-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathCleartextStorage.ql
More file actions
24 lines (22 loc) · 905 Bytes
/
CleartextStorage.ql
File metadata and controls
24 lines (22 loc) · 905 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
/**
* @name Clear-text storage of sensitive information
* @description Storing sensitive information without encryption or hashing can
* expose it to an attacker.
* @kind path-problem
* @problem.severity error
* @security-severity 7.5
* @precision high
* @id rb/clear-text-storage-sensitive-data
* @tags security
* external/cwe/cwe-312
* external/cwe/cwe-359
* external/cwe/cwe-532
*/
import codeql.ruby.AST
import codeql.ruby.security.CleartextStorageQuery
import codeql.ruby.security.CleartextStorageCustomizations::CleartextStorage
import CleartextStorageFlow::PathGraph
from CleartextStorageFlow::PathNode source, CleartextStorageFlow::PathNode sink
where CleartextStorageFlow::flowPath(source, sink)
select sink.getNode(), source, sink, "This stores sensitive data returned by $@ as clear text.",
source.getNode(), source.getNode().(Source).describe()