hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: QLDoc SensitiveExprs.qll.

Browse Source
This commit is contained in:
Geoffrey White
2020-06-29 17:08:44 +01:00
parent e2e5e9b2a9
commit a8a7df4e5c
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
cpp/ql/src/semmle/code/cpp/security/SensitiveExprs.qll
View File

@@ -1,5 +1,14 @@
/**
* Provides classes for heuristically identifying variables and functions that
* might contain or return a password or other sensitive information.
*/
import cpp
/**
* Holds if the name `s` suggests something might contain or return a password
* or other sensitive information.
*/
bindingset[s]
private predicate suspicious(string s) {
(
@@ -16,14 +25,23 @@ private predicate suspicious(string s) {
)
}
/**
* A variable that might contain a password or other sensitive information.
*/
class SensitiveVariable extends Variable {
SensitiveVariable() { suspicious(getName().toLowerCase()) }
}
/**
* A function that might return a password or other sensitive information.
*/
class SensitiveFunction extends Function {
SensitiveFunction() { suspicious(getName().toLowerCase()) }
}
/**
* An expression whose value might be a password or other sensitive information.
*/
class SensitiveExpr extends Expr {
SensitiveExpr() {
this.(VariableAccess).getTarget() instanceof SensitiveVariable or