Apply suggestions from code review

owen-mc · smowton · owen-mc · commit ac6c4add1480 · 2024-03-24T20:20:37.000Z
Co-authored-by: Chris Smowton &lt;smowton@github.com&gt;
diff --git a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
@@ -13,7 +13,7 @@ class VariableWithSensitiveName extends Variable {
     exists(string name | name = this.getName() |
       name.regexpMatch(getCommonSensitiveInfoRegex()) and
       not name.regexpMatch("(?i).*null.*") and
-      not name.matches("tokenImage") // appears in parser code generated by JavaCC
+      name != "tokenImage" // appears in parser code generated by JavaCC
     )
   }
 }
diff --git a/java/ql/src/change-notes/2024-03-24-sensitive-log-whitelist-tokenimage.md b/java/ql/src/change-notes/2024-03-24-sensitive-log-whitelist-tokenimage.md
@@ -1,4 +1,4 @@
 ---
 category: minorAnalysis
 ---
-* Variables named `tokenImage` are no longer sources for  the `java/sensitive-log` query. This is because this variable name is used in parsing code generated by JavaCC, so it causes a larger number of false positive alerts.
+* Variables named `tokenImage` are no longer sources for  the `java/sensitive-log` query. This is because this variable name is used in parsing code generated by JavaCC, so it causes a large number of false positive alerts.

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ class VariableWithSensitiveName extends Variable {`
`13`	`13`	`exists(string name \| name = this.getName() \|`
`14`	`14`	`name.regexpMatch(getCommonSensitiveInfoRegex()) and`
`15`	`15`	`not name.regexpMatch("(?i).null.") and`
`16`		`- not name.matches("tokenImage") // appears in parser code generated by JavaCC`
	`16`	`+ name != "tokenImage" // appears in parser code generated by JavaCC`
`17`	`17`	`)`
`18`	`18`	`}`
`19`	`19`	`}`