CodeQL library for JavaScript/TypeScript
codeql/javascript-all 0.9.0 (changelog, source)
Search

Predicate HeuristicNames::notSensitiveRegexp

Gets a regular expression that identifies strings that may indicate the presence of data that is hashed or encrypted, and hence rendered non-sensitive, or contains special characters suggesting nouns within the string do not represent the meaning of the whole string (e.g. a URL or a SQL query).

We also filter out common words like certain and concert, since otherwise these could be matched by the certificate regular expressions. Same for accountable (account), or secretarial (secret).

Import path

import javascript
string notSensitiveRegexp()