codeql
codeql copied to clipboard
Published
20 hours ago •
github
github
Ruby: Use additional sensitive data heuristics for CleartextSources
Depends on https://github.com/github/codeql/pull/16446.
This PR expands CleartextSources.qll to use additional sensitive data heuristics besides passwords.
Additionally, the cleartext storage and cleartext logging queries allow implicit read steps at sinks.
This finds new results in Railsgoat (https://github.com/github/codeql-team/issues/2367)
