diff --git a/ql/src/semmle/go/security/CleartextLoggingCustomizations.qll b/ql/src/semmle/go/security/CleartextLoggingCustomizations.qll
index 39106dca4f2..c7f08faac64 100644
--- a/ql/src/semmle/go/security/CleartextLoggingCustomizations.qll
+++ b/ql/src/semmle/go/security/CleartextLoggingCustomizations.qll
@@ -12,6 +12,11 @@ module CleartextLogging {
    * A data-flow source for clear-text logging of sensitive information.
    */
   abstract class Source extends DataFlow::Node {
+    Source() {
+      // hard-coded strings are uninteresting
+      not exists(getStringValue())
+    }
+
     /** Gets a string that describes the type of this data-flow source. */
     abstract string describe();
   }
diff --git a/ql/test/query-tests/Security/CWE-312/passwords.go b/ql/test/query-tests/Security/CWE-312/passwords.go
index b0dfb034494..777fceb9374 100644
--- a/ql/test/query-tests/Security/CWE-312/passwords.go
+++ b/ql/test/query-tests/Security/CWE-312/passwords.go
@@ -126,3 +126,9 @@ func test() {
 	log.Println(config.x)        // NOT OK
 	log.Println(config.y)        // NOT OK
 }
+
+const password = "horsebatterystaplecorrect"
+
+func test2() {
+	log.Println(password) // OK
+}