CodeQL library for Python
codeql/python-all 0.11.12 (changelog, source)
Search

Module HeuristicNames

INTERNAL: Do not use.

Provides heuristics for identifying names related to sensitive information.

Import path

import semmle.python.security.internal.SensitiveDataHeuristics

Predicates

maybeAccountInfo

Gets a regular expression that identifies strings that may indicate the presence of user names or other account information.

maybeCertificate

Gets a regular expression that identifies strings that may indicate the presence of a certificate.

maybePassword

Gets a regular expression that identifies strings that may indicate the presence of a password or an authorization key.

maybeSecret

Gets a regular expression that identifies strings that may indicate the presence of secret or trusted data.

maybeSensitiveRegexp

Gets a regular expression that identifies strings that may indicate the presence of sensitive data, with classification describing the kind of sensitive data involved.

nameIndicatesSensitiveData

Holds if name may indicate the presence of sensitive data, and name does not indicate that the data is in fact non-sensitive (for example since it is hashed or encrypted). classification describes the kind of sensitive data involved.

notSensitiveRegexp

Gets a regular expression that identifies strings that may indicate the presence of data that is hashed or encrypted, and hence rendered non-sensitive, or contains special characters suggesting nouns within the string do not represent the meaning of the whole string (e.g. a URL or a SQL query).