CodeQL library for Python
codeql/python-all 0.6.4 (changelog, source)
Search

Module ComputationallyExpensiveHashFunction

Provides a taint-tracking configuration for detecting use of a broken or weak cryptographic hashing algorithm on passwords.

Passwords has stricter requirements on the hashing algorithm used (must be computationally expensive to prevent brute-force attacks).

Import path

import semmle.python.security.dataflow.WeakSensitiveDataHashingQuery

Imports

ComputationallyExpensiveHashFunction

Provides default sources, sinks and sanitizers for detecting “use of a broken or weak cryptographic hashing algorithm on sensitive data” vulnerabilities on sensitive data that DOES require computationally expensive hashing, as well as extension points for adding your own.

Classes

Configuration

A taint-tracking configuration for detecting use of a broken or weak cryptographic hashing algorithm on passwords.