hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Simplify CredentialExpr as the AddExpr step is included by TaintTracking::localTaintStep(node1, node2)

Browse Source
This commit is contained in:
Bt2018
2020-05-13 07:55:32 -04:00
committed by GitHub
parent d9cc3c6f8d
commit 632cb8b666
1 changed files with 2 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
java/ql/src/experimental/CWE-532/SensitiveInfoLog.ql
View File

@@ -20,14 +20,10 @@ private string getACredentialRegex() {
result = "(?i)(.*username|url).*"
}
/** The variable or concatenated string with the variable that keeps sensitive information judging by its name * */
/** Variable keeps sensitive information judging by its name * */
class CredentialExpr extends Expr {
CredentialExpr() {
exists(Variable v |
(this.(AddExpr).getAnOperand() = v.getAnAccess() or this = v.getAnAccess())
|
v.getName().regexpMatch(getACredentialRegex())
)
exists(Variable v | this = v.getAnAccess() | v.getName().regexpMatch(getACredentialRegex()))
}
}