From f5633f8dbe4ce9cd3c04015444070f3f7f5f02da Mon Sep 17 00:00:00 2001
From: Georges-Antoine Assi <contact@me.gantoine.com>
Date: Tue, 23 Jun 2026 21:47:02 -0400
Subject: [PATCH] Don't echo seeded password in test data generator

CodeQL flags the value as clear-text logging of sensitive info. Print the
username and reference the --password flag instead of its value.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 backend/scripts/generate_test_data.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend/scripts/generate_test_data.py b/backend/scripts/generate_test_data.py
index b43d9e377..0215d8901 100644
--- a/backend/scripts/generate_test_data.py
+++ b/backend/scripts/generate_test_data.py
@@ -1461,7 +1461,8 @@ def main() -> int:
         print(f"  {'images (png)':<20} {images_written:>12,}")
     if not args.dry_run and user_rows:
         print(
-            f"\nLogin with username '{user_rows[0]['username']}' / password '{args.password}'."
+            f"\nLogin with username '{user_rows[0]['username']}' "
+            "and the password passed via --password (default: 'password')."
         )
     return 0