MarkLee131 20cfe29199 Java: reduce false positives in sensitive-log by expanding FP exclusion regex ...

The getCommonSensitiveInfoFPRegex() only excluded "null", "tokenizer", and
"tokenImage", causing widespread false positives for common non-sensitive
variable names containing "token" or "secret".

This adds exclusions for three categories:
- Pagination/iteration tokens: nextToken (AWS SDK), pageToken (GCP),
  continuationToken (Azure), etc.
- Token metadata: tokenType (OAuth), tokenEndpoint (OIDC), tokenCount,
  tokenIndex, tokenLength, tokenUrl, etc.
- Secret metadata: secretName (K8s/AWS), secretId (Azure),
  secretVersion, secretArn, secretPath, etc.

All truly sensitive variable names (accessToken, clientSecret, secretKey,
refreshToken, etc.) remain correctly flagged.

2026-04-04 21:33:35 +08:00

..

code

Java: reduce false positives in sensitive-log by expanding FP exclusion regex

2026-04-04 21:33:35 +08:00

files

Overlay: Add overlay annotations to Java & shared libraries

2025-06-24 10:25:06 +02:00