Merge pull request #2248 from RasmusWL/python-sensitive-data-fewer-fp

Python: Limit what functions we treat as returning sensitive data
2026-05-01 11:45:14 +02:00 · 2019-11-04 15:09:52 +01:00
parent ca22ec6104 6593477d0b
commit aa7a997c7a
1 changed files with 0 additions and 6 deletions
--- a/python/ql/src/semmle/python/security/SensitiveData.qll
+++ b/python/ql/src/semmle/python/security/SensitiveData.qll
@@ -112,12 +112,6 @@ module SensitiveData {

    private SensitiveData fromFunction(Value func) {
        result = HeuristicNames::getSensitiveDataForName(func.getName())
-        or
-        // This is particularly to pick up methods with an argument like "password", which
-        // may indicate a lookup.
-        exists(string name | name = func.(PythonFunctionValue).getScope().getAnArg().asName().getId() |
-            result = HeuristicNames::getSensitiveDataForName(name)
-        )
    }

    abstract class Source extends TaintSource {