CodeQL library for Ruby
codeql/ruby-all 3.0.1-dev (changelog, source)
Search

Module WeakSensitiveDataHashingQuery

Provides a taint-tracking configuration for detecting use of a broken or weak cryptographic hashing algorithm on sensitive data.

Note, for performance reasons: only import this file if WeakSensitiveDataHashing::Configuration is needed, otherwise WeakSensitiveDataHashingCustomizations should be imported instead.

Import path

import codeql.ruby.security.WeakSensitiveDataHashingQuery

Predicates

computationallyExpensiveHashFunctionFlowPath

Holds if data can flow from source to sink with ComputationallyExpensiveHashFunction::Flow.

normalHashFunctionFlowPath

Holds if data can flow from source to sink with NormalHashFunction::Flow.

Modules

ComputationallyExpensiveHashFunction

Provides a taint-tracking configuration for detecting use of a broken or weak cryptographic hashing algorithm on passwords.

NormalHashFunction

Provides a taint-tracking configuration for detecting use of a broken or weak cryptographic hash function on sensitive data, that does NOT require a computationally expensive hash function.

Aliases

WeakSensitiveDataHashingFlow

Global taint-tracking for detecting both variants of “use of a broken or weak cryptographic hashing algorithm on sensitive data” vulnerabilities.