Fix references to logging library

2025-12-24 04:36:35 +01:00 · 2021-11-04 09:15:57 +01:00
parent ea7e259cfc
commit 6613a98e02
3 changed files with 3 additions and 6 deletions
--- a/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll
@@ -2,7 +2,6 @@ import java
 import DataFlow
 import semmle.code.java.frameworks.Networking
 import semmle.code.java.security.QueryInjection
-import experimental.semmle.code.java.Logging

 /**
 * A data flow source of the client ip obtained according to the remote endpoint identifier specified
--- a/java/ql/src/experimental/Security/CWE/CWE-532/SensitiveInfoLog.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-532/SensitiveInfoLog.ql
@@ -11,9 +11,9 @@
 */

 import java
+import semmle.code.java.dataflow.ExternalFlow
 import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.security.SensitiveActions
-import experimental.semmle.code.java.Logging
 import DataFlow
 import PathGraph

@@ -36,9 +36,7 @@ class LoggerConfiguration extends DataFlow::Configuration {

  override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CredentialExpr }

-  override predicate isSink(DataFlow::Node sink) {
-    exists(LoggingCall c | sink.asExpr() = c.getALogArgument())
-  }
+  override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "logging") }

  override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
    TaintTracking::localTaintStep(node1, node2)