hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 21:25:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9649 from RasmusWL/certificate-modeling

Browse Source 
Python/JS/Ruby: Ignore common words (like certain) as sensitive data source
This commit is contained in:
Rasmus Wriedt Larsen
2022-06-23 12:04:58 +02:00
committed by GitHub
parent 9b587843ff 876ba71d9b
commit 3248f7b423
7 changed files with 39 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
python/ql/test/experimental/dataflow/sensitive-data/test.py
View File

@@ -37,6 +37,10 @@ f = not_found.get_passwd # $ SensitiveDataSource=password
x = f()
print(x) # $ SensitiveUse=password
# some prefixes makes us ignore it as a source
not_found.isSecret
not_found.is_secret
def my_func(non_sensitive_name):
x = non_sensitive_name()
print(x) # $ SensitiveUse=password
@@ -56,6 +60,11 @@ getattr(foo, x) # $ SensitiveDataSource=password
def my_func(password): # $ SensitiveDataSource=password
print(password) # $ SensitiveUse=password
# FP where the `cert` in `uncertainty` makes us treat it like a certificate
# https://github.com/github/codeql/issues/9632
def my_other_func(uncertainty):
print(uncertainty)
password = some_function() # $ SensitiveDataSource=password
print(password) # $ SensitiveUse=password