CodeQL library for Python
codeql/python-all 2.1.1-dev (changelog, source)
Search

Module ComputationallyExpensiveHashFunction

Provides default sources, sinks and sanitizers for detecting “use of a broken or weak cryptographic hashing algorithm on sensitive data” vulnerabilities on sensitive data that DOES require computationally expensive hashing, as well as extension points for adding your own.

Also see the NormalHashFunction module.

Import path

import semmle.python.security.dataflow.WeakSensitiveDataHashingCustomizations

Classes

PasswordSourceAsSource

A source of passwords, considered as a flow source.

Sanitizer

A sanitizer of sensitive data that requires computationally expensive hashing for “use of a broken or weak cryptographic hashing algorithm on sensitive data” vulnerabilities.

Sink

A data flow sink for sensitive data that requires computationally expensive hashing for “use of a broken or weak cryptographic hashing algorithm on sensitive data” vulnerabilities.

Source

A data flow source of sensitive data that requires computationally expensive hashing for “use of a broken or weak cryptographic hashing algorithm on sensitive data” vulnerabilities.

WeakPasswordHashingOperationInputSink

The input to a password hashing operation using a weak algorithm, considered as a flow sink.