CodeQL library for Python
codeql/python-all 0.11.15-dev (changelog, source)
Index
Search

Module SensitiveDataModeling

Actual sensitive data modeling

Import path

import semmle.python.dataflow.new.SensitiveDataSources

Predicates

extraStepForCalls

Holds if the step from nodeFrom to nodeTo should be considered a taint-flow step for sensitive-data, to ensure calls are handled correctly.

sensitiveFunction

Gets a reference to a function that is considered to be a sensitive source of classification.

sensitiveLookupStringConst

Gets a reference (in local scope) to a string constant that, if used as the key in a lookup, indicates the presence of sensitive data with classification.

Classes

GetPassCall

A call to getpass.getpass, see https://docs.python.org/3.10/library/getpass.html#getpass.getpass

SensitiveAttributeAccess

An attribute access that is considered a source of sensitive data.

SensitiveFunctionCall

A function call that is considered a source of sensitive data.

SensitiveGetCall

A call to get on an object, where the key indicates the result will be sensitive data.

SensitiveParameter

A parameter where the name indicates it will receive sensitive data.

SensitiveSubscript

A subscript, where the key indicates the result will be sensitive data.

SensitiveVariableAssignment

A variable assignment (also including with/for) where the name indicates it contains sensitive data.