remove url from sensitive info regex

joefarebrother · joefarebrother · commit 6c05f7a81ad2 · 2022-03-04T10:37:05.000Z
diff --git a/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql b/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql
@@ -1,7 +1,7 @@
 /**
  * @name Insertion of sensitive information into log files
- * @description Writing sensitive information to log files can give valuable
- *              guidance to an attacker or expose sensitive user information.
+ * @description Writing sensitive information to log files can allow that
+ *              information to be leaked to an attacker more easily.
  * @kind path-problem
  * @problem.severity warning
  * @precision medium
@@ -20,7 +20,7 @@ import PathGraph
 /**
  * Gets a regular expression for matching names of variables that indicate the value being held may contain sensitive information
  */
-private string getACredentialRegex() { result = "(?i)(.*username|url).*" }
+private string getACredentialRegex() { result = "(?i).*username.*" }
 
 /** Variable keeps sensitive information judging by its name * */
 class CredentialExpr extends Expr {
