CodeQL library for Python
codeql/python-all 2.2.1-dev (changelog, source)
Search

Module ComputationallyExpensiveHashFunction

Provides a taint-tracking configuration for detecting use of a broken or weak cryptographic hashing algorithm on passwords.

Passwords has stricter requirements on the hashing algorithm used (must be computationally expensive to prevent brute-force attacks).

Import path

import semmle.python.security.dataflow.WeakSensitiveDataHashingQuery

Imports

ComputationallyExpensiveHashFunction

Provides default sources, sinks and sanitizers for detecting “use of a broken or weak cryptographic hashing algorithm on sensitive data” vulnerabilities on sensitive data that DOES require computationally expensive hashing, as well as extension points for adding your own.

Aliases

Flow

Global taint-tracking for detecting “use of a broken or weak cryptographic hashing algorithm on passwords” vulnerabilities.