@@ -22,64 +22,56 @@ abstract class SensitiveData extends DataFlow::Node {
2222}
2323
2424/**
25- * A function that might produce sensitive data.
26- */
27- private class SensitiveDataFunction extends Function {
28- SensitiveDataClassification classification ;
29-
30- SensitiveDataFunction ( ) {
31- HeuristicNames:: nameIndicatesSensitiveData ( this .getName ( ) .getText ( ) , classification )
32- }
33-
34- SensitiveDataClassification getClassification ( ) { result = classification }
35- }
36-
37- /**
38- * A function call data flow node that might produce sensitive data.
25+ * A function call or enum variant data flow node that might produce sensitive data.
3926 */
4027private class SensitiveDataCall extends SensitiveData {
4128 SensitiveDataClassification classification ;
4229
4330 SensitiveDataCall ( ) {
44- classification =
45- this .asExpr ( )
46- .getAstNode ( )
47- .( CallExprBase )
48- .getStaticTarget ( )
49- .( SensitiveDataFunction )
50- .getClassification ( )
31+ exists ( CallExprBase call , string name |
32+ call = this .asExpr ( ) .getExpr ( ) and
33+ name =
34+ [
35+ call .getStaticTarget ( ) .( Function ) .getName ( ) .getText ( ) ,
36+ call .( CallExpr ) .getVariant ( ) .getName ( ) .getText ( ) ,
37+ ] and
38+ HeuristicNames:: nameIndicatesSensitiveData ( name , classification )
39+ )
5140 }
5241
5342 override SensitiveDataClassification getClassification ( ) { result = classification }
5443}
5544
5645/**
57- * A variable that might contain sensitive data.
46+ * A variable access data flow node that might be sensitive data.
5847 */
59- private class SensitiveDataVariable extends Variable {
48+ private class SensitiveVariableAccess extends SensitiveData {
6049 SensitiveDataClassification classification ;
6150
62- SensitiveDataVariable ( ) {
63- HeuristicNames:: nameIndicatesSensitiveData ( this .getText ( ) , classification )
51+ SensitiveVariableAccess ( ) {
52+ HeuristicNames:: nameIndicatesSensitiveData ( this .asExpr ( )
53+ .getExpr ( )
54+ .( VariableAccess )
55+ .getVariable ( )
56+ .( Variable )
57+ .getText ( ) , classification )
6458 }
6559
66- SensitiveDataClassification getClassification ( ) { result = classification }
60+ override SensitiveDataClassification getClassification ( ) { result = classification }
6761}
6862
63+ private Expr fieldExprParentField ( FieldExpr fe ) { result = fe .getParentNode ( ) }
64+
6965/**
70- * A variable access data flow node that might produce sensitive data.
66+ * A field access data flow node that might be sensitive data.
7167 */
72- private class SensitiveVariableAccess extends SensitiveData {
68+ private class SensitiveFieldAccess extends SensitiveData {
7369 SensitiveDataClassification classification ;
7470
75- SensitiveVariableAccess ( ) {
76- classification =
77- this .asExpr ( )
78- .getAstNode ( )
79- .( VariableAccess )
80- .getVariable ( )
81- .( SensitiveDataVariable )
82- .getClassification ( )
71+ SensitiveFieldAccess ( ) {
72+ exists ( FieldExpr fe | fieldExprParentField * ( fe ) = this .asExpr ( ) .getExpr ( ) |
73+ HeuristicNames:: nameIndicatesSensitiveData ( fe .getIdentifier ( ) .getText ( ) , classification )
74+ )
8375 }
8476
8577 override SensitiveDataClassification getClassification ( ) { result = classification }
0 commit comments