Module BrokenCryptoAlgorithmConfig

A taint tracking configuration for sensitive information in broken or weak cryptographic algorithms.

This configuration identifies flows from Sources, which are sources of sensitive data, to Sinks, which is an abstract class representing all the places sensitive data may used in broken or weak cryptographic algorithms. Additional sources or sinks can be added either by extending the relevant class, or by subclassing this configuration itself, and amending the sources and sinks.

Import path

import semmle.javascript.security.dataflow.BrokenCryptoAlgorithmQuery

Predicates

getASelectedSinkLocation	Gets a location that will be associated with the given `sink` in a diff-informed query that uses this configuration (see `observeDiffInformedIncrementalMode`). By default, this is the location of the sink itself, but this predicate should include any locations that are reported as the primary-location of the query or as an additional location (“$@” interpolation). Queries with `@kind path-problem` that override this predicate should also return the location of the sink itself. For a query that doesn’t report the sink at all, this predicate should be `none()`.
isBarrier	Holds if data flow through `node` is prohibited. This completely removes `node` from the data flow graph.
isSink	Holds if `sink` is a relevant data flow sink.
isSource	Holds if `source` is a relevant data flow source.
observeDiffInformedIncrementalMode	Holds if sources and sinks should be filtered to only include those that may lead to a flow path with either a source or a sink in the location range given by `AlertFiltering`. This only has an effect when running in diff-informed incremental mode.