hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add live literals as sanitizers for sensitive logging

Browse Source
This commit is contained in:
Tony Torralba
2022-05-05 12:32:10 +02:00
parent 5db8306fef
commit f0a0ac100b
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/src/change-notes/2022-05-12-sensitive-log-improvements.md
View File

@@ -1,4 +1,7 @@
---
category: minorAnalysis
---
* Query `java/sensitive-log` no longer considers usernames as sensitive information. Also, the conditions to consider a variable a constant (and therefore exclude it as user-provided sensitive information) have been tightened.
* Query `java/sensitive-log` has received several improvements.
* It no longer considers usernames as sensitive information.
* The conditions to consider a variable a constant (and therefore exclude it as user-provided sensitive information) have been tightened.
* A sanitizer has been added to handle certain elements introduced by a Kotlin compiler plugin that have deceptive names.