diff --git a/go/ql/src/InconsistentCode/MissingErrorCheck.ql b/go/ql/src/InconsistentCode/MissingErrorCheck.ql index 171f17a9c99..d2021517267 100644 --- a/go/ql/src/InconsistentCode/MissingErrorCheck.ql +++ b/go/ql/src/InconsistentCode/MissingErrorCheck.ql @@ -116,5 +116,5 @@ where // `deref` dereferences `ptr` deref.getOperand() = ptr.getAUse() select deref.getOperand(), - ptr.getSourceVariable() + " may be nil at this location, because $@ may not have been checked.", - err, err.getSourceVariable().toString() + "$@ may be nil at this dereference because $@ may not have been checked.", ptr, + ptr.getSourceVariable().toString(), err, err.getSourceVariable().toString() diff --git a/go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql b/go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql index 4272d1cc27e..fdd83673b74 100644 --- a/go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql +++ b/go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql @@ -110,4 +110,4 @@ from Config c, DataFlow::PathNode source, DataFlow::PathNode sink, string hostPa where c.hasFlowPath(source, sink) and c.isSource(source.getNode(), hostPart) select source, source, sink, "This regular expression has an unescaped dot before '" + hostPart + "', " + - "so it might match more hosts than expected when used $@.", sink, "here" + "so it might match more hosts than expected when $@.", sink, "the regular expression is used" diff --git a/go/ql/src/Security/CWE-209/StackTraceExposure.ql b/go/ql/src/Security/CWE-209/StackTraceExposure.ql index bd649b272f1..1367dbd689b 100644 --- a/go/ql/src/Security/CWE-209/StackTraceExposure.ql +++ b/go/ql/src/Security/CWE-209/StackTraceExposure.ql @@ -77,5 +77,5 @@ class StackTraceExposureConfig extends TaintTracking::Configuration { from StackTraceExposureConfig cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasFlowPath(source, sink) select sink.getNode(), source, sink, - "$@ flows to this location and may be exposed to an external user.", source.getNode(), + "$@ flows to a HTTP response and may be exposed to an external user.", source.getNode(), "Stack trace information" diff --git a/go/ql/src/Security/CWE-312/CleartextLogging.ql b/go/ql/src/Security/CWE-312/CleartextLogging.ql index 4b742fdedc6..52e09051dd8 100644 --- a/go/ql/src/Security/CWE-312/CleartextLogging.ql +++ b/go/ql/src/Security/CWE-312/CleartextLogging.ql @@ -19,5 +19,5 @@ import DataFlow::PathGraph from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "$@ is logged at this location.", source.getNode(), +select sink.getNode(), source, sink, "$@ flows to a logging call.", source.getNode(), "Sensitive data returned by " + source.getNode().(Source).describe() diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected index 1d747021f7d..6056f572d7c 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected @@ -36,37 +36,37 @@ nodes | test.go:180:16:180:23 | password | semmle.label | password | subpaths #select -| test.go:147:14:147:21 | password | test.go:147:14:147:21 | password | test.go:147:14:147:21 | password | $@ is logged at this location. | test.go:147:14:147:21 | password | Sensitive data returned by an access to password | -| test.go:148:17:148:24 | password | test.go:148:17:148:24 | password | test.go:148:17:148:24 | password | $@ is logged at this location. | test.go:148:17:148:24 | password | Sensitive data returned by an access to password | -| test.go:149:14:149:21 | password | test.go:149:14:149:21 | password | test.go:149:14:149:21 | password | $@ is logged at this location. | test.go:149:14:149:21 | password | Sensitive data returned by an access to password | -| test.go:150:18:150:25 | password | test.go:150:18:150:25 | password | test.go:150:18:150:25 | password | $@ is logged at this location. | test.go:150:18:150:25 | password | Sensitive data returned by an access to password | -| test.go:151:14:151:21 | password | test.go:151:14:151:21 | password | test.go:151:14:151:21 | password | $@ is logged at this location. | test.go:151:14:151:21 | password | Sensitive data returned by an access to password | -| test.go:152:13:152:20 | password | test.go:152:13:152:20 | password | test.go:152:13:152:20 | password | $@ is logged at this location. | test.go:152:13:152:20 | password | Sensitive data returned by an access to password | -| test.go:153:22:153:29 | password | test.go:153:22:153:29 | password | test.go:153:22:153:29 | password | $@ is logged at this location. | test.go:153:22:153:29 | password | Sensitive data returned by an access to password | -| test.go:154:15:154:22 | password | test.go:154:15:154:22 | password | test.go:154:15:154:22 | password | $@ is logged at this location. | test.go:154:15:154:22 | password | Sensitive data returned by an access to password | -| test.go:155:14:155:21 | password | test.go:155:14:155:21 | password | test.go:155:14:155:21 | password | $@ is logged at this location. | test.go:155:14:155:21 | password | Sensitive data returned by an access to password | -| test.go:156:13:156:20 | password | test.go:156:13:156:20 | password | test.go:156:13:156:20 | password | $@ is logged at this location. | test.go:156:13:156:20 | password | Sensitive data returned by an access to password | -| test.go:157:16:157:23 | password | test.go:157:16:157:23 | password | test.go:157:16:157:23 | password | $@ is logged at this location. | test.go:157:16:157:23 | password | Sensitive data returned by an access to password | -| test.go:158:13:158:20 | password | test.go:158:13:158:20 | password | test.go:158:13:158:20 | password | $@ is logged at this location. | test.go:158:13:158:20 | password | Sensitive data returned by an access to password | -| test.go:159:16:159:23 | password | test.go:159:16:159:23 | password | test.go:159:16:159:23 | password | $@ is logged at this location. | test.go:159:16:159:23 | password | Sensitive data returned by an access to password | -| test.go:160:13:160:20 | password | test.go:160:13:160:20 | password | test.go:160:13:160:20 | password | $@ is logged at this location. | test.go:160:13:160:20 | password | Sensitive data returned by an access to password | -| test.go:161:17:161:24 | password | test.go:161:17:161:24 | password | test.go:161:17:161:24 | password | $@ is logged at this location. | test.go:161:17:161:24 | password | Sensitive data returned by an access to password | -| test.go:162:13:162:20 | password | test.go:162:13:162:20 | password | test.go:162:13:162:20 | password | $@ is logged at this location. | test.go:162:13:162:20 | password | Sensitive data returned by an access to password | -| test.go:163:12:163:19 | password | test.go:163:12:163:19 | password | test.go:163:12:163:19 | password | $@ is logged at this location. | test.go:163:12:163:19 | password | Sensitive data returned by an access to password | -| test.go:164:21:164:28 | password | test.go:164:21:164:28 | password | test.go:164:21:164:28 | password | $@ is logged at this location. | test.go:164:21:164:28 | password | Sensitive data returned by an access to password | -| test.go:165:14:165:21 | password | test.go:165:14:165:21 | password | test.go:165:14:165:21 | password | $@ is logged at this location. | test.go:165:14:165:21 | password | Sensitive data returned by an access to password | -| test.go:166:13:166:20 | password | test.go:166:13:166:20 | password | test.go:166:13:166:20 | password | $@ is logged at this location. | test.go:166:13:166:20 | password | Sensitive data returned by an access to password | -| test.go:167:12:167:19 | password | test.go:167:12:167:19 | password | test.go:167:12:167:19 | password | $@ is logged at this location. | test.go:167:12:167:19 | password | Sensitive data returned by an access to password | -| test.go:168:15:168:22 | password | test.go:168:15:168:22 | password | test.go:168:15:168:22 | password | $@ is logged at this location. | test.go:168:15:168:22 | password | Sensitive data returned by an access to password | -| test.go:169:15:169:22 | password | test.go:169:15:169:22 | password | test.go:169:15:169:22 | password | $@ is logged at this location. | test.go:169:15:169:22 | password | Sensitive data returned by an access to password | -| test.go:170:18:170:25 | password | test.go:170:18:170:25 | password | test.go:170:18:170:25 | password | $@ is logged at this location. | test.go:170:18:170:25 | password | Sensitive data returned by an access to password | -| test.go:171:15:171:22 | password | test.go:171:15:171:22 | password | test.go:171:15:171:22 | password | $@ is logged at this location. | test.go:171:15:171:22 | password | Sensitive data returned by an access to password | -| test.go:172:19:172:26 | password | test.go:172:19:172:26 | password | test.go:172:19:172:26 | password | $@ is logged at this location. | test.go:172:19:172:26 | password | Sensitive data returned by an access to password | -| test.go:173:15:173:22 | password | test.go:173:15:173:22 | password | test.go:173:15:173:22 | password | $@ is logged at this location. | test.go:173:15:173:22 | password | Sensitive data returned by an access to password | -| test.go:174:14:174:21 | password | test.go:174:14:174:21 | password | test.go:174:14:174:21 | password | $@ is logged at this location. | test.go:174:14:174:21 | password | Sensitive data returned by an access to password | -| test.go:175:23:175:30 | password | test.go:175:23:175:30 | password | test.go:175:23:175:30 | password | $@ is logged at this location. | test.go:175:23:175:30 | password | Sensitive data returned by an access to password | -| test.go:176:16:176:23 | password | test.go:176:16:176:23 | password | test.go:176:16:176:23 | password | $@ is logged at this location. | test.go:176:16:176:23 | password | Sensitive data returned by an access to password | -| test.go:177:15:177:22 | password | test.go:177:15:177:22 | password | test.go:177:15:177:22 | password | $@ is logged at this location. | test.go:177:15:177:22 | password | Sensitive data returned by an access to password | -| test.go:178:14:178:21 | password | test.go:178:14:178:21 | password | test.go:178:14:178:21 | password | $@ is logged at this location. | test.go:178:14:178:21 | password | Sensitive data returned by an access to password | -| test.go:179:17:179:24 | password | test.go:179:17:179:24 | password | test.go:179:17:179:24 | password | $@ is logged at this location. | test.go:179:17:179:24 | password | Sensitive data returned by an access to password | -| test.go:180:16:180:23 | password | test.go:180:16:180:23 | password | test.go:180:16:180:23 | password | $@ is logged at this location. | test.go:180:16:180:23 | password | Sensitive data returned by an access to password | +| test.go:147:14:147:21 | password | test.go:147:14:147:21 | password | test.go:147:14:147:21 | password | $@ flows to a logging call. | test.go:147:14:147:21 | password | Sensitive data returned by an access to password | +| test.go:148:17:148:24 | password | test.go:148:17:148:24 | password | test.go:148:17:148:24 | password | $@ flows to a logging call. | test.go:148:17:148:24 | password | Sensitive data returned by an access to password | +| test.go:149:14:149:21 | password | test.go:149:14:149:21 | password | test.go:149:14:149:21 | password | $@ flows to a logging call. | test.go:149:14:149:21 | password | Sensitive data returned by an access to password | +| test.go:150:18:150:25 | password | test.go:150:18:150:25 | password | test.go:150:18:150:25 | password | $@ flows to a logging call. | test.go:150:18:150:25 | password | Sensitive data returned by an access to password | +| test.go:151:14:151:21 | password | test.go:151:14:151:21 | password | test.go:151:14:151:21 | password | $@ flows to a logging call. | test.go:151:14:151:21 | password | Sensitive data returned by an access to password | +| test.go:152:13:152:20 | password | test.go:152:13:152:20 | password | test.go:152:13:152:20 | password | $@ flows to a logging call. | test.go:152:13:152:20 | password | Sensitive data returned by an access to password | +| test.go:153:22:153:29 | password | test.go:153:22:153:29 | password | test.go:153:22:153:29 | password | $@ flows to a logging call. | test.go:153:22:153:29 | password | Sensitive data returned by an access to password | +| test.go:154:15:154:22 | password | test.go:154:15:154:22 | password | test.go:154:15:154:22 | password | $@ flows to a logging call. | test.go:154:15:154:22 | password | Sensitive data returned by an access to password | +| test.go:155:14:155:21 | password | test.go:155:14:155:21 | password | test.go:155:14:155:21 | password | $@ flows to a logging call. | test.go:155:14:155:21 | password | Sensitive data returned by an access to password | +| test.go:156:13:156:20 | password | test.go:156:13:156:20 | password | test.go:156:13:156:20 | password | $@ flows to a logging call. | test.go:156:13:156:20 | password | Sensitive data returned by an access to password | +| test.go:157:16:157:23 | password | test.go:157:16:157:23 | password | test.go:157:16:157:23 | password | $@ flows to a logging call. | test.go:157:16:157:23 | password | Sensitive data returned by an access to password | +| test.go:158:13:158:20 | password | test.go:158:13:158:20 | password | test.go:158:13:158:20 | password | $@ flows to a logging call. | test.go:158:13:158:20 | password | Sensitive data returned by an access to password | +| test.go:159:16:159:23 | password | test.go:159:16:159:23 | password | test.go:159:16:159:23 | password | $@ flows to a logging call. | test.go:159:16:159:23 | password | Sensitive data returned by an access to password | +| test.go:160:13:160:20 | password | test.go:160:13:160:20 | password | test.go:160:13:160:20 | password | $@ flows to a logging call. | test.go:160:13:160:20 | password | Sensitive data returned by an access to password | +| test.go:161:17:161:24 | password | test.go:161:17:161:24 | password | test.go:161:17:161:24 | password | $@ flows to a logging call. | test.go:161:17:161:24 | password | Sensitive data returned by an access to password | +| test.go:162:13:162:20 | password | test.go:162:13:162:20 | password | test.go:162:13:162:20 | password | $@ flows to a logging call. | test.go:162:13:162:20 | password | Sensitive data returned by an access to password | +| test.go:163:12:163:19 | password | test.go:163:12:163:19 | password | test.go:163:12:163:19 | password | $@ flows to a logging