Java: Remove SensitiveLoggingQuery results that flow through a source.

2026-04-29 18:55:14 +02:00 · 2022-08-10 14:28:07 +02:00
parent 8c32758ae5
commit ecc15a1f95
2 changed files with 6 additions and 0 deletions
--- a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
@@ -28,4 +28,6 @@ class SensitiveLoggerConfiguration extends TaintTracking::Configuration {
  override predicate isSanitizer(DataFlow::Node sanitizer) {
    sanitizer.asExpr() instanceof LiveLiteral
  }
+
+  override predicate isSanitizerIn(Node node) { isSource(node) }
 }
--- a/java/ql/src/change-notes/2022-08-10-sensitive-log-dedup.md
+++ b/java/ql/src/change-notes/2022-08-10-sensitive-log-dedup.md
@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* The query `java/sensitive-log` has been improved to no longer report results that are effectively duplicates due to one source flowing to another source.