JS: Rewrite to use SensitiveDataClassification::password (and like)

RasmusWL · RasmusWL · commit b6f8e5057b81 · 2021-04-21T11:36:17.000+02:00
diff --git a/javascript/ql/src/semmle/javascript/security/SensitiveActions.qll b/javascript/ql/src/semmle/javascript/security/SensitiveActions.qll
@@ -169,7 +169,9 @@ class ProtectCall extends DataFlow::CallNode {
 
 /** An expression that might contain a clear-text password. */
 class CleartextPasswordExpr extends SensitiveExpr {
-  CleartextPasswordExpr() { this.(SensitiveExpr).getClassification() = SensitiveExpr::password() }
+  CleartextPasswordExpr() {
+    this.(SensitiveExpr).getClassification() = SensitiveDataClassification::password()
+  }
 
   override string describe() { none() }
 
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/CleartextStorageCustomizations.qll b/javascript/ql/src/semmle/javascript/security/dataflow/CleartextStorageCustomizations.qll
@@ -35,7 +35,7 @@ module CleartextStorage {
 
     SensitiveExprSource() {
       // storing user names or account names in plaintext isn't usually a problem
-      astNode.getClassification() != SensitiveExpr::id()
+      astNode.getClassification() != SensitiveDataClassification::id()
     }
 
     override string describe() { result = astNode.describe() }
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/InsufficientPasswordHashCustomizations.qll b/javascript/ql/src/semmle/javascript/security/dataflow/InsufficientPasswordHashCustomizations.qll
@@ -34,7 +34,9 @@ module InsufficientPasswordHash {
   class CleartextPasswordSource extends Source, DataFlow::ValueNode {
     override SensitiveExpr astNode;
 
-    CleartextPasswordSource() { astNode.getClassification() = SensitiveExpr::password() }
+    CleartextPasswordSource() {
+      astNode.getClassification() = SensitiveDataClassification::password()
+    }
 
     override string describe() { result = astNode.describe() }
   }

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ module CleartextStorage {`
`35`	`35`
`36`	`36`	`SensitiveExprSource() {`
`37`	`37`	`// storing user names or account names in plaintext isn't usually a problem`
`38`		`- astNode.getClassification() != SensitiveExpr::id()`
	`38`	`+ astNode.getClassification() != SensitiveDataClassification::id()`
`39`	`39`	`}`
`40`	`40`
`41`	`41`	`override string describe() { result = astNode.describe() }`
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,9 @@ module InsufficientPasswordHash {`
`34`	`34`	`class CleartextPasswordSource extends Source, DataFlow::ValueNode {`
`35`	`35`	`override SensitiveExpr astNode;`
`36`	`36`
`37`		`- CleartextPasswordSource() { astNode.getClassification() = SensitiveExpr::password() }`
	`37`	`+ CleartextPasswordSource() {`
	`38`	`+ astNode.getClassification() = SensitiveDataClassification::password()`
	`39`	`+ }`
`38`	`40`
`39`	`41`	`override string describe() { result = astNode.describe() }`
`40`	`42`	`}`