Factor out matching sensitive variable name FPs

java/ql/lib/semmle/code/java/security/SensitiveActions.qll

@@ -28,13 +28,23 @@ private string nonSuspicious() {
 }
 
 /**
- * Gets a regular expression for matching common names of variables that indicate the value being held contains sensitive information.
+ * Gets a regular expression for matching common names of variables that
+ * indicate the value being held contains sensitive information.
  */
 string getCommonSensitiveInfoRegex() {
   result = "(?i).*(challenge|pass(wd|word|code|phrase))(?!.*question).*" or
   result = "(?i).*(token|secret).*"
 }
 
+/**
+ * Gets a regular expression for matching common names of variables that
+ * indicate the value being held does not contains sensitive information,
+ * but is a false positive for `getCommonSensitiveInfoRegex`.
+ *
+ * - "tokenImage" appears in parser code generated by JavaCC.
+ */
+string getCommonSensitiveInfoFPRegex() { result = "(?i).*(null).*" or result = "tokenImage" }
+
 /** An expression that might contain sensitive data. */
 abstract class SensitiveExpr extends Expr { }
 

java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll

@@ -15,8 +15,7 @@ class VariableWithSensitiveName extends Variable {
   VariableWithSensitiveName() {
     exists(string name | name = this.getName() |
       name.regexpMatch(getCommonSensitiveInfoRegex()) and
-      not name.regexpMatch("(?i).*null.*") and
-      name != "tokenImage" // appears in parser code generated by JavaCC
+      not name.regexpMatch(getCommonSensitiveInfoFPRegex())
     )
   }
 }