hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

JS: Declassify sensitive exprs with special characters

Browse Source
This commit is contained in:
Asger Feldthaus
2020-03-04 17:10:04 +00:00
parent 3ae1aada37
commit a1d479e975
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
javascript/ql/src/semmle/javascript/security/SensitiveActions.qll
View File

@@ -63,10 +63,11 @@ module HeuristicNames {
/**
* Gets a regular expression that identifies strings that may indicate the presence of data
* that is hashed or encrypted, and hence rendered non-sensitive.
* that is hashed or encrypted, and hence rendered non-sensitive, or contains special characters
* suggesting nouns within the string do not represent the meaning of the whole string (e.g. a URL or a SQL query).
*/
string notSensitive() {
result = "(?is).*(redact|censor|obfuscate|hash|md5|sha|((?<!un)(en))?(crypt|code)).*"
result = "(?is).*([^\\w$.-]|redact|censor|obfuscate|hash|md5|sha|((?<!un)(en))?(crypt|code)).*"
}
}

4
javascript/ql/test/library-tests/SensitiveActions/tst.js
View File

@@ -22,3 +22,7 @@ secret;
require("process").exit();
global.process.exit();
get("https://example.com/news?password=true")
get("https://username:password@example.com")
execute("SELECT * FROM users WHERE password=?")