hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-24 08:07:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Shared: Fix and simplify the exclusion for 'encrypted' values.

Browse Source
This commit is contained in:
Geoffrey White
2026-05-06 14:43:23 +01:00
parent 6e2fb6f0ff
commit 5ed78d1a4a
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
rust/ql/test/library-tests/sensitivedata/test.rs
View File

@@ -42,8 +42,8 @@ fn test_passwords(
sink(password_str); // $ sensitive=password
sink(password_confirmation); // $ sensitive=password
sink(profile_password); // $ sensitive=password
sink(unencrypted_password); // $ MISSING: sensitive=password
sink(unencoded_password); // $ MISSING: sensitive=password
sink(unencrypted_password); // $ sensitive=password
sink(unencoded_password); // $ sensitive=password
sink(pass_phrase); // $ sensitive=password
sink(passphrase); // $ sensitive=password
sink(passPhrase); // $ sensitive=password

2
shared/concepts/codeql/concepts/internal/SensitiveDataHeuristics.qll
View File

@@ -150,7 +150,7 @@ module HeuristicNames {
*/
string notSensitiveRegexp() {
result =
"(?is).*([^\\w$.-]|redact|censor|obfuscate|hash|md5|sha|random|((?<!un)(en))?(crypt|(?<!pass)code)|"
"(?is).*([^\\w$.-]|redact|censor|obfuscate|hash|md5|sha|random|(?<!un)en(crypt|code)|"
+ "certain|concert|secretar|wildcard|coauthor|account(ant|ab|ing|ed)|(?<!pro)file|path|([_-]|\\b)url).*"
}