Python: Move experimental TimingAttackAgainstHash to new dataflow API

RasmusWL · RasmusWL · commit c88a0ccb7c45 · 2023-08-28T15:31:07.000+02:00
diff --git a/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.ql b/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.ql
@@ -16,23 +16,24 @@ import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import experimental.semmle.python.security.TimingAttack
-import DataFlow::PathGraph
 
 /**
  * A configuration that tracks data flow from cryptographic operations
  * to Equality test.
  */
-class TimingAttackAgainsthash extends TaintTracking::Configuration {
-  TimingAttackAgainsthash() { this = "TimingAttackAgainsthash" }
+private module TimingAttackAgainstHashConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof ProduceCryptoCall }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof ProduceCryptoCall }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof NonConstantTimeComparisonSink }
+  predicate isSink(DataFlow::Node sink) { sink instanceof NonConstantTimeComparisonSink }
 }
 
-from TimingAttackAgainsthash config, DataFlow::PathNode source, DataFlow::PathNode sink
+module TimingAttackAgainstHashFlow = TaintTracking::Global<TimingAttackAgainstHashConfig>;
+
+import TimingAttackAgainstHashFlow::PathGraph
+
+from TimingAttackAgainstHashFlow::PathNode source, TimingAttackAgainstHashFlow::PathNode sink
 where
-  config.hasFlowPath(source, sink) and
+  TimingAttackAgainstHashFlow::flowPath(source, sink) and
   sink.getNode().(NonConstantTimeComparisonSink).includesUserInput()
 select sink.getNode(), source, sink, "Timing attack against $@ validation.",
   source.getNode().(ProduceCryptoCall).getResultType(), "message"
