Skip to content

Commit 9a8a852

Browse files
geoffw0geoffw0
committed
Rust: Support snake case more widely in SensitiveDataHeuristics.qll.
1 parent 88e351a commit 9a8a852

File tree

2 files changed

+10
-10
lines changed

2 files changed

+10
-10
lines changed

rust/ql/lib/codeql/rust/security/internal/SensitiveDataHeuristics.qll

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@ module HeuristicNames {
6262
*/
6363
string maybeAccountInfo() {
6464
result = "(?is).*acc(ou)?nt.*" or
65-
result = "(?is).*(puid|username|userid|session(id|key)).*" or
65+
result = "(?is).*(puid|user.?name|user.?id|session.?(id|key)).*" or
6666
result = "(?s).*([uU]|^|_|[a-z](?=U))([uU][iI][dD]).*"
6767
}
6868

@@ -71,8 +71,8 @@ module HeuristicNames {
7171
* a password or an authorization key.
7272
*/
7373
string maybePassword() {
74-
result = "(?is).*pass(wd|word|code|phrase)(?!.*question).*" or
75-
result = "(?is).*(auth(entication|ori[sz]ation)?)key.*"
74+
result = "(?is).*pass(wd|word|code|.?phrase)(?!.*question).*" or
75+
result = "(?is).*(auth(entication|ori[sz]ation)?).?key.*"
7676
}
7777

7878
/**

rust/ql/test/library-tests/sensitivedata/test.rs

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -33,14 +33,14 @@ fn test_passwords(
3333
sink(passwd); // $ sensitive=password
3434
sink(my_password); // $ sensitive=password
3535
sink(password_str); // $ sensitive=password
36-
sink(pass_phrase); // $ MISSING: sensitive=password
36+
sink(pass_phrase); // $ sensitive=password
3737
sink(passphrase); // $ sensitive=password
3838
sink(passPhrase); // $ sensitive=password
3939

40-
sink(auth_key); // $ MISSING: sensitive=password
40+
sink(auth_key); // $ sensitive=password
4141
sink(authkey); // $ sensitive=password
4242
sink(authKey); // $ sensitive=password
43-
sink(authentication_key); // $ MISSING: sensitive=password
43+
sink(authentication_key); // $ sensitive=password
4444
sink(authenticationkey); // $ sensitive=password
4545
sink(authenticationKey); // $ sensitive=password
4646

@@ -85,13 +85,13 @@ fn test_credentials(
8585
sink(secret_key); // $ sensitive=secret
8686

8787
sink(username); // $ sensitive=id
88-
sink(user_name); // $ MISSING: sensitive=id
88+
sink(user_name); // $ sensitive=id
8989
sink(userid); // $ sensitive=id
90-
sink(user_id); // $ MISSING: sensitive=id
91-
sink(my_user_id_64); // $ MISSING: sensitive=id
90+
sink(user_id); // $ sensitive=id
91+
sink(my_user_id_64); // $ sensitive=id
9292

9393
sink(sessionkey); // $ sensitive=id
94-
sink(session_key); // $ MISSING: sensitive=id
94+
sink(session_key); // $ sensitive=id
9595

9696
sink(ms.get_certificate()); // $ sensitive=certificate
9797

0 commit comments

Comments
 (0)