Python: _ in var name not handled by sensitive-data-sources

RasmusWL · RasmusWL · commit 4a844312f4be · 2022-06-22T11:05:14.000+02:00
diff --git a/python/ql/test/experimental/dataflow/sensitive-data/test.py b/python/ql/test/experimental/dataflow/sensitive-data/test.py
@@ -37,6 +37,10 @@ def encrypt_password(pwd):
 x = f()
 print(x) # $ SensitiveUse=password
 
+# some prefixes makes us ignore it as a source
+not_found.isSecret
+not_found.is_secret # $ SPURIOUS: SensitiveDataSource=secret
+
 def my_func(non_sensitive_name):
     x = non_sensitive_name()
     print(x) # $ SensitiveUse=password
