Module SensitiveActions

Sensitive data and methods for security.

‘Sensitive’ data in general is anything that should not be sent around in unencrypted form. This library tries to guess where sensitive data may either be stored in a variable or produced by a method.

In addition, there are methods that ought not to be executed or not in a fashion that the user can control. This includes authorization methods such as logins, and sending of data, etc.

Import path

semmle.code.java.security.SensitiveActions

Imports

java

Provides all default Java QL imports.

Classes

AuthMethod

A method that may perform authorization.

CredentialsMethod
SendingMethod

A method that sends data, and so should not be run conditionally on user input.

SensitiveDataMethod

A method that may produce sensitive data.

SensitiveExecutionMethod

A method whose execution may be sensitive.

SensitiveExpr

An expression that might contain sensitive data.

SensitiveMethodAccess

A method access that might produce sensitive data.

SensitiveVarAccess

Access to a variable that might contain sensitive data.