import javascript

class PasswordTracker extends DataFlow::Configuration {
  PasswordTracker() {
    // unique identifier for this configuration
    this = "PasswordTracker"
  }

  override predicate isSource(DataFlow::Node nd) { nd.asExpr() instanceof StringLiteral }

  override predicate isSink(DataFlow::Node nd) { this.passwordVarAssign(_, nd) }

  predicate passwordVarAssign(Variable v, DataFlow::Node nd) {
    v.getAnAssignedExpr() = nd.asExpr() and
    v.getName().toLowerCase() = "password"
  }
}

query predicate test_query17(DataFlow::Node sink, string res) {
  exists(PasswordTracker pt, Variable v | pt.hasFlow(_, sink) and pt.passwordVarAssign(v, sink) |
    res = "Password variable " + v.toString() + " is assigned a constant string."
  )
}