Ruby: add a test case for cleartext logging that uses NonCleartextPasswordFlow

2026-05-05 13:45:19 +02:00 · 2022-02-10 11:25:15 +00:00
parent 83a3808bbe
commit 7c1bd9a533
1 changed files with 9 additions and 0 deletions
--- a/ruby/ql/test/query-tests/security/cwe-312/logging.rb
+++ b/ruby/ql/test/query-tests/security/cwe-312/logging.rb
@@ -82,3 +82,12 @@ end
 password_arg = "65f2950df2f0e2c38d7ba2ccca767291"
 foo(password_arg, stdout_logger)
 foo("65f2950df2f0e2c38d7ba2ccca767292", stdout_logger)
+
+def redact(password)
+  "***"
+end
+
+password_r1 = redact("65f2950df2f0e2c38d7ba2ccca767291")
+password_r2 = password_r1
+# GOOD: password_r2 has been redacted
+stdout_logger.info password_r2