Module SensitiveActions

Provides classes and predicates for identifying sensitive data and methods for security.

‘Sensitive’ data in general is anything that should not be sent around in unencrypted form. This library tries to guess where sensitive data may either be stored in a variable or produced by a method.

In addition, there are methods that ought not to be executed or not in a fashion that the user can control. This includes authorization methods such as logins, and sending of data, etc.

Import path

semmle.code.csharp.security.SensitiveActions

Imports

csharp

The default C# QL library.

Classes

AdditionalNonSensitiveStrings

A string for match that identifies strings that look like they don’t represent secret data.

AdditionalSensitiveStrings

A string for match that identifies strings that look like they represent secret data.

AuthMethod

A method that may perform authorization.

CredentialsMethod

A method that might return sensitive data, based on the name.

PasswordExpr

An expression that may contain a password.

SendingMethod

A method that sends data, and so should not be run conditionally on user input.

SensitiveDataMethod

A method that may produce sensitive data.

SensitiveExecutionMethod

A method whose execution may be sensitive.

SensitiveExpr

An expression that might contain sensitive data.

SensitiveLibraryParameter

A parameter to a library method that may hold a sensitive value.

SensitiveMethodAccess

A method access that might produce sensitive data.

SensitiveProperty

A property that may hold a sensitive value.

SensitiveVariable

A variable that may hold a sensitive value.

SensitiveVariableAccess

An access to a variable that might contain sensitive data.