hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add change note, minor docs improvement

Browse Source
This commit is contained in:
Joe Farebrother
2022-03-11 17:58:52 +00:00
parent 594d51e84d
commit b924de631f
3 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.java
View File

@@ -14,5 +14,6 @@ public static void main(String[] args) {
String password = "Pass@0rd"; String password = "Pass@0rd";
// GOOD: user password is never written to debug log // GOOD: user password is never written to debug log
logger.debug("User password changed")
} }
} }

2
java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql
View File

@@ -5,7 +5,7 @@
* @kind path-problem * @kind path-problem
* @problem.severity warning * @problem.severity warning
* @precision medium * @precision medium
* @id java/sensitiveinfo-in-logfile * @id java/sensitive-log
* @tags security * @tags security
* external/cwe/cwe-532 * external/cwe/cwe-532
*/ */

4
java/ql/src/change-notes/2022-03-11-sensitive-logging.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: newQuery
---
* The query "Insertion of sensitive information into log files" (`java/sensitive-logging`) has been promoted from experimental to the main query pack. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/3090).