Module SensitiveActions
Provides classes and predicates for identifying sensitive data and methods for security.
‘Sensitive’ data in general is anything that should not be sent around in unencrypted form. This library tries to guess where sensitive data may either be stored in a variable or produced by a method.
In addition, there are methods that ought not to be executed or not in a fashion that the user can control. This includes authorization methods such as logins, and sending of data, etc.
Import path
import semmle.code.csharp.security.SensitiveActions
Imports
Classes
AdditionalNonSensitiveStrings |
A string for |
AdditionalSensitiveStrings |
A string for |
AuthMethod |
A method that may perform authorization. |
CredentialsMethod |
A method that might return sensitive data, based on the name. |
PasswordExpr |
An expression that may contain a password. |
PasswordField |
A field containing a text box used as a password. |
PasswordTextboxText |
Reading the |
SendingMethod |
A method that sends data, and so should not be run conditionally on user input. |
SensitiveDataMethod |
A method that may produce sensitive data. |
SensitiveExecutionMethod |
A method whose execution may be sensitive. |
SensitiveExecutionMethodCall |
A call to a method that sends data, and so should not be run conditionally on user input. |
SensitiveExpr |
An expression that might contain sensitive data. |
SensitiveLibraryParameter |
A parameter to a library method that may hold a sensitive value. |
SensitiveMethodAccess |
A method access that might produce sensitive data. |
SensitiveProperty |
A property that may hold a sensitive value. |
SensitiveVariable |
A variable that may hold a sensitive value. |
SensitiveVariableAccess |
An access to a variable that might contain sensitive data. |