remove url from sensitive info regex

2025-12-24 04:36:35 +01:00 · 2022-03-04 10:37:05 +00:00
parent 4ad402f33f
commit 6c05f7a81a
1 changed files with 3 additions and 3 deletions
--- a/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql
+++ b/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql
@@ -1,7 +1,7 @@
 /**
 * @name Insertion of sensitive information into log files
- * @description Writing sensitive information to log files can give valuable
- *              guidance to an attacker or expose sensitive user information.
+ * @description Writing sensitive information to log files can allow that
+ *              information to be leaked to an attacker more easily.
 * @kind path-problem
 * @problem.severity warning
 * @precision medium
@@ -20,7 +20,7 @@ import PathGraph
 /**
 * Gets a regular expression for matching names of variables that indicate the value being held may contain sensitive information
 */
-private string getACredentialRegex() { result = "(?i)(.*username|url).*" }
+private string getACredentialRegex() { result = "(?i).*username.*" }

 /** Variable keeps sensitive information judging by its name * */
 class CredentialExpr extends Expr {