Skip to content

Commit 0f36e1d

Browse files
geoffw0geoffw0
committed
Rust: Understand sensitive qualifier expressions.
1 parent a537197 commit 0f36e1d

File tree

2 files changed

+7
-9
lines changed

2 files changed

+7
-9
lines changed

rust/ql/lib/codeql/rust/security/SensitiveData.qll

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -92,11 +92,9 @@ private class SensitiveFieldAccess extends SensitiveData {
9292
SensitiveDataClassification classification;
9393

9494
SensitiveFieldAccess() {
95-
HeuristicNames::nameIndicatesSensitiveData(this.asExpr()
96-
.getAstNode()
97-
.(FieldExpr)
98-
.getIdentifier()
99-
.getText(), classification)
95+
exists(FieldExpr fe | fe.getParentNode*() = this.asExpr().getAstNode() |
96+
HeuristicNames::nameIndicatesSensitiveData(fe.getIdentifier().getText(), classification)
97+
)
10098
}
10199

102100
override SensitiveDataClassification getClassification() { result = classification }

rust/ql/test/library-tests/sensitivedata/test.rs

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -251,8 +251,8 @@ fn test_private_info(
251251
sink(info.contact_e_mail_2.as_str()); // $ MISSING: sensitive=private
252252
sink(info.my_ssn.as_str()); // $ sensitive=private
253253
sink(&info.ssn); // $ sensitive=private
254-
sink(info.ssn.data); // $ MISSING: sensitive=private
255-
sink(info.ssn.get_data()); // $ MISSING: sensitive=private
254+
sink(info.ssn.data); // $ sensitive=private
255+
sink(info.ssn.get_data()); // $ sensitive=private
256256
sink(info.birthday.as_str()); // $ sensitive=private
257257
sink(info.emergency_contact.as_str()); // $ sensitive=private
258258
sink(info.name_of_employer.as_str()); // $ sensitive=private
@@ -273,14 +273,14 @@ fn test_private_info(
273273
sink(&info.medical_notes); // $ sensitive=private
274274
sink(info.medical_notes[0].as_str()); // $ sensitive=private
275275
for n in info.medical_notes.iter() {
276-
sink(n.as_str()); // $ MISSING: sensitive=private
276+
sink(n.as_str()); // $ sensitive=private
277277
}
278278
sink(info.confidentialMessage.as_str()); // $ MISSING: sensitive=private
279279
sink(info.confidentialMessage.to_lowercase()); // $ MISSING: sensitive=private
280280

281281
sink(info.latitude); // $ sensitive=private
282282
let x = info.longitude.unwrap();
283-
sink(x); // $ MISSING: sensitive=private
283+
sink(x); // $ sensitive=private
284284

285285
sink(info.financials.my_bank_account_number.as_str()); // $ sensitive=private SPURIOUS: sensitive=id
286286
sink(info.financials.credit_card_no.as_str()); // $ sensitive=private

0 commit comments

Comments
 (0)