Enhance the dataflow sink and update test cases

2026-02-28 12:53:49 +01:00 · 2020-10-28 03:07:01 +00:00
parent 07830aae05
commit 99c79f4aa3
4 changed files with 89 additions and 63 deletions
--- a/java/ql/src/semmle/code/java/security/SensitiveActions.qll
+++ b/java/ql/src/semmle/code/java/security/SensitiveActions.qll
@@ -27,6 +27,14 @@ private string nonSuspicious() {
  result = "%crypt%"
 }

+/**
+ * Gets a regular expression for matching common names of variables that indicate the value being held contains sensitive information.
+ */
+string getCommonSensitiveInfoRegex() {
+  result = "(?i).*challenge|pass(wd|word|code|phrase)(?!.*question).*" or
+  result = "(?i).*(token|username|userid|secret).*"
+}
+
 /** An expression that might contain sensitive data. */
 abstract class SensitiveExpr extends Expr { }