hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Add some cached annotations for sensitive exprs.

Browse Source
This commit is contained in:
Geoffrey White
2023-06-21 17:51:21 +01:00
parent bc16fb5b01
commit 2b99344aa7
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
swift/ql/lib/codeql/swift/security/SensitiveExprs.qll
View File

@@ -91,6 +91,7 @@ private string regexpProbablySafe() {
private class SensitiveVarDecl extends VarDecl {
SensitiveDataType sensitiveType;
cached
SensitiveVarDecl() { this.getName().regexpMatch(sensitiveType.getRegexp()) }
predicate hasInfo(string label, SensitiveDataType type) {
@@ -106,6 +107,7 @@ private class SensitiveFunction extends Function {
SensitiveDataType sensitiveType;
string name; // name of the function, not including the argument list.
cached
SensitiveFunction() {
name = this.getShortName() and
name.regexpMatch(sensitiveType.getRegexp())
@@ -123,6 +125,7 @@ private class SensitiveFunction extends Function {
private class SensitiveArgument extends Argument {
SensitiveDataType sensitiveType;
cached
SensitiveArgument() { this.getLabel().regexpMatch(sensitiveType.getRegexp()) }
predicate hasInfo(string label, SensitiveDataType type) {
@@ -174,6 +177,7 @@ class SensitiveExpr extends Expr {
* A function that is likely used to encrypt or hash data.
*/
private class EncryptionFunction extends Function {
cached
EncryptionFunction() { this.getName().regexpMatch("(?is).*(crypt|hash|encode|protect).*") }
}