hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Stop considering usernames sensitive info

Browse Source 
Require variables to be static to be considered constants
This commit is contained in:
Tony Torralba
2022-05-12 11:46:52 +02:00
parent e8972b814f
commit 5db8306fef
3 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
java/ql/test/query-tests/security/CWE-532/Test.java
View File

@@ -5,12 +5,18 @@ class Test {
Logger logger = null;
logger.info("User's password is: " + password); // $ hasTaintFlow
}
}
void test2(String authToken) {
Logger logger = null;
logger.error("Auth failed for: " + authToken); // $ hasTaintFlow
logger.error("Auth failed for: " + authToken); // $ hasTaintFlow
}
}
void test3(String username) {
Logger logger = null;
logger.error("Auth failed for: " + username); // Safe
}
}