JS: remove check for test-environment in js/clear-text-logging

2026-04-30 19:26:02 +02:00 · 2018-08-20 12:22:17 +02:00
parent 3636708d30
commit 2b9f5c3fa2
3 changed files with 11 additions and 23 deletions
--- a/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
@@ -11,7 +11,12 @@
 | passwords.js:29:17:29:20 | obj3 | Sensitive data returned by $@ is logged here. | passwords.js:30:14:30:21 | password | an access to password |
 | passwords.js:78:17:78:38 | temp.en ... assword | Sensitive data returned by $@ is logged here. | passwords.js:77:37:77:53 | req.body.password | an access to password |
 | passwords.js:81:17:81:31 | `pw: ${secret}` | Sensitive data returned by $@ is logged here. | passwords.js:80:18:80:25 | password | an access to password |
+| passwords.js:93:21:93:46 | "Passwo ... assword | Sensitive data returned by $@ is logged here. | passwords.js:93:39:93:46 | password | an access to password |
+| passwords.js:98:21:98:46 | "Passwo ... assword | Sensitive data returned by $@ is logged here. | passwords.js:98:39:98:46 | password | an access to password |
+| passwords.js:105:21:105:46 | "Passwo ... assword | Sensitive data returned by $@ is logged here. | passwords.js:105:39:105:46 | password | an access to password |
+| passwords.js:110:21:110:46 | "Passwo ... assword | Sensitive data returned by $@ is logged here. | passwords.js:110:39:110:46 | password | an access to password |
 | passwords.js:114:25:114:50 | "Passwo ... assword | Sensitive data returned by $@ is logged here. | passwords.js:114:43:114:50 | password | an access to password |
+| passwords.js:119:21:119:46 | "Passwo ... assword | Sensitive data returned by $@ is logged here. | passwords.js:119:39:119:46 | password | an access to password |
 | passwords.js:122:17:122:49 | name +  ... tring() | Sensitive data returned by $@ is logged here. | passwords.js:122:31:122:38 | password | an access to password |
 | passwords.js:123:17:123:48 | name +  ... lueOf() | Sensitive data returned by $@ is logged here. | passwords.js:123:31:123:38 | password | an access to password |
 | passwords_in_server_1.js:6:13:6:20 | password | Sensitive data returned by $@ is logged here. | passwords_in_server_1.js:6:13:6:20 | password | an access to password |
--- a/javascript/ql/test/query-tests/Security/CWE-312/passwords.js
+++ b/javascript/ql/test/query-tests/Security/CWE-312/passwords.js
@@ -90,24 +90,24 @@
    console.log("Password is: " + redact('password', password));

    if (environment.isTestEnv()) {
-        console.log("Password is: " + password); // OK
+        console.log("Password is: " + password); // OK, but still flagged
    }

    if (environment.is(TEST)) {
        // NB: for security reasons, we only log passwords in test environments
-        console.log("Password is: " + password); // OK
+        console.log("Password is: " + password); // OK, but still flagged
    }


    if (x.test(y)) {
        f();
        // ...
-        console.log("Password is: " + password); // NOT OK, but not flagged
+        console.log("Password is: " + password); // NOT OK
        // ...
    }

    if (environment.isTestEnv())
-        console.log("Password is: " + password); // OK
+        console.log("Password is: " + password); // OK, but still flagged

    if (x.test(y)) {
        if (f()) {
@@ -116,7 +116,7 @@
    }

    if (!environment.isProduction()) {
-        console.log("Password is: " + password); // OK
+        console.log("Password is: " + password); // OK, but still flagged
    }

    console.log(name + ", " + password.toString()); // NOT OK