hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update java/ql/src/experimental/CWE-532/SensitiveInfoLog.ql

Browse Source 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
This commit is contained in:
Bt2018
2020-05-04 06:58:34 -04:00
committed by GitHub
parent a2560656d5
commit a6c9c5117f
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/src/experimental/CWE-532/SensitiveInfoLog.ql
View File

@@ -1,7 +1,7 @@
/**
* @id java/sensitiveinfo-in-logfile
* @name Insertion of sensitive information into log files
* @description Writting sensitive information to log files can give valuable guidance to an attacker or expose sensitive user information.
* @description Writing sensitive information to log files can give valuable guidance to an attacker or expose sensitive user information.
* @kind problem
* @tags security
* external/cwe-532
@@ -80,4 +80,3 @@ class SensitiveLoggingConfig extends Configuration {
from Node source, Node sink, SensitiveLoggingConfig conf, MethodAccess ma
where conf.hasFlow(source, sink) and ma.getAnArgument() = source.asExpr() and ma.getAnArgument() = sink.asExpr()
select "Outputting sensitive information $@ in method call $@.", source, ma, "to log files"