File tree Expand file tree Collapse file tree
src/semmle/python/dataflow/new
test/experimental/dataflow/sensitive-data Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -149,4 +149,15 @@ private module SensitiveDataModeling {
149149
150150 override SensitiveDataClassification getClassification ( ) { result = classification }
151151 }
152+
153+ /** A parameter where the name indicates it will receive sensitive data. */
154+ class SensitiveParameter extends SensitiveDataSource:: Range , DataFlow:: ParameterNode {
155+ SensitiveDataClassification classification ;
156+
157+ SensitiveParameter ( ) {
158+ nameIndicatesSensitiveData ( this .getParameter ( ) .getName ( ) , classification )
159+ }
160+
161+ override SensitiveDataClassification getClassification ( ) { result = classification }
162+ }
152163}
Original file line number Diff line number Diff line change @@ -29,7 +29,10 @@ def encrypt_password(pwd):
2929foo .secret # $ SensitiveDataSource=secret
3030foo .username # $ SensitiveDataSource=id
3131
32- # plain variables
32+ # based on variable/parameter names
33+ def my_func (password ): # $ SensitiveDataSource=password
34+ print (password ) # $ SensitiveUse=password
35+
3336password = some_function ()
3437print (password ) # $ MISSING: SensitiveUse=password
3538
You can’t perform that action at this time.
0 commit comments