hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 19:29:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
20cfe291995f1631f9672a8f19aab75a7bfbf511
codeql/java/ql/test/query-tests/security
History
MarkLee131 20cfe29199 Java: reduce false positives in sensitive-log by expanding FP exclusion regex 
The getCommonSensitiveInfoFPRegex() only excluded "null", "tokenizer", and
"tokenImage", causing widespread false positives for common non-sensitive
variable names containing "token" or "secret".

This adds exclusions for three categories:
- Pagination/iteration tokens: nextToken (AWS SDK), pageToken (GCP),
  continuationToken (Azure), etc.
- Token metadata: tokenType (OAuth), tokenEndpoint (OIDC), tokenCount,
  tokenIndex, tokenLength, tokenUrl, etc.
- Secret metadata: secretName (K8s/AWS), secretId (Azure),
  secretVersion, secretArn, secretPath, etc.

All truly sensitive variable names (accessToken, clientSecret, secretKey,
refreshToken, etc.) remain correctly flagged.
2026-04-04 21:33:35 +08:00
..
CWE-020
[TEST] Java: CWE-020/ExternalAPI: new test based on qhelp
2025-07-17 18:58:52 +02:00
CWE-022/semmle/tests
Java: Convert TaintedPath test to .qlref
2025-06-24 16:41:35 +02:00
CWE-023/semmle/tests
Java: convert PartialPathTraversalFromRemote test to .qlref
2025-06-24 16:41:39 +02:00
CWE-074
Java: convert XsltInjection test to .qlref
2025-06-24 16:41:43 +02:00
CWE-078
Java: Inline expectation should have space after $
2026-03-04 12:44:54 +00:00
CWE-079/semmle/tests
Java: convert XSS test to .qlref
2025-06-24 16:41:46 +02:00
CWE-089/semmle/examples
Improve model for CWE-089
2026-01-13 21:48:43 +01:00
CWE-090
Java: rename springframework stubs directory from 5.3.8 to 5.8.x
2025-03-11 15:20:58 -04:00
CWE-094
Java: convert ArbitraryApkInstallation test to .qlref
2025-06-26 13:22:05 +02:00
CWE-113/semmle/tests
Java: Update all test util paths to point to the new location.
2024-12-12 13:21:25 +01:00
CWE-117
Update test results (remove SPURIOUS annotations)
2026-02-16 12:03:02 +00:00
CWE-129/semmle/tests
Java: Update all test util paths to point to the new location.
2024-12-12 13:21:25 +01:00
CWE-134/semmle/tests
Java: Update all test util paths to point to the new location.
2024-12-12 13:21:25 +01:00
CWE-190/semmle/tests
Address review: update QLDoc comment and fix expected test output
2026-03-29 11:53:06 +08:00
CWE-200/semmle/tests
Java: Inline expectation should have space after $
2026-03-04 12:44:54 +00:00
CWE-209/semmle/tests
Now alerts about exposing exception.getMessage() in servlet responses are split out of java/stack-trace-exposure into its own alert java/error-message-exposure because this is a better fit.
2024-07-25 18:12:45 +02:00
CWE-266
Java: convert IntentUriPermissionManipulation test to .qlref
2025-06-24 16:41:58 +02:00
CWE-273
[TEST] Java: UnsafeCertTrust: convert test to qlref
2025-07-17 18:58:56 +02:00
CWE-287
Java: Inline expectation should have space after $
2026-03-04 12:44:54 +00:00
CWE-295
Java: Inline expectation should have space after $
2026-03-04 12:44:54 +00:00
CWE-297
Java: Inline expectation should have space after $
2026-03-04 12:44:54 +00:00
CWE-311
Java: Update all test util paths to point to the new location.
