@@ -93,9 +93,7 @@ module CleartextLogging {
9393 * Gets the name of a method that would be falsely marked as non-sensitive
9494 * by `notSensitiveRegexp`.
9595 */
96- private predicate nonSensitiveMethodNameExclusion ( string name ) {
97- name = [ "[]" , "[]=" ]
98- }
96+ private predicate nonSensitiveMethodNameExclusion ( string name ) { name = [ "[]" , "[]=" ] }
9997
10098 /**
10199 * A call that might obfuscate a password, for example through hashing.
@@ -125,10 +123,8 @@ module CleartextLogging {
125123 .getStringOrSymbol ( ) = name
126124 or
127125 // calling a non-sensitive method
128- (
129- this .( DataFlow:: CallNode ) .getMethodName ( ) = name and
130- not nonSensitiveMethodNameExclusion ( name )
131- )
126+ this .( DataFlow:: CallNode ) .getMethodName ( ) = name and
127+ not nonSensitiveMethodNameExclusion ( name )
132128 )
133129 or
134130 // avoid i18n strings
@@ -215,8 +211,7 @@ module CleartextLogging {
215211 // avoid safe values assigned to presumably unsafe names
216212 not val instanceof NonCleartextPassword and
217213 // hash = { name: val }
218- exists ( Pair p |
219- this .asExpr ( ) .getExpr ( ) = lit and p = lit .getAKeyValuePair ( ) |
214+ exists ( Pair p | this .asExpr ( ) .getExpr ( ) = lit and p = lit .getAKeyValuePair ( ) |
220215 p .getKey ( ) .getConstantValue ( ) .getStringOrSymbol ( ) = name and
221216 p .getValue ( ) = val .asExpr ( ) .getExpr ( )
222217 )
@@ -234,10 +229,9 @@ module CleartextLogging {
234229 // avoid safe values assigned to presumably unsafe names
235230 not this instanceof NonCleartextPassword and
236231 name .regexpMatch ( maybePassword ( ) ) and
237- (
238- exists ( Assignment a |
239- this .asExpr ( ) .getExpr ( ) = a .getRightOperand ( ) and
240- a .getLeftOperand ( ) .getAVariable ( ) .getName ( ) = name )
232+ exists ( Assignment a |
233+ this .asExpr ( ) .getExpr ( ) = a .getRightOperand ( ) and
234+ a .getLeftOperand ( ) .getAVariable ( ) .getName ( ) = name
241235 )
242236 }
243237
0 commit comments