Provides default sources, sinks and sanitizers for detecting “use of a broken or weak cryptographic hashing algorithm on sensitive data” vulnerabilities, as well as extension points for adding your own. This is divided into two general cases:
- hashing sensitive data
- hashing passwords (which requires the hashing algorithm to be sufficiently computationally expensive in addition to other requirements)
Import path
import codeql.rust.security.WeakSensitiveDataHashingExtensionsImports
| rust | Top-level import for the Rust language pack |
Classes
| ModeledHashOperation | An externally modeled operation that hashes data, for example a call to |
Modules
| ComputationallyExpensiveHashFunction | Provides default sources, sinks and sanitizers for detecting “use of a broken or weak cryptographic hashing algorithm on sensitive data” vulnerabilities on sensitive data that DOES require computationally expensive hashing, as well as extension points for adding your own. |
| NormalHashFunction | Provides default sources, sinks and sanitizers for detecting “use of a broken or weak cryptographic hashing algorithm on sensitive data” vulnerabilities on sensitive data that does NOT require computationally expensive hashing, as well as extension points for adding your own. |