Module SensitiveActions
Provides classes and predicates for identifying sensitive data and methods for security.
‘Sensitive’ data in general is anything that should not be sent around in unencrypted form. This library tries to guess where sensitive data may either be stored in a variable or produced by a method.
In addition, there are methods that ought not to be executed or not in a fashion that the user can control. This includes authorization methods such as logins, and sending of data, etc.
Import path
import codeql.ruby.security.SensitiveActions
Imports
SensitiveDataHeuristics | INTERNAL: Do not use. |
Classes
AuthorizationCall | A call that may perform authorization. |
CredentialsMethodName | A method name that might return sensitive credential data. |
SensitiveAction | A sensitive action, such as transfer of sensitive data. |
SensitiveCall | A method call that might produce sensitive data. |
SensitiveDataMethodName | A method name that suggests it may produce sensitive data. |
SensitiveMethodName | A method name that suggests it may be sensitive. |
SensitiveNode | An expression that might contain sensitive data. |
SensitiveVariableAccess | An access to a variable or hash value that might contain sensitive data. |
SensitiveWrite | A write to a location that might contain sensitive data. |