Merge pull request #19507 from michaelnebel/removehardcodedpassword

Exclude some queries from query suites by lowering their precision.
2026-04-26 17:25:19 +02:00 · 2025-05-21 11:13:14 +02:00
parent 789e881254 dabeddb62d
commit 2952c0d2b4
41 changed files with 50 additions and 36 deletions
--- a/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected
+++ b/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected
@@ -196,7 +196,6 @@ ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
 ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql
 ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
 ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
-ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql
 ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql
 ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql
 ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
--- a/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected
+++ b/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected
@@ -99,7 +99,6 @@ ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
 ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql
 ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
 ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
-ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql
 ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql
 ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql
 ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
--- a/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected
+++ b/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected
@@ -158,6 +158,7 @@ ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageClass.ql
 ql/java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql
 ql/java/ql/src/Security/CWE/CWE-319/UseSSL.ql
 ql/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql
+ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql
 ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsComparison.ql
 ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsSourceCall.ql
 ql/java/ql/src/Security/CWE/CWE-798/HardcodedPasswordField.ql
--- a/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql
+++ b/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql
@@ -4,7 +4,7 @@
 * @kind path-problem
 * @problem.severity error
 * @security-severity 9.8
- * @precision medium
+ * @precision low
 * @id java/hardcoded-credential-api-call
 * @tags security
 *       external/cwe/cwe-798
--- a/java/ql/src/change-notes/2025-05-16-hardcoded-credentials.md
+++ b/java/ql/src/change-notes/2025-05-16-hardcoded-credentials.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The query `java/hardcoded-credential-api-call` has been removed from all query suites.