Open DefinetlyNotAI opened 1 month ago
Thank you for this false positive report. Resolving this issue is not a current product priority, but we acknowledge the report and will track it internally for future consideration, or if we observe repeated instances of the same problem.
In your case it looks like CodeQL treats the entire tuple as tainted without distinguishing the individual components of the tuple.
Description of the false positive
Sometimes when a variable either stores a tuple containing a password and a username and then the username is logged into a file directly after the tuple is split, codeql assumes the username variable is a password, thus reporting Clear-text storage of sensitive information
Code samples or links to source code
URL to the alert on GitHub code scanning (optional)
https://github.com/DefinetlyNotAI/Test-generator/security/code-scanning/50