Exclude some queries from query suites by lowering their precision. #19507
+50
−36
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
michaelnebel
force-pushed
the
removehardcodedpassword
branch
from
e8a4b9f to
dabeddb
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR lowers the precision of several hardcoded credentials queries across Java, Go, and C#, excludes them from all query suites, and updates the corresponding integration-test expectations and change notes.
- Lowered precision from medium to low for hardcoded credential queries in Java, Go, and C#.
- Removed these queries from all query-suite expected listings and added them to
not_included_in_qls.expected. - Added change notes in Java, Go, and C# to document the removals.
Reviewed Changes
Copilot reviewed 41 out of 41 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| javascript/ql/integration-tests/query-suite/*.qls.expected | Removed HardcodedCredentials entries from JS query suites |
| java/ql/src/change-notes/2025-05-16-hardcoded-credentials.md | Added note for removed Java hardcoded-credential-api-call query |
| java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql | Lowered precision from medium to low |
| java/ql/integration-tests/java/query-suite/*.expected | Updated not_included_in_qls.expected, removed from suites |
| go/ql/src/change-notes/2025-05-16-hardcoded-credentials.md | Added note for removed Go hardcoded-credentials query |
| go/ql/src/Security/CWE-798/HardcodedCredentials.ql | Lowered precision from medium to low |
| go/ql/integration-tests/query-suite/*.expected | Updated not_included_in_qls.expected, removed from suites |
| csharp/ql/src/change-notes/2025-05-16-hardcoded-credentials.md | Added note for removed C# credential-related queries |
| csharp/ql/src/Security Features/CWE-798/*.ql | Lowered precision from medium to low |
| csharp/ql/integration-tests/posix/query-suite/*.expected | Updated not_included_in_qls.expected, removed from suites |
Comments suppressed due to low confidence (2)
javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql:7
- The JavaScript HardcodedCredentials query still has
@precision medium—it should be lowered to@precision lowto match the updates in other languages.
* @precision medium
aschackmull
approved these changes
May 19, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The linked issue describes why the precisions are lowered (and it also includes a list of specific query IDs).
The failing integrationtests are unrelated.