Module SensitiveActions
Provides classes and predicates for identifying sensitive data and methods for security.
‘Sensitive’ data in general is anything that should not be sent around in unencrypted form. This library tries to guess where sensitive data may either be stored in a variable or produced by a method.
In addition, there are methods that ought not to be executed or not in a fashion that the user can control. This includes authorization methods such as logins, and sending of data, etc.
Import path
import semmle.go.security.SensitiveActionsImports
| go | Provides classes for working with Go programs. |
Classes
| AuthorizationCall | A call that may perform authorization. |
| CleartextPasswordExpr | An expression that might contain a clear-text password. |
| CredentialsFunctionName | A method that might return sensitive data, based on the name. |
| ProtectCall | A call to a function whose name suggests that it encodes or encrypts its arguments. |
| SensitiveAction | A sensitive action, such as transfer of sensitive data. |
| SensitiveCall | A function call that might produce sensitive data. |
| SensitiveDataFunctionName | A function name that suggests it may produce sensitive data. |
| SensitiveExpr | An expression that might contain sensitive data. |
| SensitiveFunctionName | A function name that suggests it may be sensitive. |
| SensitiveVariableAccess | An access to a variable or property that might contain sensitive data. |
| SensitiveWrite | A write to a location that might contain sensitive data. |
Modules
| HeuristicNames | Provides heuristics for identifying names related to sensitive information. |
| PasswordHeuristics | Provides heuristics for classifying passwords. |
| SensitiveExpr | Provides classes and predicates for classifying different kinds of sensitive data. |