssignmentValueSink extends DataFlow::Node {
3633
TokenAssignmentValueSink() {
3734
exists(string name | name.toLowerCase().matches(["%token", "%code"]) |
3835
exists(DefinitionNode n | n.getValue() = this.asCfgNode() | name = n.(NameNode).getId())
39-
or
36+
or
4037
exists(DataFlow::AttrWrite aw | aw.getValue() = this | name = aw.getAttributeName())
4138
)
4239
}

0 commit comments

Comments
 (0)