From ef340954e42204a3a3d5bd58785812e2e402d144 Mon Sep 17 00:00:00 2001
From: Max Schaefer <max-schaefer@github.com>
Date: Wed, 24 Jun 2020 07:10:03 +0100
Subject: [PATCH] Add `mask*` as a heuristic name for an obfuscating function.

---
 ql/src/semmle/go/security/SensitiveActions.qll | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ql/src/semmle/go/security/SensitiveActions.qll b/ql/src/semmle/go/security/SensitiveActions.qll
index caeb62f35a7..36922e4416f 100644
--- a/ql/src/semmle/go/security/SensitiveActions.qll
+++ b/ql/src/semmle/go/security/SensitiveActions.qll
@@ -55,7 +55,8 @@ module HeuristicNames {
    * that is hashed, encrypted, or a test value, and hence non-sensitive.
    */
   string notSensitive() {
-    result = "(?is).*(test|redact|censor|obfuscate|hash|md5|sha|((?<!un)(en))?(crypt|code)).*"
+    result =
+      "(?is).*(test|redact|censor|obfuscate|hash|md5|(?<!un)mask|sha|((?<!un)(en))?(crypt|code)).*"
   }
 }