hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 19:29:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
20cfe291995f1631f9672a8f19aab75a7bfbf511
codeql/java/ql
History
MarkLee131 20cfe29199 Java: reduce false positives in sensitive-log by expanding FP exclusion regex 
The getCommonSensitiveInfoFPRegex() only excluded "null", "tokenizer", and
"tokenImage", causing widespread false positives for common non-sensitive
variable names containing "token" or "secret".

This adds exclusions for three categories:
- Pagination/iteration tokens: nextToken (AWS SDK), pageToken (GCP),
  continuationToken (Azure), etc.
- Token metadata: tokenType (OAuth), tokenEndpoint (OIDC), tokenCount,
  tokenIndex, tokenLength, tokenUrl, etc.
- Secret metadata: secretName (K8s/AWS), secretId (Azure),
  secretVersion, secretArn, secretPath, etc.

All truly sensitive variable names (accessToken, clientSecret, secretKey,
refreshToken, etc.) remain correctly flagged.
2026-04-04 21:33:35 +08:00
..
automodel/src
Merge branch 'main' into henrymercer/merge-back-rc-3.16
2024-12-04 13:39:10 +00:00
consistency-queries
Java: Align BinaryExpr.getOp() with AssignOp.getOp().
2026-03-04 13:46:04 +01:00
examples
Java: Rename ReturnStmt.getResult to getExpr.
2026-02-04 14:43:31 +01:00
integration-tests
Kotlin: accept integration test changes
2026-03-30 14:21:19 +02:00
lib
Java: reduce false positives in sensitive-log by expanding FP exclusion regex
2026-04-04 21:33:35 +08:00
src
Merge branch 'main' of https://github.com/github/codeql into post-release-prep/codeql-cli-2.25.1
2026-03-30 10:51:12 +02:00
test
Java: reduce false positives in sensitive-log by expanding FP exclusion regex
2026-04-04 21:33:35 +08:00
test-kotlin1
Java: Make Assignment extend BinaryExpr.
2026-03-05 11:31:59 +01:00
test-kotlin2
Kotlin: accept test changes
2026-03-30 15:35:19 +02:00