File tree Expand file tree Collapse file tree
lib/semmle/code/java/security
test/library-tests/sensitive-actions Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -31,7 +31,7 @@ private string nonSuspicious() {
3131 * Gets a regular expression for matching common names of variables that indicate the value being held contains sensitive information.
3232 */
3333string getCommonSensitiveInfoRegex ( ) {
34- result = "(?i).*challenge|pass(wd|word|code|phrase)(?!.*question).*" or
34+ result = "(?i).*( challenge|pass(wd|word|code|phrase) )(?!.*question).*" or
3535 result = "(?i).*(token|secret).*"
3636}
3737
Original file line number Diff line number Diff line change @@ -29,12 +29,23 @@ sensitiveVarAccess
2929| Test.java:140:15:140:34 | aaPasswdaaQuestionaa |
3030| Test.java:141:15:141:36 | aaPasswordaaQuestionaa |
3131sensitiveVariable
32+ | Test.java:48:9:48:33 | String aaPasswordaa |
33+ | Test.java:49:9:49:31 | String aaPasswdaa |
3234| Test.java:53:9:53:39 | String aaRefreshaaTokenaa |
3335| Test.java:54:9:54:38 | String aaSecretaaTokenaa |
36+ | Test.java:72:9:72:39 | String aaHashedPasswordaa |
37+ | Test.java:73:9:73:37 | String aaHashedPasswdaa |
3438| Test.java:77:9:77:45 | String aaHashedRefreshaaTokenaa |
3539| Test.java:78:9:78:44 | String aaHashedsecretaatokenaa |
40+ | Test.java:79:9:79:38 | String aaCryptPasswordaa |
41+ | Test.java:80:9:80:36 | String aaCryptPasswdaa |
3642| Test.java:84:9:84:44 | String aaCryptRefreshaaTokenaa |
3743| Test.java:85:9:85:43 | String aaCryptSecretaaTokenaa |
44+ | Test.java:117:9:117:34 | String aaChallengeaa |
45+ | Test.java:118:9:118:31 | String aaPasswdaa |
46+ | Test.java:119:9:119:33 | String aaPasswordaa |
47+ | Test.java:120:9:120:33 | String aaPasscodeaa |
48+ | Test.java:121:9:121:35 | String aaPassphraseaa |
3849| Test.java:122:9:122:30 | String aaTokenaa |
3950| Test.java:123:9:123:31 | String aaSecretaa |
4051sensitiveDataMethod
You can’t perform that action at this time.
0 commit comments