CodeQL library for Python
codeql/python-all 0.6.4 (changelog, source)
Search

Module NormalHashFunction

Provides default sources, sinks and sanitizers for detecting “use of a broken or weak cryptographic hashing algorithm on sensitive data” vulnerabilities on sensitive data that does NOT require computationally expensive hashing, as well as extension points for adding your own.

Also see the ComputationallyExpensiveHashFunction module.

Import path

import semmle.python.security.dataflow.WeakSensitiveDataHashingCustomizations

Classes

Sanitizer

A sanitizer for “use of a broken or weak cryptographic hashing algorithm on sensitive data” vulnerabilities.

SensitiveDataSourceAsSource

A source of sensitive data, considered as a flow source.

Sink

A data flow sink for “use of a broken or weak cryptographic hashing algorithm on sensitive data” vulnerabilities.

Source

A data flow source for “use of a broken or weak cryptographic hashing algorithm on sensitive data” vulnerabilities.

WeakHashingOperationInputSink

The input to a hashing operation using a weak algorithm, considered as a flow sink.