-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathSensitiveExprs.qll
More file actions
49 lines (44 loc) · 1.36 KB
/
SensitiveExprs.qll
File metadata and controls
49 lines (44 loc) · 1.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
/**
* Provides classes for heuristically identifying variables and functions that
* might contain or return a password or other credential.
*
* This library is not concerned with other kinds of sensitive private
* information. See `PrivateData.qll` for expressions related to that.
*/
import cpp
/**
* Holds if the name `s` suggests something might contain or return a password
* or other credential.
*/
bindingset[s]
private predicate suspicious(string s) {
s.regexpMatch("(?i).*(password|passwd|accountid|account.?key|accnt.?key|license.?key|trusted).*") and
not s.regexpMatch("(?i).*(hash|crypt|file|path|invalid).*")
}
/**
* A variable that might contain a password or other credential.
*/
class SensitiveVariable extends Variable {
SensitiveVariable() {
suspicious(this.getName()) and
not this.getUnspecifiedType() instanceof IntegralType
}
}
/**
* A function that might return a password or other credential.
*/
class SensitiveFunction extends Function {
SensitiveFunction() {
suspicious(this.getName()) and
not this.getUnspecifiedType() instanceof IntegralType
}
}
/**
* An expression whose value might be a password or other credential.
*/
class SensitiveExpr extends Expr {
SensitiveExpr() {
this.(VariableAccess).getTarget() instanceof SensitiveVariable or
this.(FunctionCall).getTarget() instanceof SensitiveFunction
}
}