# CodeQL Query: Cache and Export Leak

## Ziel
Finde Leaks sensibler Daten in Caches, Files, Reports und Exportpfaden.

## Sources
- Sensitive payment attributes (pan, cvv, track2)
- Full transaction objects with sensitive fields

## Sinks
- Redis/Memcache writes
- Temp file writes
- CSV/PDF/Excel exports
- Report builders

## Mapped Controls
- `DATA-004`: Temporaere Speicher ohne sensitive Daten
- `DATA-005`: Sensitive Daten in Telemetrie nicht offengelegt
- `DATA-011`: Batch/Queue ohne unnoetige sensitive Felder
- `REPORT-005`: Berichte beruecksichtigen Zeitzonen konsistent