Module CleartextLoggingConfig

A taint tracking configuration for clear-text logging of sensitive information.

This configuration identifies flows from Sources, which are sources of sensitive data, to Sinks, which is an abstract class representing all the places sensitive data may be stored in clear-text. Additional sources or sinks can be added either by extending the relevant class, or by subclassing this configuration itself, and amending the sources and sinks.

Import path

import semmle.javascript.security.dataflow.CleartextLoggingQuery

Predicates

allowImplicitRead	Holds if an arbitrary number of implicit read steps of content `c` may be taken at `node`.
isAdditionalFlowStep	Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps.
isBarrier	Holds if data flow through `node` is prohibited. This completely removes `node` from the data flow graph.
isBarrierIn	Holds if data flow into `node` is prohibited.
isSink	Holds if `sink` is a relevant data flow sink.
isSource	Holds if `source` is a relevant data flow source.
observeDiffInformedIncrementalMode	Holds if sources and sinks should be filtered to only include those that may lead to a flow path with either a source or a sink in the location range given by `AlertFiltering`. This only has an effect when running in diff-informed incremental mode.