A variable assignment (also including with/for) where the name indicates it contains sensitive data.
Note: We could make any access to a variable with a sensitive name a source of sensitive data, but to make path explanations in data-flow/taint-tracking good, we don’t want that, since it works against allowing users to understand the flow in the program (which is the whole point).
Note: To make data-flow/taint-tracking work, the expression that is assigned to the variable is marked as the source (as compared to marking the variable as the source).
Import path
import semmle.python.dataflow.new.SensitiveDataSourcesDirect supertypes
Fields
Predicates
| getClassification | Gets the classification of the sensitive data. |
Inherited predicates
| asCfgNode | Gets the control-flow node corresponding to this node, if any. | from Node |
| asExpr | Gets the expression corresponding to this node, if any. | from Node |
| getALocalSource | Gets a local source node from which data may flow to this node in zero or more local data-flow steps. | from Node |
| getEnclosingCallable | Gets the enclosing callable of this node. | from Node |
| getLocation | Gets the location of this node | from Node |
| getScope | Gets the scope of this node. | from Node |
| hasLocationInfo | Holds if this element is at the specified location. The location spans column | from Node |
| toString | Gets a textual representation of this element. | from Node |