Add JBoss BasicLogger and SciJava Logger

luchua-bc · luchua-bc · commit d6e9b07a9ea8 · 2020-07-03T22:34:48.000Z
diff --git a/java/ql/src/experimental/CWE-532/SensitiveInfoLog.ql b/java/ql/src/experimental/CWE-532/SensitiveInfoLog.ql
@@ -31,10 +31,12 @@ class CredentialExpr extends Expr {
 class LoggerType extends RefType {
   LoggerType() {
     this.hasQualifiedName("org.apache.log4j", "Category") or //Log4J
-    this.hasQualifiedName("org.apache.logging.log4j", "Logger") or //Log4j 2
+    this.hasQualifiedName("org.apache.logging.log4j", "Logger") or //Log4J 2
     this.hasQualifiedName("org.slf4j", "Logger") or //SLF4j and Gradle Logging
-    this.hasQualifiedName("org.jboss.logging", "Logger") or //JBoss Logging
-    this.hasQualifiedName("org.apache.commons.logging", "Log") //Apache Commons Logging
+    this.hasQualifiedName("org.jboss.logging", "BasicLogger") or //JBoss Logging
+    this.hasQualifiedName("org.jboss.logging", "Logger") or //JBoss Logging (`org.jboss.logging.Logger` in some implementations like JBoss Application Server 4.0.4 did not implement `BasicLogger`)
+    this.hasQualifiedName("org.apache.commons.logging", "Log") or //Apache Commons Logging
+    this.hasQualifiedName("org.scijava.log", "Logger") //SciJava Logging
   }
 }
 
