From cb84e633fa647d4713b09fbbd8f741912da4d992 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 6 May 2026 11:52:05 +0100 Subject: [PATCH] Shared: Fix for 'wildcard'. --- rust/ql/test/library-tests/sensitivedata/test.rs | 2 +- .../codeql/concepts/internal/SensitiveDataHeuristics.qll | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rust/ql/test/library-tests/sensitivedata/test.rs b/rust/ql/test/library-tests/sensitivedata/test.rs index a5af8efeab4..db834b54b06 100644 --- a/rust/ql/test/library-tests/sensitivedata/test.rs +++ b/rust/ql/test/library-tests/sensitivedata/test.rs @@ -368,7 +368,7 @@ fn test_private_info( sink(info.financials.accounting); sink(info.financials.unaccounted); sink(info.financials.multiband); - sink(info.financials.wildcard_not_matched); // $ SPURIOUS: sensitive=private + sink(info.financials.wildcard_not_matched); sink(ContactDetails::FavouriteColor("blue".to_string())); } diff --git a/shared/concepts/codeql/concepts/internal/SensitiveDataHeuristics.qll b/shared/concepts/codeql/concepts/internal/SensitiveDataHeuristics.qll index c30a834fbd5..32045c783c7 100644 --- a/shared/concepts/codeql/concepts/internal/SensitiveDataHeuristics.qll +++ b/shared/concepts/codeql/concepts/internal/SensitiveDataHeuristics.qll @@ -145,13 +145,13 @@ module HeuristicNames { * suggesting nouns within the string do not represent the meaning of the whole string (e.g. a URL or a SQL query). * * We also filter out common words like `certain` and `concert`, since otherwise these could - * be matched by the certificate regular expressions. Same for `accountable` (account), or - * `secretarial` (secret). + * be matched by the certificate regular expressions. Same for `accountable` (account), + * `secretarial` (secret), `wildcard` (card). */ string notSensitiveRegexp() { result = "(?is).*([^\\w$.-]|redact|censor|obfuscate|hash|md5|sha|random|((?