hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

C++: Construct fewer strings.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2023-02-07 11:44:32 +00:00
parent 984729f9b0
commit 746f04bafc
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cpp/ql/lib/semmle/code/cpp/security/SensitiveExprs.qll
View File

@@ -14,8 +14,8 @@ import cpp
*/
bindingset[s]
private predicate suspicious(string s) {
s.regexpMatch(".*(password|passwd|accountid|account.?key|accnt.?key|license.?key|trusted).*") and
not s.matches(["%hash%", "%crypt%", "%file%", "%path%", "%invalid%"])
s.regexpMatch("(?i).*(password|passwd|accountid|account.?key|accnt.?key|license.?key|trusted).*") and
not s.regexpMatch("(?i).*(hash|crypt|file|path|invalid).*")
}
/**
@@ -23,7 +23,7 @@ private predicate suspicious(string s) {
*/
class SensitiveVariable extends Variable {
SensitiveVariable() {
suspicious(this.getName().toLowerCase()) and
suspicious(this.getName()) and
not this.getUnspecifiedType() instanceof IntegralType
}
}
@@ -33,7 +33,7 @@ class SensitiveVariable extends Variable {
*/
class SensitiveFunction extends Function {
SensitiveFunction() {
suspicious(this.getName().toLowerCase()) and
suspicious(this.getName()) and
not this.getUnspecifiedType() instanceof IntegralType
}
}