A variable assignment (also including with/for) where the name indicates it contains sensitive data.
Note: We could make any access to a variable with a sensitive name a source of sensitive data, but to make path explanations in data-flow/taint-tracking good, we don’t want that, since it works against allowing users to understand the flow in the program (which is the whole point).
Note: To make data-flow/taint-tracking work, the expression that is assigned to the variable is marked as the source (as compared to marking the variable as the source).
Import path
import semmle.python.dataflow.new.SensitiveDataSources
Direct supertypes
Fields
Predicates
getClassification | Gets the classification of the sensitive data. |
Inherited predicates
asCfgNode | Gets the control-flow node corresponding to this node, if any. | from Node |
asExpr | Gets the expression corresponding to this node, if any. | from Node |
getALocalSource | Gets a local source node from which data may flow to this node in zero or more local data-flow steps. | from Node |
getEnclosingCallable | Gets the enclosing callable of this node. | from Node |
getLocation | Gets the location of this node | from Node |
getScope | Gets the scope of this node. | from Node |
hasLocationInfo | Holds if this element is at the specified location. The location spans column | from Node |
toString | Gets a textual representation of this element. | from Node |