hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Handle _ in sensitive-data-sources

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2022-06-22 10:18:59 +02:00
parent 4a844312f4
commit 4be375521f
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll
View File

@@ -50,7 +50,7 @@ module HeuristicNames {
* Gets a regular expression that identifies strings that may indicate the presence of secret * Gets a regular expression that identifies strings that may indicate the presence of secret
* or trusted data. * or trusted data.
*/ */
string maybeSecret() { result = "(?is).*((?<!is)secret|(?<!un|is)trusted).*" } string maybeSecret() { result = "(?is).*((?<!is|is_)secret|(?<!un|un_|is|is_)trusted).*" }
/** /**
* Gets a regular expression that identifies strings that may indicate the presence of * Gets a regular expression that identifies strings that may indicate the presence of

2
python/ql/test/experimental/dataflow/sensitive-data/test.py
View File

@@ -39,7 +39,7 @@ print(x) # $ SensitiveUse=password
# some prefixes makes us ignore it as a source # some prefixes makes us ignore it as a source
not_found.isSecret not_found.isSecret
not_found.is_secret # $ SPURIOUS: SensitiveDataSource=secret not_found.is_secret
def my_func(non_sensitive_name): def my_func(non_sensitive_name):
x = non_sensitive_name() x = non_sensitive_name()