fix example in clear-text-logging qhelp to actually be bad

2026-02-19 08:23:45 +01:00 · 2025-01-27 11:31:28 +01:00
parent 10f55133fe
commit 37a1727043
4 changed files with 11 additions and 2 deletions
--- a/javascript/ql/src/Security/CWE-312/examples/CleartextLogging.js
+++ b/javascript/ql/src/Security/CWE-312/examples/CleartextLogging.js
@@ -1,2 +1,2 @@
 // BAD: Logging cleartext sensitive data
-console.info(`[INFO] Environment: ${process.env}`);
+console.info(`[INFO] Environment: ${JSON.stringify(process.env)}`);
--- a/javascript/ql/src/Security/CWE-312/examples/CleartextLoggingGood.js
+++ b/javascript/ql/src/Security/CWE-312/examples/CleartextLoggingGood.js
@@ -1,3 +1,3 @@
 let not_sensitive_data = { a: 1, b : 2} 
 // GOOD: it is fine to log data that is not sensitive
-console.info(`[INFO] Some object contains: ${not_sensitive_data}`);
+console.info(`[INFO] Some object contains: ${JSON.stringify(not_sensitive_data)}`);