Skip to content

Instantly share code, notes, and snippets.

@artem-smotrakov

artem-smotrakov/NonConstantTimeCryptoComparisonConfig.ql

Created August 15, 2021 14:24
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save artem-smotrakov/3da997736194c9f9e289600eea4a34d0 to your computer and use it in GitHub Desktop.
Save artem-smotrakov/3da997736194c9f9e289600eea4a34d0 to your computer and use it in GitHub Desktop.
Download ZIP
A data flow tracking config for detecting timing attacks in Java code
Raw
NonConstantTimeCryptoComparisonConfig.ql
class NonConstantTimeCryptoComparisonConfig extends TaintTracking::Configuration {
NonConstantTimeCryptoComparisonConfig() { this = "NonConstantTimeCryptoComparisonConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof CryptoOperationSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof NonConstantTimeComparisonSink }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment