Merge pull request #9127 from atorralba/atorralba/sensitive-info-log-improvs

Java: Sensitive Info Log query improvements
2026-04-25 16:55:19 +02:00 · 2022-05-13 16:57:32 +02:00
parent 4e9706470d b9f3b3bd37
commit 168a184602
3 changed files with 24 additions and 6 deletions
--- a/java/ql/test/query-tests/security/CWE-532/Test.java
+++ b/java/ql/test/query-tests/security/CWE-532/Test.java
@@ -5,12 +5,18 @@ class Test {
        Logger logger = null;

        logger.info("User's password is: " + password); // $ hasTaintFlow
-    }   
+    }

    void test2(String authToken) {
        Logger logger = null;

-        logger.error("Auth failed for: " + authToken); // $ hasTaintFlow 
+        logger.error("Auth failed for: " + authToken); // $ hasTaintFlow
    }

-}
+    void test3(String username) {
+        Logger logger = null;
+
+        logger.error("Auth failed for: " + username); // Safe
+    }
+
+}