Skip to content
You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
You switched accounts on another tab or window.
Reload
to refresh your session.
Dismiss alert
{{ message }}
github
/
codeql
Public
Notifications
You must be signed in to change notification settings
Fork
1.5k
Star
7.6k
Code
Issues
794
Pull requests
356
Discussions
Actions
Projects
0
Security
Insights
Additional navigation options
Code
Issues
Pull requests
Discussions
Actions
Projects
Security
Insights
Files
main
Breadcrumbs
codeql
/
python
/
ql
/
src
/
Security
/
CWE-312
/
CleartextStorage.ql
Blame
Blame
Latest commit
History
History
27 lines (25 loc) · 965 Bytes
main
Breadcrumbs
codeql
/
python
/
ql
/
src
/
Security
/
CWE-312
/
CleartextStorage.ql
Top
File metadata and controls
Code
Blame
27 lines (25 loc) · 965 Bytes
Raw
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/**
* @name Clear-text storage of sensitive information
* @description Sensitive information stored without encryption or hashing can expose it to an
* attacker.
* @kind path-problem
* @problem.severity error
* @security-severity 7.5
* @precision high
* @id py/clear-text-storage-sensitive-data
* @tags security
* external/cwe/cwe-312
* external/cwe/cwe-315
* external/cwe/cwe-359
*/
import
python
private
import
semmle.python.dataflow.new.DataFlow
import
CleartextStorageFlow
::
PathGraph
import
semmle.python.security.dataflow.CleartextStorageQuery
from
CleartextStorageFlow
::
PathNode
source
,
CleartextStorageFlow
::
PathNode
sink
,
string
classification
where
CleartextStorageFlow
::
flowPath
(
source
,
sink
)
and
classification
=
source
.
getNode
(
)
.
(
Source
)
.
getClassification
(
)
select
sink
.
getNode
(
)
,
source
,
sink
,
"This expression stores $@ as clear text."
,
source
.
getNode
(
)
,
"sensitive data ("
+
classification
+
")"
You can’t perform that action at this time.