hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 19:29:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
20cfe291995f1631f9672a8f19aab75a7bfbf511
codeql/java/ql/test/query-tests
History
MarkLee131 20cfe29199 Java: reduce false positives in sensitive-log by expanding FP exclusion regex 
The getCommonSensitiveInfoFPRegex() only excluded "null", "tokenizer", and
"tokenImage", causing widespread false positives for common non-sensitive
variable names containing "token" or "secret".

This adds exclusions for three categories:
- Pagination/iteration tokens: nextToken (AWS SDK), pageToken (GCP),
  continuationToken (Azure), etc.
- Token metadata: tokenType (OAuth), tokenEndpoint (OIDC), tokenCount,
  tokenIndex, tokenLength, tokenUrl, etc.
- Secret metadata: secretName (K8s/AWS), secretId (Azure),
  secretVersion, secretArn, secretPath, etc.

All truly sensitive variable names (accessToken, clientSecret, secretKey,
refreshToken, etc.) remain correctly flagged.
2026-04-04 21:33:35 +08:00
..
AlertSuppression
AlertSuppression: add more tests
2022-12-19 16:43:11 +01:00
AmbiguousOuterSuper
Fix and add test for java/subtle-inherited-call involving inheritence from generic types
2022-09-14 22:17:19 +01:00
AutoBoxing
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
AvoidDeprecatedCallableAccess
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
BadAbsOfRandom
Add support for java.util.concurrent.ThreadLocalRandom
2021-03-08 10:59:53 +00:00
BadCheckOdd
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
BoxedVariable
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
BusyWait
Java: Adjust toString() for statements
2021-06-03 16:27:36 +02:00
CallsToRunnableRun
Java: update existing tests to services tests
2025-06-29 22:41:47 -04:00
CallsToSystemExit
Java: Fix java/jvm-exit false positives for local nested classes in test methods
2025-08-21 14:20:49 +00:00
CloseResource
Java: Improve not closing resource query; add tests
2021-05-11 19:32:02 +02:00
CompareIdenticalValues
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
ComplexCondition
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
ConfusingOverloading
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
ConstantExpAppearsNonConstant
Java: Add new query for large left shifts and bugfix ConstantExpAppearsNonConstant.
2020-01-28 10:13:34 +01:00
ConstantLoopCondition
Java: Adjust toString() for statements
2021-06-03 16:27:36 +02:00
ContainerSizeCmpZero
Java: Fix tests.
2019-06-27 13:20:03 +02:00
ContinueInFalseLoop
Java: Override toString() for statements
2021-06-03 16:27:35 +02:00
ContradictoryTypeChecks
update alert-messsages of java queries
2022-09-26 12:15:25 +02:00
dead-code
update expected output after changing queries
2022-08-23 12:35:32 +02:00
DeadCode
Java: add test for Apache Camel dead-code analysis
2024-08-15 17:26:38 +01:00
Declarations
Java: Override toString() for statements
2021-06-03 16:27:35 +02:00
DefineEqualsWhenAddingFields
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
definitions
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
DoNotCallFinalize
Java: update comments in tests
2025-04-01 15:48:52 -04:00
DoubleCheckedLocking
Java: Override toString() for statements
2021-06-03 16:27:35 +02:00
EmptyMethod
Clean test files and add new test cases
2025-03-20 09:32:27 +01:00
EqualsArray
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
EqualsUsesInstanceOf
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
Escaping
java: Inline expectation should have space before $
2026-03-04 13:11:33 +00:00
ExcessivePublicMethodMocking
Java: moved java/mocking-all-non-private-methods-means-unit-test-is-too-big to a more appropriate location, namely Violation of Best Practice/Testing
2025-08-28 14:20:19 +02:00
ExposeRepresentation
Java: avoid call to Location.toString()
2023-06-01 17:06:34 +01:00
Finally
Java: Override toString() for statements
2021-06-03 16:27:35 +02:00
HashedButNoHash
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
IgnoredSerializationMembersOfRecordClass
Rename query
2025-07-08 11:28:12 +02:00
IgnoreExceptionalReturn
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
ImpossibleCast
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
InconsistentEqualsHashCode
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
InconsistentOperations
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
InefficientOutputStream
update alert-messsages of java queries
2022-09-26 12:15:25 +02:00
InnerClassCouldBeStatic
test example for ODASA-6859
2019-01-17 23:30:39 +01:00
Iterable
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
IteratorRemoveMayFail
update alert-messsages of java queries
2022-09-26 12:15:25 +02:00
Javadoc
Revert "Java: Adjust ImpossibleJavadocThrows.ql"
2022-10-04 10:59:39 +02:00
LabelInSwitch
Java: Add query to detect non-case labels in switch statements
2025-07-08 14:53:39 +02:00
LazyInitStaticField
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
lgtm-example-queries
Java: Rename ReturnStmt.getResult to getExpr.