call. | test.go:163:12:163:19 | password | Sensitive data returned by an access to password | +| test.go:164:21:164:28 | password | test.go:164:21:164:28 | password | test.go:164:21:164:28 | password | $@ flows to a logging call. | test.go:164:21:164:28 | password | Sensitive data returned by an access to password | +| test.go:165:14:165:21 | password | test.go:165:14:165:21 | password | test.go:165:14:165:21 | password | $@ flows to a logging call. | test.go:165:14:165:21 | password | Sensitive data returned by an access to password | +| test.go:166:13:166:20 | password | test.go:166:13:166:20 | password | test.go:166:13:166:20 | password | $@ flows to a logging call. | test.go:166:13:166:20 | password | Sensitive data returned by an access to password | +| test.go:167:12:167:19 | password | test.go:167:12:167:19 | password | test.go:167:12:167:19 | password | $@ flows to a logging call. | test.go:167:12:167:19 | password | Sensitive data returned by an access to password | +| test.go:168:15:168:22 | password | test.go:168:15:168:22 | password | test.go:168:15:168:22 | password | $@ flows to a logging call. | test.go:168:15:168:22 | password | Sensitive data returned by an access to password | +| test.go:169:15:169:22 | password | test.go:169:15:169:22 | password | test.go:169:15:169:22 | password | $@ flows to a logging call. | test.go:169:15:169:22 | password | Sensitive data returned by an access to password | +| test.go:170:18:170:25 | password | test.go:170:18:170:25 | password | test.go:170:18:170:25 | password | $@ flows to a logging call. | test.go:170:18:170:25 | password | Sensitive data returned by an access to password | +| test.go:171:15:171:22 | password | test.go:171:15:171:22 | password | test.go:171:15:171:22 | password | $@ flows to a logging call. | test.go:171:15:171:22 | password | Sensitive data returned by an access to password | +| test.go:172:19:172:26 | password | test.go:172:19:172:26 | password | test.go:172:19:172:26 | password | $@ flows to a logging call. | test.go:172:19:172:26 | password | Sensitive data returned by an access to password | +| test.go:173:15:173:22 | password | test.go:173:15:173:22 | password | test.go:173:15:173:22 | password | $@ flows to a logging call. | test.go:173:15:173:22 | password | Sensitive data returned by an access to password | +| test.go:174:14:174:21 | password | test.go:174:14:174:21 | password | test.go:174:14:174:21 | password | $@ flows to a logging call. | test.go:174:14:174:21 | password | Sensitive data returned by an access to password | +| test.go:175:23:175:30 | password | test.go:175:23:175:30 | password | test.go:175:23:175:30 | password | $@ flows to a logging call. | test.go:175:23:175:30 | password | Sensitive data returned by an access to password | +| test.go:176:16:176:23 | password | test.go:176:16:176:23 | password | test.go:176:16:176:23 | password | $@ flows to a logging call. | test.go:176:16:176:23 | password | Sensitive data returned by an access to password | +| test.go:177:15:177:22 | password | test.go:177:15:177:22 | password | test.go:177:15:177:22 | password | $@ flows to a logging call. | test.go:177:15:177:22 | password | Sensitive data returned by an access to password | +| test.go:178:14:178:21 | password | test.go:178:14:178:21 | password | test.go:178:14:178:21 | password | $@ flows to a logging call. | test.go:178:14:178:21 | password | Sensitive data returned by an access to password | +| test.go:179:17:179:24 | password | test.go:179:17:179:24 | password | test.go:179:17:179:24 | password | $@ flows to a logging call. | test.go:179:17:179:24 | password | Sensitive data returned by an access to password | +| test.go:180:16:180:23 | password | test.go:180:16:180:23 | password | test.go:180:16:180:23 | password | $@ flows to a logging call. | test.go:180:16:180:23 | password | Sensitive data returned by an access to password | diff --git a/go/ql/test/query-tests/InconsistentCode/MissingErrorCheck/MissingErrorCheck.expected b/go/ql/test/query-tests/InconsistentCode/MissingErrorCheck/MissingErrorCheck.expected index 829db7c7f4e..b4bd7b815d5 100644 --- a/go/ql/test/query-tests/InconsistentCode/MissingErrorCheck/MissingErrorCheck.expected +++ b/go/ql/test/query-tests/InconsistentCode/MissingErrorCheck/MissingErrorCheck.expected @@ -1,2 +1,2 @@ -| tests.go:61:30:61:35 | result | result may be nil at this location, because $@ may not have been checked. | tests.go:59:10:59:12 | definition of err | err | -| tests.go:243:27:243:32 | result | result may be nil at this location, because $@ may not have been checked. | tests.go:241:10:241:12 | definition of err | err | +| tests.go:61:30:61:35 | result | $@ may be nil at this dereference because $@ may not have been checked. | tests.go:59:2:59:7 | definition of result | result | tests.go:59:10:59:12 | definition of err | err | +| tests.go:243:27:243:32 | result | $@ may be nil at this dereference because $@ may not have been checked. | tests.go:241:2:241:7 | definition of result | result | tests.go:241:10:241:12 | definition of err | err | diff --git a/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/IncompleteHostnameRegexp.expected b/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/IncompleteHostnameRegexp.expected index af16db3e0d5..f73dd03f976 100644 --- a/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/IncompleteHostnameRegexp.expected +++ b/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/IncompleteHostnameRegexp.expected @@ -7,6 +7,6 @@ nodes | main.go:44:15:44:39 | `https://www.example.com` | semmle.label | `https://www.example.com` | subpaths #select -| IncompleteHostnameRegexp.go:11:8:11:36 | "^((www\|beta).)?example.com/" : string | IncompleteHostnameRegexp.go:11:8:11:36 | "^((www\|beta).)?example.com/" : string | IncompleteHostnameRegexp.go:12:38:12:39 | re | This regular expression has an unescaped dot before ')?example.com', so it might match more hosts than expected when used $@. | IncompleteHostnameRegexp.go:12:38:12:39 | re | here | -| main.go:39:60:39:79 | "^test2.github.com$" | main.go:39:60:39:79 | "^test2.github.com$" | main.go:39:60:39:79 | "^test2.github.com$" | This regular expression has an unescaped dot before 'github.com', so it might match more hosts than expected when used $@. | main.go:39:60:39:79 | "^test2.github.com$" | here | -| main.go:44:15:44:39 | `https://www.example.com` | main.go:44:15:44:39 | `https://www.example.com` | main.go:44:15:44:39 | `https://www.example.com` | This regular expression has an unescaped dot before 'example.com', so it might match more hosts than expected when used $@. | main.go:44:15:44:39 | `https://www.example.com` | here | +| IncompleteHostnameRegexp.go:11:8:11:36 | "^((www\|beta).)?example.com/" : string | IncompleteHostnameRegexp.go:11:8:11:36 | "^((www\|beta).)?example.com/" : string | IncompleteHostnameRegexp.go:12:38:12:39 | re | This regular expression has an unescaped dot before ')?example.com', so it might match more hosts than expected when $@. | IncompleteHostnameRegexp.go:12:38:12:39 | re | the regular expression is used | +| main.go:39:60:39:79 | "^test2.github.com$" | main.go:39:60:39:79 | "^test2.github.com$" | main.go:39:60:39:79 | "^test2.github.com$" | This regular expression has an unescaped dot before 'github.com', so it might match more hosts than expected when $@. | main.go:39:60:39:79 | "^test2.github.com$" | the regular expression is used | +| main.go:44:15:44:39 | `https://www.example.com` | main.go:44:15:44:39 | `https://www.example.com` | main.go:44:15:44:39 | `https://www.example.com` | This regular expression has an unescaped dot before 'example.com', so it might match more hosts than expected when $@. | main.go:44:15:44:39 | `https://www.example.com` | the regular expression is used | diff --git a/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected b/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected index 40539582dda..b193c71ec15 100644 --- a/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected +++ b/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected @@ -5,4 +5,4 @@ nodes | test.go:17:10:17:12 | buf | semmle.label | buf | subpaths #select -| test.go:17:10:17:12 | buf | test.go:14:2:14:4 | definition of buf : slice type | test.go:17:10:17:12 | buf | $@ flows to this location and may be exposed to an external user. | test.go:14:2:14:4 | definition of buf | Stack trace information | +| test.go:17:10:17:12 | buf | test.go:14:2:14:4 | definition of buf : slice type | test.go:17:10:17:12 | buf | $@ flows to a HTTP response and may be exposed to an external user. | test.go:14:2:14:4 | definition of buf | Stack trace information | diff --git a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected index 1ab82c46fc6..b7aa675b58e 100644 --- a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected +++ b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected @@ -80,34 +80,34 @@ nodes | util.go:16:9:16:18 | selection of password : string | semmle.label | selection of password : string | subpaths #select -| klog.go:22:15:22:20 | header | klog.go:20:30:20:37 | selection of Header : Header | klog.go:22:15:22:20 | header | $@ is logged at this location. | klog.go:20:30:20:37 | selection of Header | Sensitive data returned by HTTP request headers | -| klog.go:28:13:28:41 | call to Get | klog.go:28:13:28:20 | selection of Header : Header | klog.go:28:13:28:41 | call to Get | $@ is logged at this location. | klog.go:28:13:28:20 | selection of Header | Sensitive data returned by HTTP request headers | -| main.go:15:14:15:21 | password | main.go:15:14:15:21 | password | main.go:15:14:15:21 | password | $@ is logged at this location. | main.go:15:14:15:21 | password | Sensitive data returned by an access to password | -| main.go:17:12:17:19 | password | main.go:17:12:17:19 | password | main.go:17:12:17:19 | password | $@ is logged at this location. | main.go:17:12:17:19 | password | Sensitive data returned by an access to password | -| main.go:18:17:18:24 | password | main.go:18:17:18:24 | password | main.go:18:17:18:24 | password | $@ is logged at this location. | main.go:18:17:18:24 | password | Sensitive data returned by an access to password | -| main.go:22:29:22:34 | fields | main.go:21:19:21:26 | password : string | main.go:22:29:22:34 | fields | $@ is logged at this location. | main.go:21:19:21:26 | password | Sensitive data returned by an access to password | -| main.go:25:35:25:42 | password | main.go:25:35:25:42 | password | main.go:25:35:25:42 | password | $@ is logged at this location. | main.go:25:35:25:42 | password | Sensitive data returned by an access to password | -| overrides.go:13:14:13:23 | call to String | overrides.go:9:9:9:16 | password : string | overrides.go:13:14:13:23 | call to String | $@ is logged at this location. | overrides.go:9:9:9:16 | password | Sensitive data returned by an access to password | -| passwords.go:9:14:9:14 | x | passwords.go:30:8:30:15 | password : string | passwords.go:9:14:9:14 | x | $@ is logged at this location. | passwords.go:30:8:30:15 | password | Sensitive data returned by an access to password | -| passwords.go:25:14:25:21 | password | passwords.go:25:14:25:21 | password | passwords.go:25:14:25:21 | password | $@ is logged at this location. | passwords.go:25:14:25:21 | password | Sensitive data returned by an access to password | -| passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | $@ is logged at this location. | passwords.go:26:14:26:23 | selection of password | Sensitive data returned by an access to password | -| passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | $@ is logged at this location. | passwords.go:27:14:27:26 | call to getPassword | Sensitive data returned by a call to getPassword | -| passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | $@ is logged at this location. | passwords.go:28:14:28:28 | call to getPassword | Sensitive data returned by a call to getPassword | -| passwords.go:28:14:28:28 | call to getPassword | util.go:16:9:16:18 | selection of password : string | passwords.go:28:14:28:28 | call to getPassword | $@ is logged at this location. | util.go:16:9:16:18 | selection of password | Sensitive data returned by an access to password | -| passwords.go:32:12:32:19 | password | passwords.go:32:12:32:19 | password | passwords.go:32:12:32:19 | password | $@ is logged at this location. | passwords.go:32:12:32:19 | password | Sensitive data returned by an access to password | -| passwords.go:34:14:34:35 | ...+... | passwords.go:34:28:34:35 | password : string | passwords.go:34:14:34:35 | ...+... | $@ is logged at this location. | passwords.go:34:28:34:35 | password | Sensitive data returned by an access to password | -| passwords.go:39:14:39:17 | obj1 | passwords.go:37:13:37:13 | x : string | passwords.go:39:14:39:17 | obj1 | $@ is logged at this location. | passwords.go:37:13:37:13 | x | Sensitive data returned by an access to password | -| passwords.go:44:14:44:17 | obj2 | passwords.go:42:6:42:13 | password : string | passwords.go:44:14:44:17 | obj2 | $@ is logged at this location. | passwords.go:42:6:42:13 | password | Sensitive data returned by an access to password | -| passwords.go:47:14:47:17 | obj3 | passwords.go:48:11:48:18 | password : string | passwords.go:47:14:47:17 | obj3 | $@ is logged at this location. | passwords.go:48:11:48:18 | password | Sensitive data returned by an access to password | -| passwords.go:51:14:51:27 | fixed_password | passwords.go:51:14:51:27 | fixed_password | passwords.go:51:14:51:27 | fixed_password | $@ is logged at this location. | passwords.go:51:14:51:27 | fixed_password | Sensitive data returned by an access to fixed_password | -| passwords.go:88:14:88:26 | utilityObject | passwords.go:86:16:86:36 | call to make : map type | passwords.go:88:14:88:26 | utilityObject | $@ is logged at this location. | passwords.go:86:16:86:36 | call to make | Sensitive data returned by an access to passwordSet | -| passwords.go:91:23:91:28 | secret | passwords.go:90:12:90:19 | password : string | passwords.go:91:23:91:28 | secret | $@ is logged at this location. | passwords.go:90:12:90:19 | password | Sensitive data returned by an access to password | -| passwords.go:101:15:101:40 | ...+... | passwords.go:101:33:101:40 | password : string | passwords.go:101:15:101:40 | ...