CodeQL library for Java
Search

Module SensitiveActions

Sensitive data and methods for security.

‘Sensitive’ data in general is anything that should not be sent around in unencrypted form. This library tries to guess where sensitive data may either be stored in a variable or produced by a method.

In addition, there are methods that ought not to be executed or not in a fashion that the user can control. This includes authorization methods such as logins, and sending of data, etc.

Import path

import semmle.code.java.security.SensitiveActions

Imports

java

Provides all default Java QL imports.

Predicates

getCommonSensitiveInfoRegex

Gets a regular expression for matching common names of variables that indicate the value being held contains sensitive information.

Classes

AuthMethod

A method that may perform authorization.

CredentialsMethod
SendingMethod

A method that sends data, and so should not be run conditionally on user input.

SensitiveDataMethod

A method that may produce sensitive data.

SensitiveExecutionMethod

A method whose execution may be sensitive.

SensitiveExpr

An expression that might contain sensitive data.

SensitiveMethodAccess

A method access that might produce sensitive data.

SensitiveVarAccess

Access to a variable that might contain sensitive data.