2026-02-04 14:43:31 +01:00
Likely Bugs
Java: remove mention of abstract classes from qhelp
2025-03-23 19:51:37 -04:00
LShiftLargerThanTypeWidth
Java: Add new query for large left shifts and bugfix ConstantExpAppearsNonConstant.
2020-01-28 10:13:34 +01:00
maven-dependencies
Add .gitignore for VS Code Generated maven project files
2020-06-15 22:29:30 -04:00
Metrics
Java: Update expected test output.
2024-10-23 09:29:29 +02:00
MissedTernaryOpportunity
Java: Override toString() for statements
2021-06-03 16:27:35 +02:00
MissingCallToSuperClone
Java: fix javac errors in test code
2021-02-09 09:16:57 -05:00
MissingInstanceofInEquals
update alert-messsages of java queries
2022-09-26 12:15:25 +02:00
MissingOverrideAnnotation
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
MissingSpaceTypo
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
MissingVoidConstructorsOnSerializable
Spelling
2025-01-06 22:46:22 +01:00
MutualDependency
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
Naming
Java: Don't inherit methods from co-/contra-variant supertypes.
2018-11-13 14:56:22 +01:00
NonExplicitControlAndWhitespaceCharsInLiterals
Java: Add query to detect special characters in string literals
2025-07-08 13:28:18 +02:00
NonPrivateField
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
NonSerializableField
NonSerializableField: Accept test output changes
2022-06-16 17:34:56 +01:00
NonSerializableInnerClass
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
NonSynchronizedOverride
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
NotifyWithoutSynch
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
Nullness
Java: Add nullness test covering known FP.
2026-02-23 15:10:03 +01:00
NumberFormatException
Java: Minor fixups.
2018-10-25 14:30:40 +02:00
PartiallyMaskedCatch
update two more queries to better follow the style-guide
2022-10-01 10:59:59 +02:00
PointlessForwardingMethod
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
PrintLnArray
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
RandomUsedOnce
Add support for Commons-Lang's RandomUtils
2021-03-05 12:09:33 +00:00
RangeAnalysis
Java: Accept qltest change showing FP removal.
2025-06-26 11:03:39 +02:00
ReadOnlyContainer
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
ReturnValueIgnored
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
SafePublication
java: Inline expectation should have space before $
2026-03-04 13:11:33 +00:00
ScheduledThreadPoolExecutorZeroThread
Java: Add java/javautilconcurrentscheduledthreadpoolexecutor query for zero thread pool size
2025-06-23 12:52:45 +02:00
security
Java: reduce false positives in sensitive-log by expanding FP exclusion regex
2026-04-04 21:33:35 +08:00
SelfAssignment
update alert-messsages of java queries
2022-09-26 12:15:25 +02:00
SimplifyBoolExpr
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
SpuriousJavadocParam
Add test case
2024-04-09 12:41:32 -04:00
StartInConstructor
Java: note that classes with entirely private constructors can't be subclassed
2025-09-30 13:57:44 +01:00
StaticArray
update expected output of tests
2022-08-22 21:41:47 +02:00
StringComparison
Java: Make Assignment extend BinaryExpr.
2026-03-05 11:31:59 +01:00
StringFormat
Java 16: adjust test options
2021-03-21 12:55:25 -04:00
StringReplaceAllWithNonRegex
Add test showing correct usage
2025-05-22 14:30:32 +01:00
Stubs
Fix stub generator
2022-10-03 14:43:58 +02:00
SuspiciousDateFormat
Java: Add a test for java/suspicious-date-format.
2020-01-27 11:57:59 +00:00
SynchSetUnsynchGet
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
Telemetry
Java: Update SupportedExternalApi expected test output.
2024-04-26 12:39:46 +02:00
ThreadSafe
java: Inline expectation should have space before $
2026-03-04 13:11:33 +00:00
TypeMismatch
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
UnreadLocal
update expected output of tests
2022-08-22 21:41:47 +02:00
UnreleasedLock
Add test for *Pool exclusion
2026-01-27 15:38:29 +00:00
UseBraces
Java: Adjust toString() for statements
2021-06-03 16:27:36 +02:00
UselessComparisonTest
Java: Accept removal of spurious reason (the alert stays).
2026-02-23 15:09:59 +01:00
UselessNullCheck
update alert-messsages of java queries
2022-09-26 12:15:25 +02:00
UselessUpcast
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
VisibleForTestingAbuse
Java: Add lambda-aware test detection to VisibleForTesting query
2025-08-24 10:02:43 +00:00
WhitespaceContradictsPrecedence
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
WriteOnlyContainer
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
WrongNanComparison
update alert-messsages of java queries
2022-09-26 12:15:25 +02:00