CleartextLogging.qhelp needs more help

[jsoref]

codeql/go/ql/src/Security/CWE-312/CleartextLogging.qhelp

Lines 8 to 9 in 590e93d

	Sensitive information that is logged unencrypted is accessible to an attacker
	who gains access to the logs.

https://github.com/check-spelling-sandbox/argo-cd/security/code-scanning/7

cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go:49

			case strings.HasPrefix(os.Args[1], "Username"):
				fmt.Println(creds.Username)
			case strings.HasPrefix(os.Args[1], "Password"):
				fmt.Println(creds.Password)
 flows to a logging call.
CodeQL
			default:
				errors.CheckError(fmt.Errorf("unknown credential type '%s'", os.Args[1]))
			}

It's true, this code is printing a password, that's its job. it's a git credential.helper program.

This isn't "logging" a password, it's intentionally "printing" the password.

How does one tell CodeQL that this is intended behavior? Is the only real option to wait for #11427?

The help should say:

<p>
Be aware that the purpose of some programs is to print output.
Do not file tickets complaining about programs doing their jobs, it will not win you any warm fuzzies.
</p>

[jsoref]

Maybe the advice should be:

If this is intentional, use fmt.Stringer.String

with an example of how to use it. (I can't tell if that works, but 7b903dd seems to hint that it might.)