File tree Expand file tree Collapse file tree 1 file changed +3
-3
lines changed
java/ql/src/Security/CWE/CWE-532 Expand file tree Collapse file tree 1 file changed +3
-3
lines changed Original file line number Diff line number Diff line change 11/**
22 * @name Insertion of sensitive information into log files
3- * @description Writing sensitive information to log files can give valuable
4- * guidance to an attacker or expose sensitive user information .
3+ * @description Writing sensitive information to log files can allow that
4+ * information to be leaked to an attacker more easily .
55 * @kind path-problem
66 * @problem.severity warning
77 * @precision medium
@@ -20,7 +20,7 @@ import PathGraph
2020/**
2121 * Gets a regular expression for matching names of variables that indicate the value being held may contain sensitive information
2222 */
23- private string getACredentialRegex ( ) { result = "(?i)( .*username|url) .*" }
23+ private string getACredentialRegex ( ) { result = "(?i).*username.*" }
2424
2525/** Variable keeps sensitive information judging by its name * */
2626class CredentialExpr extends Expr {
You can’t perform that action at this time.
0 commit comments