codeql icon indicating copy to clipboard operation
codeql copied to clipboard

Published 20 hours ago verified publisher icon github

Java: Diff-informed CleartextStorageCookie.ql

Open jbj opened this issue 4 months ago • 0 comments
trafficstars

I picked this commit out of #17846 because it doesn't rely on any of the controversial API changes that are holding back that PR. It appears there are no tests for CleartextStorageCookie.ql.

This query shares implementation with several other queries about cleartext storage, but it's the only one of them that's in the code-scanning suite. The sharing mechanism remains the same as before, but now each query has to override getASelectedLocation to become diff-informed.

Two other data-flow configurations are used in this query, but they can't easily be made diff-informed.

jbj avatar Jun 23 '25 11:06 jbj