Merge pull request #4512 from luchua-bc/sensitive-broadcast

Java: Sensitive broadcast
2026-02-28 12:53:49 +01:00 · 2020-11-04 10:47:48 +01:00
parent 92494441a7 26495225e0
commit 22b4df0f3c
9 changed files with 474 additions and 6 deletions
--- a/java/ql/src/semmle/code/java/security/SensitiveActions.qll
+++ b/java/ql/src/semmle/code/java/security/SensitiveActions.qll
@@ -27,6 +27,14 @@ private string nonSuspicious() {
  result = "%crypt%"
 }

+/**
+ * Gets a regular expression for matching common names of variables that indicate the value being held contains sensitive information.
+ */
+string getCommonSensitiveInfoRegex() {
+  result = "(?i).*challenge|pass(wd|word|code|phrase)(?!.*question).*" or
+  result = "(?i).*(token|secret).*"
+}
+
 /** An expression that might contain sensitive data. */
 abstract class SensitiveExpr extends Expr { }