Merge pull request #7652 from RasmusWL/cleartext-remove-fps

Python: Remove usernames as sensitive source for cleartext queries
2026-02-23 10:23:41 +01:00 · 2022-01-21 11:30:40 +01:00
parent b02f1c87a1 f53dce3a83
commit 4fd0ada9a8
7 changed files with 72 additions and 0 deletions
--- a/python/ql/lib/semmle/python/security/dataflow/CleartextLoggingCustomizations.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/CleartextLoggingCustomizations.qll
@@ -40,6 +40,10 @@ module CleartextLogging {
   * A source of sensitive data, considered as a flow source.
   */
  class SensitiveDataSourceAsSource extends Source, SensitiveDataSource {
+    SensitiveDataSourceAsSource() {
+      not SensitiveDataSource.super.getClassification() = SensitiveDataClassification::id()
+    }
+
    override SensitiveDataClassification getClassification() {
      result = SensitiveDataSource.super.getClassification()
    }
--- a/python/ql/lib/semmle/python/security/dataflow/CleartextStorageCustomizations.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/CleartextStorageCustomizations.qll
@@ -39,6 +39,10 @@ module CleartextStorage {
   * A source of sensitive data, considered as a flow source.
   */
  class SensitiveDataSourceAsSource extends Source, SensitiveDataSource {
+    SensitiveDataSourceAsSource() {
+      not SensitiveDataSource.super.getClassification() = SensitiveDataClassification::id()
+    }
+
    override SensitiveDataClassification getClassification() {
      result = SensitiveDataSource.super.getClassification()
    }