Skip to content

Java: CWE-532 sensitive info logging #3090

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
aschackmull merged 12 commits into from
May 14, 2020
Merged

Java: CWE-532 sensitive info logging #3090

Changes from 1 commit
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
dfb42ec
Address sensitive info logging
luchua-bc Mar 18, 2020
d932770
Fix the issue of mixed tabs and spaces
luchua-bc Mar 18, 2020
048a33e
Remove user ids from the check since they get logged a lot and are le…
luchua-bc Mar 27, 2020
000d894
Include Gradle Logging
luchua-bc Mar 28, 2020
a256065
Update java/ql/src/experimental/CWE-532/SensitiveInfoLog.qhelp
luchua-bc May 4, 2020
a6c9c51
Update java/ql/src/experimental/CWE-532/SensitiveInfoLog.ql
luchua-bc May 4, 2020
5c803b7
The query help builder will interpret and automatically add this refe…
luchua-bc May 4, 2020
491b67e
Change string concatenation in the source to TaintTracking::Configura…
luchua-bc May 13, 2020
ffd442a
Fine tuning criteria
luchua-bc May 13, 2020
d9cc3c6
Add a comment for reasoning in why debug and trace are included and o…
luchua-bc May 13, 2020
632cb8b
Simplify CredentialExpr as the AddExpr step is included by TaintTrack…
luchua-bc May 13, 2020
7b88988
Convert to path-problem query
luchua-bc May 13, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Simplify CredentialExpr as the AddExpr step is included by TaintTrack… 
…ing::localTaintStep(node1, node2)
  • Loading branch information
@luchua-bc
luchua-bc authored May 13, 2020
commit 632cb8b666083615394a509c839d19ca40a2bb6c
8 changes: 2 additions & 6 deletions java/ql/src/experimental/CWE-532/SensitiveInfoLog.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,14 +20,10 @@ private string getACredentialRegex() {
result = "(?i)(.*username|url).*"
}

/** The variable or concatenated string with the variable that keeps sensitive information judging by its name * */
/** Variable keeps sensitive information judging by its name * */
class CredentialExpr extends Expr {
CredentialExpr() {
exists(Variable v |
(this.(AddExpr).getAnOperand() = v.getAnAccess() or this = v.getAnAccess())
|
v.getName().regexpMatch(getACredentialRegex())
)
exists(Variable v | this = v.getAnAccess() | v.getName().regexpMatch(getACredentialRegex()))
}
}

Expand Down