+... | $@ is logged at this location. | passwords.go:101:33:101:40 | password | Sensitive data returned by an access to password | -| passwords.go:107:16:107:41 | ...+... | passwords.go:107:34:107:41 | password : string | passwords.go:107:16:107:41 | ...+... | $@ is logged at this location. | passwords.go:107:34:107:41 | password | Sensitive data returned by an access to password | -| passwords.go:112:15:112:40 | ...+... | passwords.go:112:33:112:40 | password : string | passwords.go:112:15:112:40 | ...+... | $@ is logged at this location. | passwords.go:112:33:112:40 | password | Sensitive data returned by an access to password | -| passwords.go:116:14:116:45 | ...+... | passwords.go:116:28:116:36 | password1 : stringable | passwords.go:116:14:116:45 | ...+... | $@ is logged at this location. | passwords.go:116:28:116:36 | password1 | Sensitive data returned by an access to password1 | -| passwords.go:125:14:125:19 | config | passwords.go:119:13:119:13 | x : string | passwords.go:125:14:125:19 | config | $@ is logged at this location. | passwords.go:119:13:119:13 | x | Sensitive data returned by an access to password | -| passwords.go:125:14:125:19 | config | passwords.go:121:13:121:20 | password : string | passwords.go:125:14:125:19 | config | $@ is logged at this location. | passwords.go:121:13:121:20 | password | Sensitive data returned by an access to password | -| passwords.go:125:14:125:19 | config | passwords.go:122:13:122:25 | call to getPassword : string | passwords.go:125:14:125:19 | config | $@ is logged at this location. | passwords.go:122:13:122:25 | call to getPassword | Sensitive data returned by a call to getPassword | -| passwords.go:126:14:126:21 | selection of x | passwords.go:121:13:121:20 | password : string | passwords.go:126:14:126:21 | selection of x | $@ is logged at this location. | passwords.go:121:13:121:20 | password | Sensitive data returned by an access to password | -| passwords.go:127:14:127:21 | selection of y | passwords.go:122:13:122:25 | call to getPassword : string | passwords.go:127:14:127:21 | selection of y | $@ is logged at this location. | passwords.go:122:13:122:25 | call to getPassword | Sensitive data returned by a call to getPassword | +| klog.go:22:15:22:20 | header | klog.go:20:30:20:37 | selection of Header : Header | klog.go:22:15:22:20 | header | $@ flows to a logging call. | klog.go:20:30:20:37 | selection of Header | Sensitive data returned by HTTP request headers | +| klog.go:28:13:28:41 | call to Get | klog.go:28:13:28:20 | selection of Header : Header | klog.go:28:13:28:41 | call to Get | $@ flows to a logging call. | klog.go:28:13:28:20 | selection of Header | Sensitive data returned by HTTP request headers | +| main.go:15:14:15:21 | password | main.go:15:14:15:21 | password | main.go:15:14:15:21 | password | $@ flows to a logging call. | main.go:15:14:15:21 | password | Sensitive data returned by an access to password | +| main.go:17:12:17:19 | password | main.go:17:12:17:19 | password | main.go:17:12:17:19 | password | $@ flows to a logging call. | main.go:17:12:17:19 | password | Sensitive data returned by an access to password | +| main.go:18:17:18:24 | password | main.go:18:17:18:24 | password | main.go:18:17:18:24 | password | $@ flows to a logging call. | main.go:18:17:18:24 | password | Sensitive data returned by an access to password | +| main.go:22:29:22:34 | fields | main.go:21:19:21:26 | password : string | main.go:22:29:22:34 | fields | $@ flows to a logging call. | main.go:21:19:21:26 | password | Sensitive data returned by an access to password | +| main.go:25:35:25:42 | password | main.go:25:35:25:42 | password | main.go:25:35:25:42 | password | $@ flows to a logging call. | main.go:25:35:25:42 | password | Sensitive data returned by an access to password | +| overrides.go:13:14:13:23 | call to String | overrides.go:9:9:9:16 | password : string | overrides.go:13:14:13:23 | call to String | $@ flows to a logging call. | overrides.go:9:9:9:16 | password | Sensitive data returned by an access to password | +| passwords.go:9:14:9:14 | x | passwords.go:30:8:30:15 | password : string | passwords.go:9:14:9:14 | x | $@ flows to a logging call. | passwords.go:30:8:30:15 | password | Sensitive data returned by an access to password | +| passwords.go:25:14:25:21 | password | passwords.go:25:14:25:21 | password | passwords.go:25:14:25:21 | password | $@ flows to a logging call. | passwords.go:25:14:25:21 | password | Sensitive data returned by an access to password | +| passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | $@ flows to a logging call. | passwords.go:26:14:26:23 | selection of password | Sensitive data returned by an access to password | +| passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | $@ flows to a logging call. | passwords.go:27:14:27:26 | call to getPassword | Sensitive data returned by a call to getPassword | +| passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | $@ flows to a logging call. | passwords.go:28:14:28:28 | call to getPassword | Sensitive data returned by a call to getPassword | +| passwords.go:28:14:28:28 | call to getPassword | util.go:16:9:16:18 | selection of password : string | passwords.go:28:14:28:28 | call to getPassword | $@ flows to a logging call. | util.go:16:9:16:18 | selection of password | Sensitive data returned by an access to password | +| passwords.go:32:12:32:19 | password | passwords.go:32:12:32:19 | password | passwords.go:32:12:32:19 | password | $@ flows to a logging call. | passwords.go:32:12:32:19 | password | Sensitive data returned by an access to password | +| passwords.go:34:14:34:35 | ...+... | passwords.go:34:28:34:35 | password : string | passwords.go:34:14:34:35 | ...+... | $@ flows to a logging call. | passwords.go:34:28:34:35 | password | Sensitive data returned by an access to password | +| passwords.go:39:14:39:17 | obj1 | passwords.go:37:13:37:13 | x : string | passwords.go:39:14:39:17 | obj1 | $@ flows to a logging call. | passwords.go:37:13:37:13 | x | Sensitive data returned by an access to password | +| passwords.go:44:14:44:17 | obj2 | passwords.go:42:6:42:13 | password : string | passwords.go:44:14:44:17 | obj2 | $@ flows to a logging call. | passwords.go:42:6:42:13 | password | Sensitive data returned by an access to password | +| passwords.go:47:14:47:17 | obj3 | passwords.go:48:11:48:18 | password : string | passwords.go:47:14:47:17 | obj3 | $@ flows to a logging call. | passwords.go:48:11:48:18 | password | Sensitive data returned by an access to password | +| passwords.go:51:14:51:27 | fixed_password | passwords.go:51:14:51:27 | fixed_password | passwords.go:51:14:51:27 | fixed_password | $@ flows to a logging call. | passwords.go:51:14:51:27 | fixed_password | Sensitive data returned by an access to fixed_password | +| passwords.go:88:14:88:26 | utilityObject | passwords.go:86:16:86:36 | call to make : map type | passwords.go:88:14:88:26 | utilityObject | $@ flows to a logging call. | passwords.go:86:16:86:36 | call to make | Sensitive data returned by an access to passwordSet | +| passwords.go:91:23:91:28 | secret | passwords.go:90:12:90:19 | password : string | passwords.go:91:23:91:28 | secret | $@ flows to a logging call. | passwords.go:90:12:90:19 | password | Sensitive data returned by an access to password | +| passwords.go:101:15:101:40 | ...+... | passwords.go:101:33:101:40 | password : string | passwords.go:101:15:101:40 | ...+... | $@ flows to a logging call. | passwords.go:101:33:101:40 | password | Sensitive data returned by an access to password | +| passwords.go:107:16:107:41 | ...+... | passwords.go:107:34:107:41 | password : string | passwords.go:107:16:107:41 | ...+... | $@ flows to a logging call. | passwords.go:107:34:107:41 | password | Sensitive data returned by an access to password | +| passwords.go:112:15:112:40 | ...+... | passwords.go:112:33:112:40 | password : string | passwords.go:112:15:112:40 | ...+... | $@ flows to a logging call. | passwords.go:112:33:112:40 | password | Sensitive data returned by an access to password | +| passwords.go:116:14:116:45 | ...+... | passwords.go:116:28:116:36 | password1 : stringable | passwords.go:116:14:116:45 | ...+... | $@ flows to a logging call. | passwords.go:116:28:116:36 | password1 | Sensitive data returned by an access to password1 | +| passwords.go:125:14:125:19 | config | passwords.go:119:13:119:13 | x : string | passwords.go:125:14:125:19 | config | $@ flows to a logging call. | passwords.go:119:13:119:13 | x | Sensitive data returned by an access to password | +| passwords.go:125:14:125:19 | config | passwords.go:121:13:121:20 | password : string | passwords.go:125:14:125:19 | config | $@ flows to a logging call. | passwords.go:121:13:121:20 | password | Sensitive data returned by an access to password | +| passwords.go:125:14:125:19 | config | passwords.go:122:13:122:25 | call to getPassword : string | passwords.go:125:14:125:19 | config | $@ flows to a logging call. | passwords.go:122:13:122:25 | call to getPassword | Sensitive data returned by a call to getPassword | +| passwords.go:126:14:126:21 | selection of x | passwords.go:121:13:121:20 | password : string | passwords.go:126:14:126:21 | selection of x | $@ flows to a logging call. | passwords.go:121:13:121:20 | password | Sensitive data returned by an access to password | +| passwords.go:127:14:127:21 | selection of y | passwords.go:122:13:122:25 | call to getPassword : string | passwords.go:127:14:127:21 | selection of y | $@ flows to a logging call. | passwords.go:122:13:122:25 | call to getPassword | Sensitive data returned by a call to getPassword |