hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update change note; drop unnecessary import

Browse Source
This commit is contained in:
Chris Smowton
2021-09-30 15:00:13 +01:00
parent b0983cb726
commit cb4ce36d3c
2 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
java/change-notes/2021-05-24-hardcoded-shiro-key-in-api-call.md
View File

@@ -1,2 +1,3 @@
lgtm,codescanning lgtm,codescanning
* The query "Hard-coded credential in API call" (`java/hardcoded-credential-api-call`) can now detect a hard-coded Apache Shiro cipher key. * The query "Hard-coded credential in API call" (`java/hardcoded-credential-api-call`) can now detect a hard-coded Apache Shiro cipher key.
* The query "Hard-coded credential in API call" (`java/hardcoded-credential-api-call`) now detected hard-coded credentials that are Base64 encoded or decoded before use.

1
java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql
View File

@@ -14,7 +14,6 @@ import java
import semmle.code.java.dataflow.DataFlow import semmle.code.java.dataflow.DataFlow
import HardcodedCredentials import HardcodedCredentials
import DataFlow::PathGraph import DataFlow::PathGraph
import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
class HardcodedCredentialApiCallConfiguration extends DataFlow::Configuration { class HardcodedCredentialApiCallConfiguration extends DataFlow::Configuration {
HardcodedCredentialApiCallConfiguration() { this = "HardcodedCredentialApiCallConfiguration" } HardcodedCredentialApiCallConfiguration() { this = "HardcodedCredentialApiCallConfiguration" }