forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathSensitiveData.ql
More file actions
36 lines (30 loc) · 1.19 KB
/
SensitiveData.ql
File metadata and controls
36 lines (30 loc) · 1.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
import rust
import codeql.rust.dataflow.DataFlow
import codeql.rust.dataflow.TaintTracking
import codeql.rust.security.SensitiveData
import utils.test.InlineExpectationsTest
/**
* Configuration for flow from any sensitive data source to an argument of the function `sink`.
*/
module SensitiveDataConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof SensitiveData }
predicate isSink(DataFlow::Node sink) {
any(CallExpr call |
call.getFunction().(PathExpr).getPath().getSegment().getIdentifier().getText() = "sink"
).getArgList().getAnArg() = sink.asExpr().getExpr()
}
}
module SensitiveDataFlow = TaintTracking::Global<SensitiveDataConfig>;
module SensitiveDataTest implements TestSig {
string getARelevantTag() { result = "sensitive" }
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(DataFlow::Node source, DataFlow::Node sink |
SensitiveDataFlow::flow(source, sink) and
location = sink.getLocation() and
element = sink.toString() and
tag = "sensitive" and
value = source.(SensitiveData).getClassification()
)
}
}
import MakeTest<SensitiveDataTest>