Rust: Sensitive data library #18414
Rust: Sensitive data library #18414
Conversation
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| sink(pass_phrase); // $ MISSING: sensitive=password | ||
| sink(auth_key); // $ MISSING: sensitive=password |
There was a problem hiding this comment.
should we add those?
we should also consider that snake-case is the convention in rust for variables (by default you even have that flagged and many IDEs propose to fix the case automatically), so I think we should add snakecase counterparts to the camelcase heuristics (auth_key and authentication_key).
Also, if we add pass_phrase/passPhrase, we should probably also add passphrase.
There was a problem hiding this comment.
should we add those?
Yes we should, but I'd like to do it in the shared library and that requires agreement from other language teams (and wider testing). So it'll be a follow-up PR, and it is planned.
if we add pass_phrase/passPhrase, we should probably also add passphrase.
The regexs are all case insensitive, so passPhrase and passphrase should both be matched. I can add some test cases around this if you like?
| private import codeql.rust.dataflow.DataFlow | ||
|
|
||
| /** | ||
| * A data flow node that might contain sensitive data. |
There was a problem hiding this comment.
| * A data flow node that might contain sensitive data. | |
| * A data-flow node that might contain sensitive data. |
There was a problem hiding this comment.
We use "data flow" more commonly than "data-flow" at present I think. I don't really mind, but I'd like to move towards greater consistency.
| } | ||
|
|
||
| /** | ||
| * A function call data flow node that might produce sensitive data. |
There was a problem hiding this comment.
| * A function call data flow node that might produce sensitive data. | |
| * A function call data-flow node that might produce sensitive data. |
| } | ||
|
|
||
| /** | ||
| * A variable access data flow node that might produce sensitive data. |
There was a problem hiding this comment.
| * A variable access data flow node that might produce sensitive data. | |
| * A variable access data-flow node that might produce sensitive data. |
| sink(authenticationkey); // $ sensitive=password | ||
| sink(authKey); // $ sensitive=password | ||
|
|
||
| sink(ms); // $ MISSING: sensitive=password |
There was a problem hiding this comment.
Why should this one be sensitive=password?
There was a problem hiding this comment.
Because ms is a MyStruct which contains a sensitive field password. So if you transmitted the whole of ms plaintext you would be transmitting a password (and some other stuff) unencrypted.
Add a library for recognising sensitive data in Rust. The core logic in
SensitiveDataHeuristics.qllis shared between languages, the integration inSensitiveData.qllis Rust specific (so are the tests and summary queries).The implementation here is a bit minimal, there's a lot I want to improve both in the integration and in the shared library. However I'm keen to get something in place and working so that I can start building queries on top of this alongside making improvements to it.