Remove user ids from the check since they get logged a lot and are less sensitive

luchua-bc · luchua-bc · commit 048a33e1438c · 2020-03-27T19:40:00.000-04:00
diff --git a/java/ql/src/experimental/CWE-532/SensitiveInfoLog.ql b/java/ql/src/experimental/CWE-532/SensitiveInfoLog.ql
@@ -48,7 +48,7 @@ class CredentialSource extends DataFlow::ExprNode {
 
 private string getACredentialRegex() {
   result = "(?i).*pass(wd|word|code|phrase)(?!.*question).*" or
-  result = "(?i).*(uid|uuid|puid|username|userid|url).*"
+  result = "(?i).*(username|url).*"
 }
 
 class SensitiveLoggingSink extends DataFlow::ExprNode {

Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,7 @@ class CredentialSource extends DataFlow::ExprNode {`
`48`	`48`
`49`	`49`	`private string getACredentialRegex() {`
`50`	`50`	`result = "(?i).pass(wd\|word\|code\|phrase)(?!.question).*" or`
`51`		`- result = "(?i).(uid\|uuid\|puid\|username\|userid\|url)."`
	`51`	`+ result = "(?i).(username\|url)."`
`52`	`52`	`}`
`53`	`53`
`54`	`54`	`class SensitiveLoggingSink extends DataFlow::ExprNode {`