Module SensitiveActions
Sensitive data and methods for security.
‘Sensitive’ data in general is anything that should not be sent around in unencrypted form. This library tries to guess where sensitive data may either be stored in a variable or produced by a method.
In addition, there are methods that ought not to be executed or not in a fashion that the user can control. This includes authorization methods such as logins, and sending of data, etc.
Import path
import semmle.code.java.security.SensitiveActions
Imports
java | Provides all default Java QL imports. |
Predicates
getCommonSensitiveInfoFPRegex | Gets a regular expression for matching common names of variables that indicate the value being held does not contains sensitive information, but is a false positive for |
getCommonSensitiveInfoRegex | Gets a regular expression for matching common names of variables that indicate the value being held contains sensitive information. |
Classes
AuthMethod | A method that may perform authorization. |
CredentialsMethod | |
SendingMethod | A method that sends data, and so should not be run conditionally on user input. |
SensitiveDataMethod | A method that may produce sensitive data. |
SensitiveExecutionMethod | A method whose execution may be sensitive. |
SensitiveExpr | An expression that might contain sensitive data. |
SensitiveMethodCall | A method access that might produce sensitive data. |
SensitiveVarAccess | Access to a variable that might contain sensitive data. |