Merge pull request #10006 from aschackmull/java/sensitive-log-dedup

Java: Remove SensitiveLoggingQuery results that flow through a source.
2026-04-27 17:55:19 +02:00 · 2022-08-11 09:26:33 +02:00
parent ced083be61 ecc15a1f95
commit 87461fece4
2 changed files with 6 additions and 0 deletions
--- a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
@@ -28,4 +28,6 @@ class SensitiveLoggerConfiguration extends TaintTracking::Configuration {
  override predicate isSanitizer(DataFlow::Node sanitizer) {
    sanitizer.asExpr() instanceof LiveLiteral
  }
+
+  override predicate isSanitizerIn(Node node) { isSource(node) }
 }
--- a/java/ql/src/change-notes/2022-08-10-sensitive-log-dedup.md
+++ b/java/ql/src/change-notes/2022-08-10-sensitive-log-dedup.md
@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* The query `java/sensitive-log` has been improved to no longer report results that are effectively duplicates due to one source flowing to another source.