Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Jan 5, 2023. It is now read-only.

Commit eda858e

Browse files
Sauyon LeeGitHub Enterprise
Sauyon Lee
authored and
GitHub Enterprise
committed
Merge pull request #184 from max/cleartext-logging-constant
Teach `CleartextLogging` not to flag constant sources.
2 parents 50cde34 + 616d78e commit eda858e

File tree

2 files changed

+11
-0
lines changed

2 files changed

+11
-0
lines changed

ql/src/semmle/go/security/CleartextLoggingCustomizations.qll

+5
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,11 @@ module CleartextLogging {
1212
* A data-flow source for clear-text logging of sensitive information.
1313
*/
1414
abstract class Source extends DataFlow::Node {
15+
Source() {
16+
// hard-coded strings are uninteresting
17+
not exists(getStringValue())
18+
}
19+
1520
/** Gets a string that describes the type of this data-flow source. */
1621
abstract string describe();
1722
}

ql/test/query-tests/Security/CWE-312/passwords.go

+6
Original file line numberDiff line numberDiff line change
@@ -126,3 +126,9 @@ func test() {
126126
log.Println(config.x) // NOT OK
127127
log.Println(config.y) // NOT OK
128128
}
129+
130+
const password = "horsebatterystaplecorrect"
131+
132+
func test2() {
133+
log.Println(password) // OK
134+
}

0 commit comments

Comments
 (0)