hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #17100 from owen-mc/java/sensitive-log/ignore-tokenizer

Browse Source 
Java: whitelist variable names containing "tokenizer" for `java/sensitive-log`
This commit is contained in:
Owen Mansel-Chan
2024-07-31 12:16:03 +01:00
committed by GitHub
parent 59e22f6cd9 44b6309e07
commit 8901b1fd14
4 changed files with 21 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
java/ql/test/query-tests/security/CWE-532/Test.java
View File

@@ -1,28 +1,13 @@
import org.apache.logging.log4j.Logger;
class Test {
void test(String password) {
void test(String password, String authToken, String username, String nullToken, String stringTokenizer) {
Logger logger = null;
logger.info("User's password is: " + password); // $ hasTaintFlow
}
void test2(String authToken) {
Logger logger = null;
logger.error("Auth failed for: " + authToken); // $ hasTaintFlow
}
void test3(String username) {
Logger logger = null;
logger.error("Auth failed for: " + username); // Safe
}
void test4(String nullToken) {
Logger logger = null;
logger.error("Auth failed for: " + nullToken); // Safe
logger.error("Auth failed for: " + stringTokenizer); // Safe
}
}