Update change note; drop unnecessary import

smowton · smowton · commit cb4ce36d3c83 · 2021-09-30T15:00:13.000+01:00
diff --git a/java/change-notes/2021-05-24-hardcoded-shiro-key-in-api-call.md b/java/change-notes/2021-05-24-hardcoded-shiro-key-in-api-call.md
@@ -1,2 +1,3 @@
 lgtm,codescanning
 * The query "Hard-coded credential in API call" (`java/hardcoded-credential-api-call`) can now detect a hard-coded Apache Shiro cipher key.
+* The query "Hard-coded credential in API call" (`java/hardcoded-credential-api-call`) now detected hard-coded credentials that are Base64 encoded or decoded before use.
diff --git a/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql b/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql
@@ -14,7 +14,6 @@ import java
 import semmle.code.java.dataflow.DataFlow
 import HardcodedCredentials
 import DataFlow::PathGraph
-import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 
 class HardcodedCredentialApiCallConfiguration extends DataFlow::Configuration {
   HardcodedCredentialApiCallConfiguration() { this = "HardcodedCredentialApiCallConfiguration" }

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
`1`	`1`	`lgtm,codescanning`
`2`	`2`	* The query "Hard-coded credential in API call" (`java/hardcoded-credential-api-call`) can now detect a hard-coded Apache Shiro cipher key.
	`3`	+* The query "Hard-coded credential in API call" (`java/hardcoded-credential-api-call`) now detected hard-coded credentials that are Base64 encoded or decoded before use.