|
| 1 | +/** |
| 2 | + * Provides classes and predicates for identifying private data and methods for security. |
| 3 | + * |
| 4 | + * 'Private' data in general is anything that would compromise user privacy if exposed. This |
| 5 | + * library tries to guess where private data may either be stored in a variable or produced by a |
| 6 | + * method. |
| 7 | + * |
| 8 | + * This library is not concerned with credentials. See `SensitiveActions` for expressions related |
| 9 | + * to credentials. |
| 10 | + */ |
| 11 | + |
| 12 | +import csharp |
| 13 | +import semmle.code.csharp.frameworks.system.windows.Forms |
| 14 | + |
| 15 | +/** A string for `match` that identifies strings that look like they represent private data. */ |
| 16 | +private string privateNames() { |
| 17 | + result = |
| 18 | + [ |
| 19 | + // Inspired by the list on https://cwe.mitre.org/data/definitions/359.html |
| 20 | + // Government identifiers, such as Social Security Numbers |
| 21 | + "%social%security%number%", |
| 22 | + // Contact information, such as home addresses and telephone numbers |
| 23 | + "%postcode%", "%zipcode%", "%telephone%", |
| 24 | + // Geographic location - where the user is (or was) |
| 25 | + "%latitude%", "%longitude%", |
| 26 | + // Financial data - such as credit card numbers, salary, bank accounts, and debts |
| 27 | + "%creditcard%", "%salary%", "%bankaccount%", |
| 28 | + // Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc. |
| 29 | + "%email%", "%mobile%", "%employer%", |
| 30 | + // Health - medical conditions, insurance status, prescription records |
| 31 | + "%medical%" |
| 32 | + ] |
| 33 | +} |
| 34 | + |
| 35 | +/** An expression that might contain private data. */ |
| 36 | +abstract class PrivateDataExpr extends Expr { } |
| 37 | + |
| 38 | +/** A method call that might produce private data. */ |
| 39 | +class PrivateMethodCall extends PrivateDataExpr, MethodCall { |
| 40 | + PrivateMethodCall() { |
| 41 | + exists(string s | this.getTarget().getName().toLowerCase() = s | s.matches(privateNames())) |
| 42 | + } |
| 43 | +} |
| 44 | + |
| 45 | +/** An indexer access that might produce private data. */ |
| 46 | +class PrivateIndexerAccess extends PrivateDataExpr, IndexerAccess { |
| 47 | + PrivateIndexerAccess() { |
| 48 | + exists(string s | this.getAnIndex().getValue().toLowerCase() = s | s.matches(privateNames())) |
| 49 | + } |
| 50 | +} |
| 51 | + |
| 52 | +/** An access to a variable that might contain private data. */ |
| 53 | +class PrivateVariableAccess extends PrivateDataExpr, VariableAccess { |
| 54 | + PrivateVariableAccess() { |
| 55 | + exists(string s | this.getTarget().getName().toLowerCase() = s | s.matches(privateNames())) |
| 56 | + } |
| 57 | +} |
| 58 | + |
| 59 | +/** Reading the text property of a control that might contain private data. */ |
| 60 | +class PrivateControlAccess extends PrivateDataExpr { |
| 61 | + PrivateControlAccess() { |
| 62 | + exists(TextControl c | |
| 63 | + this = c.getARead() and c.getName().toLowerCase().matches(privateNames()) |
| 64 | + ) |
| 65 | + } |
| 66 | +} |
0 commit comments