Exclude new private heuristics from swift sensitive credential

github · May 8, 2024 · 23fbfce · 23fbfce
1 parent 5f4bc41
commit 23fbfce
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll
@@ -49,6 +49,7 @@ class SensitiveCredential extends SensitiveDataType, TCredential {
     exists(SensitiveDataClassification classification |
       not classification = SensitiveDataClassification::password() and // covered by `SensitivePassword`
       not classification = SensitiveDataClassification::id() and // not accurate enough
+      not classification = SensitiveDataClassification::private() and // covered by `SensitivePrivateInfo`
       result = HeuristicNames::maybeSensitiveRegexp(classification)
     )
     or