hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 01:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add a comment for reasoning in why debug and trace are included and other variations are excluded

Browse Source
This commit is contained in:
Bt2018
2020-05-13 07:46:44 -04:00
committed by GitHub
parent ffd442a17a
commit d9cc3c6f8d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/experimental/CWE-532/SensitiveInfoLog.ql
View File

@@ -42,7 +42,7 @@ class LoggerType extends RefType {
predicate isSensitiveLoggingSink(DataFlow::Node sink) {
exists(MethodAccess ma |
ma.getMethod().getDeclaringType() instanceof LoggerType and
(ma.getMethod().hasName("debug") or ma.getMethod().hasName("trace")) and
(ma.getMethod().hasName("debug") or ma.getMethod().hasName("trace")) and //Check low priority log levels which are more likely to be real issues to reduce false positives
sink.asExpr() = ma.getAnArgument()
)
}