C++: QLDoc SensitiveExprs.qll.

Author: geoffw0

cpp/ql/src/semmle/code/cpp/security/SensitiveExprs.qll

@@ -1,5 +1,14 @@
+/**
+ * Provides classes for heuristically identifying variables and functions that
+ * might contain or return a password or other sensitive information.
+ */
+
 import cpp
 
+/**
+ * Holds if the name `s` suggests something might contain or return a password
+ * or other sensitive information.
+ */
 bindingset[s]
 private predicate suspicious(string s) {
   (
@@ -16,14 +25,23 @@ private predicate suspicious(string s) {
   )
 }
 
+/**
+ * A variable that might contain a password or other sensitive information.
+ */
 class SensitiveVariable extends Variable {
   SensitiveVariable() { suspicious(getName().toLowerCase()) }
 }
 
+/**
+ * A function that might return a password or other sensitive information.
+ */
 class SensitiveFunction extends Function {
   SensitiveFunction() { suspicious(getName().toLowerCase()) }
 }
 
+/**
+ * An expression whose value might be a password or other sensitive information.
+ */
 class SensitiveExpr extends Expr {
   SensitiveExpr() {
     this.(VariableAccess).getTarget() instanceof SensitiveVariable or