Add a change note and reset the qhelp file

java/change-notes/2021-05-12-hardcoded-azure-credentials-in-api-call.md

@@ -0,0 +1,3 @@
+lgtm,codescanning
+* The query "Hard-coded credential in API call" (`java/hardcoded-credential-api-call`)
+  now recognizes hard-coded authentication credentials with Azure SDK for Java.

java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.qhelp

@@ -32,28 +32,6 @@
     Instead, the user name and password could be supplied through environment variables,
     which can be set externally without hard-coding credentials in the source code.
   </p>
-
-  <p>
-    The following code example connects to AWS using a hard-coded access key ID and secret key:
-  </p>
-
-  <sample src="HardcodedAWSCredentials.java"/>
-
-  <p>
-    Instead, the access key ID and secret key could be supplied through environment variables,
-    which can be set externally without hard-coding credentials in the source code.
-  </p>
-
-  <p>
-    The following code example connects to Azure using a hard-coded user name and password or client secret:
-  </p>
-
-  <sample src="HardcodedAzureCredentials.java"/>
-
-  <p>
-    Instead, the username and password or client secret could be supplied through environment variables,
-    which can be set externally without hard-coding credentials in the source code.
-  </p>
 </example>
 
 <references>
@@ -61,14 +39,6 @@
 OWASP:
 <a href="https://www.owasp.org/index.php/Use_of_hard-coded_password">Use of hard-coded password</a>.
 </li>
-<li>
-Microsoft:
-<a href="https://docs.microsoft.com/en-us/azure/developer/java/sdk/identity-user-auth#username-password-credential">Azure authentication with user credentials</a>.
-</li>
-<li>
-Amazon:
-<a href="https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html">Working with AWS Credentials</a>.
-</li>
 </references>
 
 </qhelp>