Rust: Add sensitive data to summary queries.

This commit is contained in:
Geoffrey White
2025-01-03 18:57:42 +00:00
parent 821eb4f3e6
commit e1e980c2e8
3 changed files with 19 additions and 0 deletions

View File

@@ -0,0 +1,15 @@
/**
* @name Sensitive Data
* @description List all sensitive data found in the database. Sensitive data is anything that
* should not be sent in unencrypted form.
* @kind problem
* @problem.severity info
* @id rust/summary/sensitive-data
* @tags summary
*/
import rust
import codeql.rust.security.SensitiveData
from SensitiveData d
select d, "Sensitive data (" + d.getClassification() + "): " + d.toString()

View File

@@ -8,6 +8,7 @@
import rust
import codeql.rust.Concepts
import codeql.rust.security.SensitiveData
import codeql.rust.Diagnostics
import Stats
@@ -56,4 +57,6 @@ where
key = "Taint sources - total" and value = count(ThreatModelSource s)
or
key = "Taint sources - active" and value = count(ActiveThreatModelSource s)
or
key = "Sensitive data" and value = count(SensitiveData d)
select key, value order by key

View File

@@ -14,5 +14,6 @@
| Macro calls - resolved | 8 |
| Macro calls - total | 9 |
| Macro calls - unresolved | 1 |
| Sensitive data | 0 |
| Taint sources - active | 0 |
| Taint sources - total | 0 |