hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-03 00:31:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
dfe7f532ac77dd3dccdab4c8ea63417ca669e6c1
codeql/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
Chris Smowton ca8237b9de Make comment into qldoc
2022-03-14 13:14:31 +00:00

27 lines
975 B
Plaintext
Raw Blame History

/** Provides configurations for sensitive logging queries. */
import java
import semmle.code.java.dataflow.ExternalFlow
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.security.SensitiveActions
import DataFlow
/** A variable that may hold sensitive information, judging by its name. * */
class CredentialExpr extends Expr {
CredentialExpr() {
exists(Variable v | this = v.getAnAccess() |
v.getName().regexpMatch([getCommonSensitiveInfoRegex(), "(?i).*(username).*"]) and
not v.isFinal()
)
}
}
/** A data-flow configuration for identifying potentially-sensitive data flowing to a log output. */
class SensitiveLoggerConfiguration extends TaintTracking::Configuration {
SensitiveLoggerConfiguration() { this = "SensitiveLoggerConfiguration" }
override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CredentialExpr }
override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "logging") }
}
Reference in New Issue View Git Blame Copy Permalink