hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

add session{key,id} as sensitive info

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2021-10-06 15:46:28 +02:00
parent 1e1e549847
commit 834d5ec6ad
4 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll
View File

@@ -58,7 +58,7 @@ module HeuristicNames {
*/
string maybeAccountInfo() {
result = "(?is).*acc(ou)?nt.*" or
result = "(?is).*(puid|username|userid).*" or
result = "(?is).*(puid|username|userid|session(id|key)).*" or
result = "(?s).*([uU]|^|_|[a-z](?=U))([uU][iI][dD]).*"
}