2024-12-12 13:21:25 +01:00
CWE-312
Java: Inline expectation should have space after $
2026-03-04 12:44:54 +00:00
CWE-326
Java: convert InsufficientKeySize test to .qlref
2025-06-24 16:42:02 +02:00
CWE-327/semmle/tests
Address PR review: add Signature.getInstance sink, HMAC/PBKDF2 whitelist, fix test APIs
2026-03-28 16:53:46 +08:00
CWE-330
Java: convert InsecureRandomness test to .qlref
2025-06-24 16:42:04 +02:00
CWE-335/semmle/tests
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
CWE-338/semmle/tests
Update JHipster CodeQL query from code review
2020-10-01 15:38:56 -04:00
CWE-347
Java: convert MissingJWTSignatureCheck test to .qlref
2025-06-24 16:42:06 +02:00
CWE-352
Java: rename springframework stubs directory from 5.3.8 to 5.8.x
2025-03-11 15:20:58 -04:00
CWE-367/semmle/tests
Fix test output
2025-03-14 11:44:00 +00:00
CWE-421/semmle
Java: fix javac errors in test code
2021-02-09 09:16:57 -05:00
CWE-441
Java: convert UnsafeContentUriResolution test to .qlref
2025-06-24 16:42:08 +02:00
CWE-470
Java: convert FragmentInjection test to .qlref
2025-06-24 16:42:10 +02:00
CWE-489
Java: convert WebviewDebuggingEnabled test to .qlref
2025-06-24 16:42:12 +02:00
CWE-501
[TEST] Java: TrustBoundaryViolations: convert test to qlref
2025-07-17 18:58:59 +02:00
CWE-502
Use MaD models for unsafe deserialization sinks when possible
2025-07-16 14:42:07 +01:00
CWE-522
Java: convert CWE-522 tests to .qlref
2025-06-24 16:42:17 +02:00
CWE-524
Add space before $ in xml test file
2026-03-04 15:03:24 +00:00
CWE-532
Java: reduce false positives in sensitive-log by expanding FP exclusion regex
2026-04-04 21:33:35 +08:00
CWE-552
Java: convert UrlForward test to .qlref
2025-06-24 16:42:19 +02:00
CWE-601/semmle/tests
Java: Update all test util paths to point to the new location.
2024-12-12 13:21:25 +01:00
CWE-611
Update test expectations
2025-07-16 15:25:45 +01:00
CWE-643
Java: convert XPathInjection test to .qlref
2025-06-24 16:42:23 +02:00
CWE-676/semmle/tests
Migrate Java code to separate QL repo.
2018-08-30 10:48:05 +01:00
CWE-681/semmle/tests
Java: Update all test util paths to point to the new location.
2024-12-12 13:21:25 +01:00
CWE-730
Java: convert PolynomialReDoS and RegexInjection tests to .qlref
2025-06-24 16:42:26 +02:00
CWE-732/semmle/tests
update alert-messsages of java queries
2022-09-26 12:15:25 +02:00
CWE-749
Java: Inline expectation should have space after $
2026-03-04 12:44:54 +00:00
CWE-780
Java: convert RsaWithoutOaep test to .qlref
2025-06-24 16:42:28 +02:00
CWE-798/semmle/tests
Update java/ql/test/query-tests/security/CWE-798/semmle/tests/HardcodedCouchBaseCredentials.java
2026-01-14 11:50:52 +01:00
CWE-807/semmle/tests
[TEST] Java: ConditionalBypass: convert to qlref
2025-07-17 18:59:03 +02:00
CWE-829/semmle/tests
Handle disabled Maven repositories
2022-11-21 10:11:57 +01:00
CWE-833/semmle/tests
Java: accept changes in expected output
2021-02-09 09:17:35 -05:00
CWE-835/semmle/tests
Java: Adjust toString() for statements
2021-06-03 16:27:36 +02:00
CWE-917
Java: convert OgnlInjection test to .qlref
2025-06-24 16:42:30 +02:00
CWE-918
Update models in test output
2026-03-05 13:32:52 +00:00
CWE-925
Java: convert ImproperIntentVerification test to .qlref
2025-06-24 16:42:35 +02:00
CWE-926
Java: Update all test util paths to point to the new location.
2024-12-12 13:21:25 +01:00
CWE-927
Java: Inline expectation should have space after $
2026-03-04 12:44:54 +00:00
CWE-940
Java: Update all test util paths to point to the new location.
2024-12-12 13:21:25 +01:00
CWE-1004
Java: Inline expectation should have space after $
2026-03-04 12:44:54 +00:00
CWE-1104/semmle/tests
Fix typo in test output
2021-02-22 13:26:51 -05:00
CWE-1204
Java: Inline expectation should have space after $
2026-03-04 12:44:54 +00:00