Ruby/Python/JS/Swift: Add category of Private information to shared sensitive data heuristics

[joefarebrother]

Adds a category of private information to the shared sensitive data heuristics file. This may result in new results for the following queries:

• rb/sensitive-get-query
• py/clear-text-storage-sensitive-data
• py/clear-text-logging-sensitive-data
• py/weak-sensitive-data-hashing
• js/clear-text-stotage-sensitive-data
• js/clear-text-logging

[joefarebrother]

@geoffw0 What are the next steps for this? Should I just be waiting for an approval from each language team?

[erik-krogh]

@joefarebrother: Could you summarise what changed results your evaluations showed.
What new results appeared for which queries, do you think they look good, and there any results that look bad, and is there any noticeable performance impact.

[joefarebrother]

@erik-krogh There are new results for rb/sensitive-get-query, py/clear-text-storage-sensitive-data, and py/clear-text-logging-sensitive-data. and py/weak-sensitive-data-hashing.

New results in ruby sensitive get looks like a few TPs from new heuristics. (The MRVA run that restricts to only new heuristics shows some apparent FPs, but they are also present in the run of the full version of the query prior to changes; and appear to be the result of some nodes being spuriously detected as calls to several different methods including those matching sensitive heuristics)

Python cleartext storage and weak sensitive hashing have a few new results for which the sources look like TPs from new heuristics. Python cleartext logging has many new results (as the query has a lot of sinks); going through them they look like mostly TPs. I did notice just one FP from an attribute named SSN that was not a social security number. There is no noticable performance impact.

[alexrford]

Ruby 👍 - the new results seem pretty reasonable.