File tree Expand file tree Collapse file tree 1 file changed +2
-6
lines changed
go/ql/src/Security/CWE-798 Expand file tree Collapse file tree 1 file changed +2
-6
lines changed Original file line number Diff line number Diff line change @@ -17,18 +17,14 @@ import go
1717import semmle.go.security.HardcodedCredentials
1818import semmle.go.security.SensitiveActions
1919
20- bindingset [ write]
21- pragma [ inline_late]
22- private predicate isWriteRhs ( Write write , DataFlow:: Node rhs ) { write .getRhs ( ) = rhs }
23-
2420/**
2521 * Holds if `sink` is used in a context that suggests it may hold sensitive data of
2622 * the given `type`.
2723 */
2824predicate isSensitive ( DataFlow:: Node sink , SensitiveExpr:: Classification type ) {
2925 exists ( Write write , string name |
30- isWriteRhs ( write , sink ) and
31- name = write .getLhs ( ) .getName ( ) and
26+ pragma [ only_bind_out ] ( write ) . getRhs ( ) = sink and
27+ name = pragma [ only_bind_out ] ( write ) .getLhs ( ) .getName ( ) and
3228 // allow obvious test password variables
3329 not name .regexpMatch ( HeuristicNames:: notSensitive ( ) )
3430 |
You can’t perform that action at this time.
0 commit comments