Autoformat

ahmed-farid-dev · web-flow · commit a50c226ca94a · 2022-09-03T12:10:55.000+01:00
diff --git a/python/ql/src/experimental/semmle/python/security/TimingAttack.qll b/python/ql/src/experimental/semmle/python/security/TimingAttack.qll
@@ -185,8 +185,8 @@ private string suspicious() {
   result =
     [
       "%password%", "%passwd%", "%pwd%", "%refresh%token%", "%secret%token", "%secret%key",
-      "%passcode%", "%passphrase%", "%token%", "%secret%", "%credential%", "%userpass%",
-      "%digest%", "%signature%", "%mac%"
+      "%passcode%", "%passphrase%", "%token%", "%secret%", "%credential%", "%userpass%", "%digest%",
+      "%signature%", "%mac%"
     ]
 }
 
@@ -208,7 +208,8 @@ abstract class ClientSuppliedSecret extends API::CallNode { }
 private class FlaskClientSuppliedSecret extends ClientSuppliedSecret {
   FlaskClientSuppliedSecret() {
     this = Flask::request().getMember("headers").getMember(["get", "get_all", "getlist"]).getACall() and
-    this.getParameter(0, ["key", "name"]).asSink().asExpr().(StrConst).getText().toLowerCase() = sensitiveheaders()
+    this.getParameter(0, ["key", "name"]).asSink().asExpr().(StrConst).getText().toLowerCase() =
+      sensitiveheaders()
   }
 }
 
@@ -219,7 +220,8 @@ private class DjangoClientSuppliedSecret extends ClientSuppliedSecret {
           .getMember(["headers", "META"])
           .getMember("get")
           .getACall() and
-    this.getParameter(0, "key").asSink().asExpr().(StrConst).getText().toLowerCase() = sensitiveheaders()
+    this.getParameter(0, "key").asSink().asExpr().(StrConst).getText().toLowerCase() =
+      sensitiveheaders()
   }
 }
 
@@ -231,7 +233,8 @@ API::Node requesthandler() {
 private class TornadoClientSuppliedSecret extends ClientSuppliedSecret {
   TornadoClientSuppliedSecret() {
     this = requesthandler().getMember(["headers", "META"]).getMember("get").getACall() and
-    this.getParameter(0, "key").asSink().asExpr().(StrConst).getText().toLowerCase() = sensitiveheaders()
+    this.getParameter(0, "key").asSink().asExpr().(StrConst).getText().toLowerCase() =
+      sensitiveheaders()
   }
 }
 
@@ -244,7 +247,8 @@ private class WerkzeugClientSuppliedSecret extends ClientSuppliedSecret {
   WerkzeugClientSuppliedSecret() {
     this =
       headers().getMember(["headers", "META"]).getMember(["get", "get_all", "getlist"]).getACall() and
-    this.getParameter(0, ["key", "name"]).asSink().asExpr().(StrConst).getText().toLowerCase() = sensitiveheaders()
+    this.getParameter(0, ["key", "name"]).asSink().asExpr().(StrConst).getText().toLowerCase() =
+      sensitiveheaders()
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -185,8 +185,8 @@ private string suspicious() {`
`185`	`185`	`result =`
`186`	`186`	`[`
`187`	`187`	`"%password%", "%passwd%", "%pwd%", "%refresh%token%", "%secret%token", "%secret%key",`
`188`		`- "%passcode%", "%passphrase%", "%token%", "%secret%", "%credential%", "%userpass%",`
`189`		`- "%digest%", "%signature%", "%mac%"`
	`188`	`+ "%passcode%", "%passphrase%", "%token%", "%secret%", "%credential%", "%userpass%", "%digest%",`
	`189`	`+ "%signature%", "%mac%"`
`190`	`190`	`]`
`191`	`191`	`}`
`192`	`192`
`@@ -208,7 +208,8 @@ abstract class ClientSuppliedSecret extends API::CallNode { }`
`208`	`208`	`private class FlaskClientSuppliedSecret extends ClientSuppliedSecret {`
`209`	`209`	`FlaskClientSuppliedSecret() {`
`210`	`210`	`this = Flask::request().getMember("headers").getMember(["get", "get_all", "getlist"]).getACall() and`
`211`		`- this.getParameter(0, ["key", "name"]).asSink().asExpr().(StrConst).getText().toLowerCase() = sensitiveheaders()`
	`211`	`+ this.getParameter(0, ["key", "name"]).asSink().asExpr().(StrConst).getText().toLowerCase() =`
	`212`	`+ sensitiveheaders()`
`212`	`213`	`}`
`213`	`214`	`}`
`214`	`215`
`@@ -219,7 +220,8 @@ private class DjangoClientSuppliedSecret extends ClientSuppliedSecret {`
`219`	`220`	`.getMember(["headers", "META"])`
`220`	`221`	`.getMember("get")`
`221`	`222`	`.getACall() and`
`222`		`- this.getParameter(0, "key").asSink().asExpr().(StrConst).getText().toLowerCase() = sensitiveheaders()`
	`223`	`+ this.getParameter(0, "key").asSink().asExpr().(StrConst).getText().toLowerCase() =`
	`224`	`+ sensitiveheaders()`
`223`	`225`	`}`
`224`	`226`	`}`
`225`	`227`
`@@ -231,7 +233,8 @@ API::Node requesthandler() {`
`231`	`233`	`private class TornadoClientSuppliedSecret extends ClientSuppliedSecret {`
`232`	`234`	`TornadoClientSuppliedSecret() {`
`233`	`235`	`this = requesthandler().getMember(["headers", "META"]).getMember("get").getACall() and`
`234`		`- this.getParameter(0, "key").asSink().asExpr().(StrConst).getText().toLowerCase() = sensitiveheaders()`
	`236`	`+ this.getParameter(0, "key").asSink().asExpr().(StrConst).getText().toLowerCase() =`
	`237`	`+ sensitiveheaders()`
`235`	`238`	`}`
`236`	`239`	`}`
`237`	`240`
`@@ -244,7 +247,8 @@ private class WerkzeugClientSuppliedSecret extends ClientSuppliedSecret {`
`244`	`247`	`WerkzeugClientSuppliedSecret() {`
`245`	`248`	`this =`
`246`	`249`	`headers().getMember(["headers", "META"]).getMember(["get", "get_all", "getlist"]).getACall() and`
`247`		`- this.getParameter(0, ["key", "name"]).asSink().asExpr().(StrConst).getText().toLowerCase() = sensitiveheaders()`
	`250`	`+ this.getParameter(0, ["key", "name"]).asSink().asExpr().(StrConst).getText().toLowerCase() =`
	`251`	`+ sensitiveheaders()`
`248`	`252`	`}`
`249`	`253`	`}`
`250`	`254`