Python: _ in var name not handled by sensitive-data-sources

2025-12-24 04:36:35 +01:00 · 2022-06-22 10:18:14 +02:00
parent 5dc2bb717a
commit 4a844312f4
1 changed files with 4 additions and 0 deletions
--- a/python/ql/test/experimental/dataflow/sensitive-data/test.py
+++ b/python/ql/test/experimental/dataflow/sensitive-data/test.py
@@ -37,6 +37,10 @@ f = not_found.get_passwd # $ SensitiveDataSource=password
 x = f()
 print(x) # $ SensitiveUse=password

+# some prefixes makes us ignore it as a source
+not_found.isSecret
+not_found.is_secret # $ SPURIOUS: SensitiveDataSource=secret
+
 def my_func(non_sensitive_name):
    x = non_sensitive_name()
    print(x) # $ SensitiveUse=password