hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: configsig rb/clear-text-logging-sensitive-data

Browse Source
This commit is contained in:
Alex Ford
2023-08-22 16:49:57 +01:00
parent ce35d6921f
commit 2a2f21d3a9
2 changed files with 28 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
ruby/ql/lib/codeql/ruby/security/CleartextLoggingQuery.qll
View File

@@ -2,7 +2,7 @@
* Provides a taint-tracking configuration for "Clear-text logging of sensitive information".
*
* Note, for performance reasons: only import this file if
* `CleartextLogging::Configuration` is needed, otherwise
* `CleartextLoggingFlow` is needed, otherwise
* `CleartextLoggingCustomizations` should be imported instead.
*/
@@ -10,25 +10,43 @@ private import codeql.ruby.AST
private import codeql.ruby.DataFlow
private import codeql.ruby.TaintTracking
import CleartextLoggingCustomizations::CleartextLogging
private import CleartextLoggingCustomizations::CleartextLogging as CleartextLogging
private import CleartextLoggingCustomizations::CleartextLogging as CL
/**
* A taint-tracking configuration for detecting "Clear-text logging of sensitive information".
* DEPRECATED: Use `CleartextLoggingFlow` instead
*/
class Configuration extends TaintTracking::Configuration {
deprecated class Configuration extends TaintTracking::Configuration {
Configuration() { this = "CleartextLogging" }
override predicate isSource(DataFlow::Node source) { source instanceof CleartextLogging::Source }
override predicate isSource(DataFlow::Node source) { source instanceof CL::Source }
override predicate isSink(DataFlow::Node sink) { sink instanceof CleartextLogging::Sink }
override predicate isSink(DataFlow::Node sink) { sink instanceof CL::Sink }
override predicate isSanitizer(DataFlow::Node node) {
super.isSanitizer(node)
or
node instanceof CleartextLogging::Sanitizer
node instanceof CL::Sanitizer
}
override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
CleartextLogging::isAdditionalTaintStep(nodeFrom, nodeTo)
CL::isAdditionalTaintStep(nodeFrom, nodeTo)
}
}
private module Config implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof CL::Source }
predicate isSink(DataFlow::Node sink) { sink instanceof CL::Sink }
predicate isBarrier(DataFlow::Node node) { node instanceof CL::Sanitizer }
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
CL::isAdditionalTaintStep(nodeFrom, nodeTo)
}
}
/**
* Taint-tracking for detecting "Clear-text logging of sensitive information".
*/
module CleartextLoggingFlow = TaintTracking::Global<Config>;