codeql icon indicating copy to clipboard operation
codeql copied to clipboard
verified publisher icon github

Ruby: Use additional sensitive data heuristics for CleartextSources

Open joefarebrother opened this issue 1 year ago • 0 comments

Depends on https://github.com/github/codeql/pull/16446.

This PR expands CleartextSources.qll to use additional sensitive data heuristics besides passwords. Additionally, the cleartext storage and cleartext logging queries allow implicit read steps at sinks. This finds new results in Railsgoat (https://github.com/github/codeql-team/issues/2367)

joefarebrother avatar May 15 '24 21:05 joefarebrother