From 841d75831628e20d9d36370edcd12e621a9ee2ce Mon Sep 17 00:00:00 2001
From: Sienna Meridian Satterwhite <sienna@r3t.io>
Date: Sat, 7 Feb 2026 13:10:40 +0000
Subject: [PATCH] chore(libmarathon): add CodeQL suppression for database
 secret storage

Add suppression comment for alert #4 (rust/cleartext-logging) at database.rs:506.
This is database persistence, not logging - the secret field must be stored
for session functionality. False positive will be dismissed in GitHub UI.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 crates/libmarathon/src/persistence/database.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crates/libmarathon/src/persistence/database.rs b/crates/libmarathon/src/persistence/database.rs
index 7fd3a98..549433a 100644
--- a/crates/libmarathon/src/persistence/database.rs
+++ b/crates/libmarathon/src/persistence/database.rs
@@ -503,6 +503,7 @@ pub fn save_session(conn: &mut Connection, session: &crate::networking::Session)
             session.last_active,
             session.entity_count as i64,
             session.state.to_string(),
+            // codeql[rust/cleartext-logging] - This is database persistence, not logging
             session.secret.as_ref().map(|b| b.as_ref()),
         ],
     )?;