Exclude new private heuristics from swift sensitive credential

joefarebrother · joefarebrother · commit 23fbfcee276e · 2024-05-08T10:02:00.000+01:00
diff --git a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll
@@ -49,6 +49,7 @@ class SensitiveCredential extends SensitiveDataType, TCredential {
     exists(SensitiveDataClassification classification |
       not classification = SensitiveDataClassification::password() and // covered by `SensitivePassword`
       not classification = SensitiveDataClassification::id() and // not accurate enough
+      not classification = SensitiveDataClassification::private() and // covered by `SensitivePrivateInfo`
       result = HeuristicNames::maybeSensitiveRegexp(classification)
     )
     or

Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,7 @@ class SensitiveCredential extends SensitiveDataType, TCredential {`
`49`	`49`	`exists(SensitiveDataClassification classification \|`
`50`	`50`	not classification = SensitiveDataClassification::password() and // covered by `SensitivePassword`
`51`	`51`	`not classification = SensitiveDataClassification::id() and // not accurate enough`
	`52`	+ not classification = SensitiveDataClassification::private() and // covered by `SensitivePrivateInfo`
`52`	`53`	`result = HeuristicNames::maybeSensitiveRegexp(classification)`
`53`	`54`	`)`
`54`	`55`	`or`