hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Limit what functions we treat as returning sensitive data

Browse Source 
Before this change, any function that has a parameter that was called
password/credentials would be treated as returning sensitive data of that
kind. `py/clear-text-logging-sensitive-data` would alert if one of these are
logged, which has a LOT of false-positives.
This commit is contained in:
Rasmus Wriedt Larsen
2019-11-04 11:32:21 +01:00
parent ea23c2daac
commit 6593477d0b
1 changed files with 0 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
python/ql/src/semmle/python/security/SensitiveData.qll
View File

@@ -112,12 +112,6 @@ module SensitiveData {
private SensitiveData fromFunction(Value func) {
result = HeuristicNames::getSensitiveDataForName(func.getName())
or
// This is particularly to pick up methods with an argument like "password", which
// may indicate a lookup.
exists(string name | name = func.(PythonFunctionValue).getScope().getAnArg().asName().getId() |
result = HeuristicNames::getSensitiveDataForName(name)
)
}
abstract class Source extends TaintSource {