diff --git a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
index c599756a81c..d46d35ab0cc 100644
--- a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
@@ -12,7 +12,8 @@ class VariableWithSensitiveName extends Variable {
   VariableWithSensitiveName() {
     exists(string name | name = this.getName() |
       name.regexpMatch(getCommonSensitiveInfoRegex()) and
-      not name.regexpMatch("(?i).*null.*")
+      not name.regexpMatch("(?i).*null.*") and
+      name != "tokenImage" // appears in parser code generated by JavaCC
     )
   }
 }
diff --git a/java/ql/src/change-notes/2024-03-24-sensitive-log-whitelist-tokenimage.md b/java/ql/src/change-notes/2024-03-24-sensitive-log-whitelist-tokenimage.md
new file mode 100644
index 00000000000..017e5abd7ee
--- /dev/null
+++ b/java/ql/src/change-notes/2024-03-24-sensitive-log-whitelist-tokenimage.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Variables named `tokenImage` are no longer sources for  the `java/sensitive-log` query. This is because this variable name is used in parsing code generated by JavaCC, so it causes a large number of false positive alerts.
diff --git a/java/ql/test/query-tests/security/CWE-532/TokenSequenceParserTest.java b/java/ql/test/query-tests/security/CWE-532/TokenSequenceParserTest.java
new file mode 100644
index 00000000000..0a24c32f26a
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-532/TokenSequenceParserTest.java
@@ -0,0 +1,27 @@
+import org.apache.logging.log4j.Logger;
+
+interface TokenSequenceParserConstants {
+  /** Literal token values. */
+  String[] tokenImage = {
+    "<EOF>",
+  };
+}
+
+public class TokenSequenceParserTest implements TokenSequenceParserConstants {
+    void test(String password) {
+        Logger logger = null;
+
+        logger.info("When parsing found this: " + tokenImage[0]); // Safe
+    }
+
+}
+
+class ParseExceptionTest extends Exception {
+    String[] tokenImage;
+
+    void test() {
+        Logger logger = null;
+
+        logger.info("When parsing found this: " + tokenImage[0]); // Safe
+    }
+}