hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

C++: Convert to C++ and make it look more like SensitiveExprs.qll.

Browse Source
This commit is contained in:
Geoffrey White
2022-03-24 17:40:56 +00:00
parent ec98269a24
commit 0453c0f0a1
1 changed files with 29 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
cpp/ql/lib/semmle/code/cpp/security/PrivateData.qll
View File

@@ -1,16 +1,16 @@
/** /**
* Provides classes and predicates for identifying private data and methods for security. * Provides classes for heuristically identifying variables and functions that
* might contain or return sensitive private data.
* *
* 'Private' data in general is anything that would compromise user privacy if exposed. This * 'Private' data in general is anything that would compromise user privacy if
* library tries to guess where private data may either be stored in a variable or produced by a * exposed. This library tries to guess where private data may either be stored
* method. * in a variable or returned by a function call.
* *
* This library is not concerned with credentials. See `SensitiveActions` for expressions related * This library is not concerned with credentials. See `SensitiveExprs.qll` for
* to credentials. * expressions related to credentials.
*/ */
import csharp import cpp
import semmle.code.csharp.frameworks.system.windows.Forms
/** A string for `match` that identifies strings that look like they represent private data. */ /** A string for `match` that identifies strings that look like they represent private data. */
private string privateNames() { private string privateNames() {
@@ -32,35 +32,32 @@ private string privateNames() {
] ]
} }
/** An expression that might contain private data. */ /**
abstract class PrivateDataExpr extends Expr { } * A variable that might contain sensitive private information.
*/
/** A method call that might produce private data. */ class PrivateDataVariable extends Variable {
class PrivateMethodCall extends PrivateDataExpr, MethodCall { PrivateDataVariable() {
PrivateMethodCall() { this.getName().toLowerCase().matches(privateNames()) and
exists(string s | this.getTarget().getName().toLowerCase() = s | s.matches(privateNames())) not this.getUnspecifiedType() instanceof IntegralType
} }
} }
/** An indexer access that might produce private data. */ /**
class PrivateIndexerAccess extends PrivateDataExpr, IndexerAccess { * A function that might return sensitive private information.
PrivateIndexerAccess() { */
exists(string s | this.getAnIndex().getValue().toLowerCase() = s | s.matches(privateNames())) class PrivateDataFunction extends Function {
PrivateDataFunction() {
this.getName().toLowerCase().matches(privateNames()) and
not this.getUnspecifiedType() instanceof IntegralType
} }
} }
/** An access to a variable that might contain private data. */ /**
class PrivateVariableAccess extends PrivateDataExpr, VariableAccess { * An expression whose value might be sensitive private information.
PrivateVariableAccess() { */
exists(string s | this.getTarget().getName().toLowerCase() = s | s.matches(privateNames())) class PrivateDataExpr extends Expr {
} PrivateDataExpr() {
} this.(VariableAccess).getTarget() instanceof PrivateDataVariable or
this.(FunctionCall).getTarget() instanceof PrivateDataFunction
/** Reading the text property of a control that might contain private data. */
class PrivateControlAccess extends PrivateDataExpr {
PrivateControlAccess() {
exists(TextControl c |
this = c.getARead() and c.getName().toLowerCase().matches(privateNames())
)
} }
} }