hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 19:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add live literals as sanitizers for sensitive logging

Browse Source
This commit is contained in:
Tony Torralba
2022-05-05 12:32:10 +02:00
parent 5db8306fef
commit f0a0ac100b
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
View File

@@ -4,6 +4,7 @@ import java
private import semmle.code.java.dataflow.ExternalFlow
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.security.SensitiveActions
import semmle.code.java.frameworks.android.Compose
import DataFlow
/** A variable that may hold sensitive information, judging by its name. */
@@ -23,4 +24,8 @@ class SensitiveLoggerConfiguration extends TaintTracking::Configuration {
override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CredentialExpr }
override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "logging") }
override predicate isSanitizer(DataFlow::Node sanitizer) {
sanitizer.asExpr() instanceof LiveLiteral
}
}